libmetal itself isn't an ipc library, its a generic HAL abstraction
library so move it into ext/hal where it belongs.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Origin:
https://github.com/OpenAMP/open-amp
Status:
de361adee09cd31793c60218a0ec49bc307a7410 [v2018.04]
When we import open-amp we removed the apps dir to reduce the amount
of code imported.
Purpose:
IPC layer that implements rpmsg communication between cores.
Description:
This repository is the home for the Open Asymmetric Multi Processing
(OpenAMP) framework project. The OpenAMP framework provides software
components that enable development of software applications for
Asymmetric Multiprocessing (AMP) systems. The framework provides the
following key capabilities.
* Provides Life Cycle Management, and Inter Processor Communication
capabilities for management of remote compute resources and their
associated software contexts.
* Provides a stand alone library usable with RTOS and Baremetal software
environments
* Compatibility with upstream Linux remoteproc and rpmsg components
* Following AMP configurations supported:
a. Linux master/Generic(Baremetal) remote
b. Generic(Baremetal) master/Linux remote
* Proxy infrastructure and supplied demos showcase ability of proxy on
master to handle printf, scanf, open, close, read, write calls from
Bare metal based remote contexts.
Dependencies:
libmetal (https://github.com/OpenAMP/libmetal) - provides HAL layer
between OpenAMP and RTOS or OS environment.
URL:
https://github.com/OpenAMP/open-amp/
commit:
de361adee09cd31793c60218a0ec49bc307a7410
Maintained-by:
External
License:
BSD-3-Clause
BSD-2-Clause
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Origin:
https://github.com/OpenAMP/libmetal
Status:
606c31438025b9fb1515dace1c642d5835d8d33c [v2018.04]
When we import libmetal we removed the tests/ and examples/ dir to
reduce the amount of code imported.
Purpose:
HAL abstraction layer used by open-amp
Description:
Libmetal provides common user APIs to access devices, handle device
interrupts and request memory across the following operating
environments:
* Linux user space (based on UIO and VFIO support in the kernel)
* RTOS (with and without virtual memory)
* Bare-metal environments
Dependencies:
Depends on Zephyr itself as it utilizes Zephyr's APIs to provide an
abstraction to open-amp.
URL:
https://github.com/OpenAMP/libmetal
commit:
606c31438025b9fb1515dace1c642d5835d8d33c
Maintained-by:
External
License:
BSD-3-Clause
License Link:
https://github.com/OpenAMP/libmetal/blob/master/LICENSE.md
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This updates mbedTLS to 2.8.0, which fixes CVEs 2018-0488 and
2048-0487, that affects 2.7.0.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
half-FP feature requires <math.h> form newlib_libc. It was include
wrongly by default. This path fix conduction for related include
directive.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This path make logic for enabling float and half-float
support positive driven and fix NEWLIB_LIBC selections for
these features.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Selecting a choice symbol is always a no-op, and the latest version of
Kconfiglib prints a warning. This commit removes all selects of choice
symbols, which might make the Kconfig files a bit clearer and gets rid
of the warnings.
This is just a dumb removal. I did not try to guess the intent of each
select.
Fixes#6849
Signed-off-by: Ulf Magnusson <ulfalizer@gmail.com>
Instead of CONFIG_COAP_MBEDTLS_SSL_MAX_CONTENT_LEN, use recently
introduced CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This value allows to set max payload length of a TLS protocol
message, and passed thru to mbedTLS as MBEDTLS_SSL_MAX_CONTENT_LEN
setting. The only safe value is 16384, which translates to 32KB
of RAM required just for mbedTLS input/output buffers. Any other
value can be configured *only* per a particular application
(e.g. knowing that it won't pass more than spefific amount of
data at once and/or won't connect to a server with a long cert
chain). Previosuly, we had quite an adhoc and inflexible config
with random values for that setting, based on protocol.
Note that while the safe value is 16384, "backward compatible"
default of 1500 is used (good for DTLS on the other hand).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
With the introduce of VFS the typedef for fs_file_t & fs_dir_t don't
exist anymore so we need to use 'struct fs_dir_t' or 'struct fs_file_t'.
Fix up some places that got missed in the VFS conversion.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This Kconfig 'source' statement had no effect as it was referencing a
non-existing Kconfig file. It is not clear if the intention is to
include-if-exists, but I presume not.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
mbedTLS log level is obviously a mbedTLS config setting. It makes
sense to have it defined in mbedTLS Kconfig, and different parts
of Zephyr to reuse as needed (e.g. net-app vs upcoming TLS wrapper
for sockets).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The goal of mcumgr is to define a common management infrastructure with
pluggable transport and encoding components. In addition, mcumgr
provides definitions and handlers for some core commands: e.g., image
management, file system management, and OS managment.
Origin: mcumgr
License: Apache 2.0
URL: https://github.com/apache/mynewt-mcumgr
commit: 59210e372c927e26637696f2198ff2efe8ea6897
Purpose: Introduction of mcumgr
Maintained-by: External
Signed-off-by: Christopher Collins <ccollins@apache.org>
Fix Kconfig help sections and add spacing to be consistent across all
Kconfig file. In a previous run we missed a few.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The previous default, "config-threadnet.h", is more or less arbitrary
choice made in a commit 312def2c78 1.5 years ago. In particular,
it's not related to Thread support in Zephyr per se (there was no
such support at that time).
It doesn't make sense to have a default intended for a particular,
not widely used (yet) protocol. Instead, the default should work
out of the box with a contemporary widely deployed arrays of TLS
servers, which are HTTPS server. config-mini-tls1_2.h works with
https://google.com, and by extension, with many other servers on
the Internet.
So, have that as the default, and let applications with special
needs to override that to what they need.
Addresses: #6132
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This config enables TLS 1.2 (only), as its name suggests, and
contrary to the (copy-pasted) comments in the file header, so
update these comments.
Fixes: #6131
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
- Make half float encode/decode conditional
- src/cborpretty.c, src/cbortojson.c and src/cborvalidation.c
conditionally include math.h and half float type support
- Conditionally include math.h in src/compilersupport_p.h to avoid
newlib libc from getting compiled in
- Conditionally compile src/cborparser_dup_string.c if newlib libc is
compiled in
Signed-off-by: Vipul Rahane <vipulrahane@apache.org>
The TinyCBOR library is a small Concise Binary Object
Representation (CBOR) encoder and decoder library, optimized for
very fast operation with very small footprint.
Origin: TinyCBOR
License: MIT
URL: https://github.com/intel/tinycbor
Version: 0.5.0-beta1
commit: 497066ee87dd54341adaa1195bf15ad11ee33b20
Purpose: Introduction of TinyCBOR
Maintained-by: External
Signed-off-by: Vipul Rahane <vipulrahane@apache.org>
Due to a security advisory released on February 1st 2018[1], it's
advisable to update mbedTLS to 2.7.0.
The vulnerability, identified as CVE-2018-0488 and CVE-2018-0487, risk
remote code execution when truncated HMAC is enabled or when verifying
RSASSA-PSS signatures.
[1] https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01Fixes: #6025
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Kbuild supported CONFIG_MBEDTLS_LIBRARY and
CONFIG_MBEDTLS_INSTALL_PATH to allow users to link in an externally
built mbedtls. This was not ported over to CMake, causing build
failures when it was kconfig-enabled.
This patch implements this support. This support has been tested
as well as MBEDTLS_LIBRARY was tested in CI.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Ding Tao <miyatsu@qq.com>
CONFIG_MBEDTLS means you are using MBEDTLS
CONFIG_MBEDTLS_BUILTIN means you are using a built-in MDEDTLS
CONFIG_MBEDTLS_LIBRARY means you are using an external MBEDTLS
This patch ensures that you must select one or the other
implementation when MBEDTLS is enabled.
Tested by opening xconfig and observing that when MBEDTLS was enabled,
BUILTIN was automatically enabled, and a radio-button interface
existed to change the implementation.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Ding Tao <miyatsu@qq.com>
mbedTLS include directories will now default to be in the 'app'
include path when mbedTLS has been enabled.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The CoAP samples use an MBEDTLS config "config-coap.h" which could be
re-used by the LwM2M sample, except that most servers use a larger
maximum content length setting of 1500 bytes.
Let's add a CONFIG to set this for users of the CoAP lib and set the
CONFIG value for the samples to the 256 size currently used.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
Version 0.2.8 of this library has been released on Aug 29, and this
patch updates the library from version 0.2.7. A summary of changes
is available at the official repository at:
https://github.com/01org/tinycrypt/releases/tag/v0.2.8
A number of the changes we already had in tree, so the import to sync
with v0.2.8 is pretty minor.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
Mysterious TLS errors are printed if we try to work with too
small crypto buffer when https is enabled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Set default MBEDTLS_HEAP_SIZE to 512 which fixes the driver Kconfig
dependency issues.
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
This should clear up some of the confusion with random number
generators and drivers that obtain entropy from the hardware. Also,
many hardware number generators have limited bandwidth, so it's natural
for their output to be only used for seeding a random number generator.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
When default "n" is selected (as it is by default) this sets:
CONFIG_MBEDTLS_DEBUG="n"
When checked by the existing logic (example shown below) will always
be true and debug will be enabled all the time:
//#if defined(CONFIG_MBEDTLS_DEBUG)
Instead, let's change the config type to "bool" which will be
undefined when set to "n" (by default). The existing #if defined()
checks will work correctly.
NOTE: This fix saves a lot of binary space when MBEDTLS is enabled
due to the amount debug output being compiled in.
Signed-off-by: Michael Scott <michael.scott@linaro.org>
Due to a security advisory released on August 28th 2017[1], it's
advisable to update mbedTLS to 2.6.0.
The vulnerability, identified as CVE-2017-14032, allows bypassing the
authentication of a peer when the authentication mode is configured as
optional (the default is secure, but applications might change the
setting.)
tests/crypto/mbedtls is passing.
[1] https://goo.gl/s4imN6
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This commit fixes the issue reported by Coverity: an array compared
against NULL is always false.
Coverity-CID: 143715
Coverity-CID: 143730
THis patch is ported from below patch:
https://gerrit.zephyrproject.org/r/#/c/7419/
Jira : ZEP-2468
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
This commit fixes the issue reported by Coverity: an array compared
against NULL is always false.
Coverity-CID: 143687
Coverity-CID: 143737
Coverity-CID: 143740
This patch is ported from the below patch:
https://gerrit.zephyrproject.org/r/#/c/7418/
Jira: ZEP-2468
Signed-off-by: Ramakrishna Pallala <ramakrishna.pallala@intel.com>
Zeroing out 2*NUM_ECC_WORDS bytes starting from the `p2` pointer would
not only write 16 bytes to an 8-byte array allocated on the stack, but
also not clear out important arrays such as `_private` and `tmp`.
Moreover, no memory was cleared out before returning from the function,
and there are two exit points.
Properly memset() all private data and use an empty assembly block
referencing the memory region to avoid the memset() calls to be elided
by the compiler.
Ideally, in the future, all stack-allocated variables that contains
sensitive information should be marked with __attribute__((cleanup)), a
GCC extension that calls a function when the variable exits the scope.
This will not only reduce code size, but for other functions with
multiple exit points, also ensure that sensitive data is always
cleared.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
This mbedtls configuration creates support for DTLS. The values
are not optimized for RAM usage, but can be used for various
networking sample applications.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Version 0.2.7 of this library has been released on June 30th, and this
patch updates the library from version 0.2.6. A summary of changes
is available at the official repository at:
https://github.com/01org/tinycrypt/releases/tag/v0.2.7
There were some API changes in this version, so some tests are not
building: ccm_mode, ecc_dh, and ecc_dsa. Fixes to these tests and
subsystems affected by the changes will be provided.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This changes increases content buffer length
MBEDTLS_SSL_MAX_CONTENT_LEN to 1500 bytes so that we can use
this config for echo-client and echo-server network sample
applications which need to send bigger data than 1024 bytes.
Removing MBEDTLS_PEM_PARSE_C as we do not have any cert in PEM
format.
Place various MBEDTLS debug options behind CONFIG_MBEDTLS_DEBUG
Kconfig option which was introduced in previous commit.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add Kconfig option that can be used to enable various debug
options in mbedtls config file.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
As the mbedtls heap is global for the whole device, enable it
during device startup if configured so. The heap size can be
set in config file. There is no default value for the heap as
that depends very much on application needs.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Kumar Gala