1#------------------------------------------------------------------------------- 2# Copyright (c) 2020-2024, Arm Limited and Contributors. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6#------------------------------------------------------------------------------- 7 8set(MBEDTLS_URL "https://github.com/Mbed-TLS/mbedtls.git" 9 CACHE STRING "Mbed TLS repository URL") 10set(MBEDTLS_REFSPEC "mbedtls-3.6.0" 11 CACHE STRING "Mbed TLS git refspec") 12set(MBEDTLS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-src" 13 CACHE PATH "MbedTLS source directory") 14set(MBEDTLS_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls_install" 15 CACHE PATH "Mbed TLS installation directory") 16set(MBEDTLS_BUILD_TYPE "Release" CACHE STRING "Mbed TLS build type") 17 18find_package(Python3 REQUIRED COMPONENTS Interpreter) 19 20# Mbed TLS has a custom config script that must be ran before invoking CMake. 21# This script configures which components of the project will get built, in our 22# use case only mbedcrypto is necessary. LazyFetch has a PATCH_COMMAND option 23# that was intended to be used for patching the repo after fetch, but before 24# running CMake. However, it can be "misused" in this case to run the Mbed TLS 25# config script. 26set(GIT_OPTIONS 27 GIT_REPOSITORY ${MBEDTLS_URL} 28 GIT_TAG ${MBEDTLS_REFSPEC} 29 GIT_SHALLOW FALSE 30 PATCH_COMMAND 31 git stash 32 COMMAND git branch -f bf-am 33 COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Add-capability-to-selectively-build-libraries.patch 34 COMMAND git reset bf-am 35) 36 37# Only pass libc settings to Mbed TLS if needed. For environments where the standard 38# library is not overridden, this is not needed. 39if(TARGET stdlib::c) 40 include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake) 41 # Save libc settings 42 save_interface_target_properties(TGT stdlib::c PREFIX LIBC) 43 # Translate libc settings to CMake code fragment. Will be inserted into 44 # mbedtls-init-cache.cmake.in when LazyFetch configures the file. 45 translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment) 46 unset_saved_properties(LIBC) 47endif() 48 49include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED) 50LazyFetch_MakeAvailable(DEP_NAME MbedTLS 51 FETCH_OPTIONS ${GIT_OPTIONS} 52 INSTALL_DIR ${MBEDTLS_INSTALL_DIR} 53 PACKAGE_DIR ${MBEDTLS_INSTALL_DIR} 54 CACHE_FILE "${TS_ROOT}/external/MbedTLS/mbedtls-init-cache.cmake.in" 55 SOURCE_DIR "${MBEDTLS_SOURCE_DIR}" 56) 57unset(_cmake_fragment) 58 59# Link the libraries created by Mbed TLS to libc if needed. For environments where the standard 60# library is not overridden, this is not needed. 61if(TARGET stdlib::c) 62 foreach(_mbedtls_tgt IN ITEMS "MbedTLS::mbedcrypto") 63 target_link_libraries(${_mbedtls_tgt} INTERFACE stdlib::c) 64 endforeach() 65 unset(_mbedtls_tgt) 66endif() 67 68# Advertise Mbed TLS provided psa crypto api header file. Can be used with #include MBEDTLS_PSA_CRYPTO_H 69# when it is necessary to explicitly include the mbedtls provided version of psa/crypto.h. 70add_compile_definitions(MBEDTLS_PSA_CRYPTO_H="${MBEDTLS_INSTALL_DIR}/include/psa/crypto.h") 71 72# Advertise the public interface path to allow a deployment to determine what scope to give it 73set(MBEDTLS_PUBLIC_INCLUDE_PATH "${MBEDTLS_INSTALL_DIR}/include" CACHE STRING "Mbedtls public include path") 74