From: Simon Glass <sjg@chromium.org> Add a few Kconfig options to allow PKCS#5 (PBKDF2) to be used within U-Boot Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <sjg@chromium.org> --- lib/mbedtls/Kconfig | 14 ++++++++++++++ lib/mbedtls/Makefile | 2 ++ lib/mbedtls/mbedtls_def_config.h | 4 ++++ 3 files changed, 20 insertions(+) diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index 789721ee6cd..2af043ba5b1 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -231,6 +231,13 @@ config HKDF_MBEDTLS This option enables support of key derivation using HKDF algorithm with MbedTLS crypto library. +config PKCS5_MBEDTLS + bool "Enable PKCS#5 support with MbedTLS crypto library" + depends on MBEDTLS_LIB_CRYPTO + help + This option enables support of PKCS#5 functions (PBKDF2) with + MbedTLS crypto library. Required for LUKS decryption. + endif # MBEDTLS_LIB_CRYPTO config MBEDTLS_LIB_X509 @@ -489,6 +496,13 @@ config SPL_HKDF_MBEDTLS This option enables support of key derivation using HKDF algorithm with MbedTLS crypto library in SPL. +config SPL_PKCS5_MBEDTLS + bool "Enable PKCS#5 support with MbedTLS crypto library (SPL)" + depends on SPL_MBEDTLS_LIB_CRYPTO + help + This option enables support of PKCS#5 functions (PBKDF2) with + MbedTLS crypto library in SPL. Required for LUKS decryption. + endif # SPL_MBEDTLS_LIB_CRYPTO config SPL_MBEDTLS_LIB_X509 diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index c5b445bd85c..0506a5a6b3e 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -35,6 +35,8 @@ mbedtls_lib_crypto-$(CONFIG_$(PHASE_)SHA512_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/sha512.o mbedtls_lib_crypto-$(CONFIG_$(PHASE_)HKDF_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/hkdf.o +mbedtls_lib_crypto-$(CONFIG_$(PHASE_)PKCS5_MBEDTLS) += \ + $(MBEDTLS_LIB_DIR)/pkcs5.o # MbedTLS X509 library obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h index dda3f4dd6e4..9e3beed07f4 100644 --- a/lib/mbedtls/mbedtls_def_config.h +++ b/lib/mbedtls/mbedtls_def_config.h @@ -60,6 +60,10 @@ #define MBEDTLS_HKDF_C #endif +#if CONFIG_IS_ENABLED(PKCS5_MBEDTLS) +#define MBEDTLS_PKCS5_C +#endif + #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) -- 2.43.0