Modify check generated files script to work with TF PSA Crypto too #8523
Conversation
Signed-off-by: Thomas Daubney <[email protected]>
Make the script work in both Mbed TLS and TF PSA Crypto. Signed-off-by: Thomas Daubney <[email protected]>
tom-daubney-arm
added
enhancement
needs-review
| IN_MBEDTLS=0 | ||
| if [ -d library -a -d include -a -d tests ]; then | ||
| IN_MBEDTLS=1 | ||
| elif [ -d core -a -d include -a -d tests ]; then :; |
There was a problem hiding this comment.
Deciding between mbedtls and tf-psa-crypto from library vs core feels fragile. How about testing the presence of include/mbedtls vs include/tf_psa_crypto?
There was a problem hiding this comment.
Please do it like in all.sh in this PR to keep things consistent. include/tf_psa_crypto was introduced recently thus not used yet in the repo root detection checks. We could use it and in that case we would update all such checks in all *.sh files.
There was a problem hiding this comment.
Sure, will do. I did think that however I thought the way I was doing it here look more consistent within this particular script. Happy to change it though
There was a problem hiding this comment.
Should we introduce a scripts/which_repo.sh? Or a scripts/repo_name.txt?
For Python code there should be a function in build_tree.py.
There was a problem hiding this comment.
@gilles-peskine-arm I am just wondering why doing it this way seems more fragile than using the include directory as you suggest? It's not clear to me why one approach is more robust than the other.
There was a problem hiding this comment.
@gilles-peskine-arm By "use a regular file" do you mean we should simply have a file named mbedtls in the root directory of Mbed TLS and then the same idea of TF-PSA-Crypto and then we test for it's existence with the proposed scripts/which-repo.sh script?
There was a problem hiding this comment.
No, I thought each repository should have a file with the same name, and we'd use the content of that file to identify the repository.
There was a problem hiding this comment.
Cool ok. In this PR I think it is probably best if I do it the way @ronald-cron-arm suggests in his first comment and then I will raise a subsequent PR that implements this file idea and modifies how repo detection is done across both the repositories. Does that sound alright to everyone here?
There was a problem hiding this comment.
The standardisation of repository detection is now being tracked with issue #8524 .
tom-daubney-arm
added
needs-work
priority-high
Add repository detection and conditional setting of library_dir variable. Signed-off-by: Thomas Daubney <[email protected]>
Add further modifications to repo detection and calling the checks. Signed-off-by: Thomas Daubney <[email protected]>
Signed-off-by: Thomas Daubney <[email protected]>
tom-daubney-arm
added
needs-review
|
Note to reviewers: I have changed the repo detection in |
Signed-off-by: Thomas Daubney <[email protected]>
Signed-off-by: Thomas Daubney <[email protected]>
Signed-off-by: Thomas Daubney <[email protected]>
Correct erroneous function call Signed-off-by: Thomas Daubney <[email protected]>
Signed-off-by: Thomas Daubney <[email protected]>
scripts/generate_driver_wrappers.py
Outdated
| @@ -178,8 +178,15 @@ def main() -> int: | |||
|
|
|||
| mbedtls_root = os.path.abspath(args.mbedtls_root) | |||
|
|
|||
| library_dir = '' | |||
There was a problem hiding this comment.
It would be better to change mbedtls_root to repo_root in this file. Then comes up the question of what do we do with:
def_arg_mbedtls_root = build_tree.guess_mbedtls_root()
In build_tree.py, guess_mbedtls_root actually detects the mbedtls or TF-PSA-Crypto root.
Probably we should have in build_tree.py, three functions: guess_repo_root, guess_mbedtls_root and guess_tf_psa_crypto_root and use guess_repo_root here. We would then have:
def_arg_repo_root = build_tree.guess_repo_root()
Otherwise, please look at the occurrences of library in the file and update the ones that have to be updated.
There was a problem hiding this comment.
Ultimately we may need different functions for when Mbed TLS has TF-PSA-crypto as a submodule: guess_repo_root vs guess_crypto_root (currently same as guess_repo_root). I don't think we need guess_mbedtls_root as part of the interface. But it can stay for a while as a transitional alias for guess_repo_root.
For implementation, we can have a single function that works in all cases. The goal of this function is just to find how many times to go to the ultimate parent directory, it doesn't care about the exact names of the toplevel directories.
And maybe we should introduce functions for crypto_core_directory and crypto_builtins_directory?
There was a problem hiding this comment.
And maybe we should introduce functions for
crypto_core_directoryandcrypto_builtins_directory?
In build_tree.py? I am not sure what you mean by that.
There was a problem hiding this comment.
generate_driver_wrappers needs to know where to put its output: that's different in mbedtls vs tpc. This kind of knowledge is the job of build_tree.
There was a problem hiding this comment.
Thus it would be a function in build_tree.py, let's say crypto_core_directory that would return the path of the library directory in the case of mbedtls (directory where the PSA core code is located in mbedtls) and the path to the core directory in the case of TF-PSA-Crypto?
There was a problem hiding this comment.
The work on build_tree seems to get things a bit too far for this PR I'd say. I still feel the need to rename mbedtls_root to repo_root otherwise I would have the impression to let things in a bad state but probably ok to keep
def_arg_repo_root = build_tree.guess_mbedtls_root() for the time being. @tom-daubney-arm @gilles-peskine-arm what do you think?
There was a problem hiding this comment.
This PR is adding dual-repo support to generate_driver_wrappers.py. This involves some new directory name detection code. (library vs core). Since this detection is not specific to generate_driver_wrappers.py, we should add it directly to build_tree.py rather than add it to generate_driver_wrappers.py and do extra work to move it later.
There was a problem hiding this comment.
Thus, what about if we add a function crypto_core_directory in build_tree.py, that returns the path of the library directory in the case of mbedtls (directory that currently contains the PSA core code in mbedtls) and the path to the core directory in the case of TF-PSA-Crypto? Then, when mbedtls is restructured to host TF-PSA-Crypto in the mbedtls case the function will return the path to core as well.
There was a problem hiding this comment.
@ronald-cron-arm This seems sensible to me. Any further work on repository detection is being tracked in #8524 and so can be sorted out when I do that ticket, which will be immediately after this ticket. Is that ok with you @gilles-peskine-arm ?
There was a problem hiding this comment.
I've made what I think are the suggested improvements around variable naming. I may have gone a little further than was intended so I can walk it a back a bit if needed but I have scrubbed all mention of mbedtls in the variable names and functions that are local to scripts/generate_driver_wrappers.py.
Rename some variables in generate_driver_wrappers.py now that the script has to work in two repositories as opposed to just mbed tls. Signed-off-by: Thomas Daubney <[email protected]>
Add crypto_core_directory in build_tree.py so that the libary/core directory can be returned based on what repository we are in. Signed-off-by: Thomas Daubney <[email protected]>
Signed-off-by: Thomas Daubney <[email protected]>
|
Note to reviewers that this is currently not ready for re-review. I still need to address one further issue which I will do tomorrow. |
Signed-off-by: Thomas Daubney <[email protected]>
Signed-off-by: Thomas Daubney <[email protected]>
Signed-off-by: Thomas Daubney <[email protected]>
Signed-off-by: Thomas Daubney <[email protected]>
tom-daubney-arm
added
needs-review
|
Note for reviewers: I think the current CI failures here are a failed job rather than failed tests so please re-review when you can, thanks. @gilles-peskine-arm @ronald-cron-arm |
| root = guess_project_root() | ||
| if looks_like_mbedtls_root(root): | ||
| return root |
There was a problem hiding this comment.
This won't find the mbedtls root if called from a TF-PSA-Crypto submodule of mbedtls. That's ok for now, we'll just have to improve it later.
There was a problem hiding this comment.
Thanks for the heads up, and for the review.
Signed-off-by: Thomas Daubney <[email protected]>
gilles-peskine-arm
added
approved
Description
Modify check generated files script to work with TF PSA Crypto as well as Mbed TLS
Note for reviewers: I am not sure if I am calling all the necessary checks for TF-PSA-Crypto. For example I am unsure if
/scripts/generate_driver_wrappers.pyneeds to be checked on the TF-PSA-Crypto side. If it does then this will need adapting either as part of this work or separately.Also please note, the first commit removes some extraneous whitespace in
lcov.shthat I noticed this morning.PR checklist
Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")
Notes for the submitter
Please refer to the contributing guidelines, especially the
checklist for PR contributors.