From: Simon Glass <simon.glass@canonical.com> Add a few Kconfig options to support XTS (XEX Tweakable Block Ciphertext Stealing). Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com> --- lib/mbedtls/Makefile | 4 ++++ lib/mbedtls/mbedtls_def_config.h | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 0506a5a6b3e..257f585c013 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -37,6 +37,10 @@ mbedtls_lib_crypto-$(CONFIG_$(PHASE_)HKDF_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/hkdf.o mbedtls_lib_crypto-$(CONFIG_$(PHASE_)PKCS5_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pkcs5.o +mbedtls_lib_crypto-$(CONFIG_$(PHASE_)BLK_LUKS) += \ + $(MBEDTLS_LIB_DIR)/aes.o \ + $(MBEDTLS_LIB_DIR)/cipher.o \ + $(MBEDTLS_LIB_DIR)/cipher_wrap.o # MbedTLS X509 library obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h index 9e3beed07f4..a0578d33ba6 100644 --- a/lib/mbedtls/mbedtls_def_config.h +++ b/lib/mbedtls/mbedtls_def_config.h @@ -64,6 +64,12 @@ #define MBEDTLS_PKCS5_C #endif +#if CONFIG_IS_ENABLED(BLK_LUKS) +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CIPHER_MODE_XTS +#define MBEDTLS_AES_C +#endif + #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) @@ -104,6 +110,7 @@ #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_TLS_C #define MBEDTLS_CIPHER_C +#define MBEDTLS_CIPHER_MODE_XTS #define MBEDTLS_MD_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_AES_C -- 2.43.0