Hi All,
Note you may have received another instance of this note but when I
attempted to send to all TF ML's simultaneously it seemed to fail, so
sending to each one at a time. Sorry about that. :/
We've created a Discord Server for real time chats/sharing. This solution
comes at no cost to the project, is set up with channels for each project,
includes a #general channel, and supports direct 1-1 chats between members,
all with the goal of improving collaboration between trustedfirmware.org
developers.
We encourage all to join! :) Instructions for joining can be found on
the TF.org
FAQ page <https://www.trustedfirmware.org/faq/>.
See you all there and please don't hesitate to reach out if you have any
questions!
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
Hi,
I am trying to use a certificate with its public key algorithm is NIST
P-384 and its signature algorithm is ED448.
I am working on ESP board with IDF framework which supports mbedtls. But
when I am trying to use that certificate, I got error message about
'MBEDTLS_ERR_X509_UNKOWN_SIG_ALG'.
So, I thought that maybe mbedtls does not support certificates which signed
with ED448.
Hi,
I am trying to use a certificate with its public key algorithm is NIST
P-384 and its signature algorithm is ED448.
I am working on ESP board with IDF framework which supports mbedtls. But
when I am trying to use that certificate, I got error message about
'MBEDTLS_ERR_X509_UNKOWN_SIG_ALG'.
So, I thought that maybe mbedtls does not support certificates which signed
with ED448.
I've got mbedTLS 3.1.4 and want to use TLS 1.3. My handshake fails very early because I don't have any Pre-Shared Keys. Does mbedTLS TLS1.3 only support PSKs, or can I still use generated session keys as does TLS 1.2? If so, how?
Jeff Thompson | Senior Electrical Engineer - Firmware
+1 704 752 6513 x1394
www.invue.com
[cid:image001.gif@01D9D729.620C6230]
Hello,
I am trying to build MbedTLS on a Mac, as part of a project to support
MbedTLS in the "picoquic" implementation of QUIC. I have a small
problem, probably something of my making. I have cloned the repo on an
"mbedtls" directory, created a "build" subdirectory, and from there
run"cmake ..", which worked fine, and then tried to run "make", which
fails in "generating psa_crypto_driver_wrapper.c" when trying the python
script "generate_driver_wrappers.py" because it cannot find the python
module "jsonschema".
I tried to solve that by installing that module using "pip", and test
programs running python3 do find the "jsonschema". Calling
print(jsonschema.__file__) shows the module is installed in my user
directory:
/users/christianhuitema/Library/python3.9/lib/python/...
Is there a simple way to fix that?
-- Christian Huitema
Hello,
I'm currently engaged in a project where I'm utilizing mbedtls for the management of certificates. Within this project, I'm aiming to integrate a revocation feature using Certificate Revocation Lists (CRLs). However, my search for resources on how to effectively implement a comprehensive certificate revocation process using mbedtls has unfortunately yielded no productive outcomes.
I am concerned about how to first create a crl file and sign it using my self-signed CA, how to revocate a certificate if we need to revocate it, and how to update the CRL, then when parsing the cert how to detect that this certificate has been revocated. ( I am using LPCXpresso55S16 as a client and raspberry pi as a server and I am doing all with coding).
Thank you in advance for your support.
Best regards,
Ahmed.
Hello,
I need some help to setup mbedtls as a CMake subproject, I added it as a subdirectory in my CMakeLists.
However, I can't figure out how to use my own config file for mbedtls (MBEDTLS_CONFIG_FILE option to the file I want as a config file).
When I put my custom config file to the include folder of mbedtls in the place of the original mbedtls_config.h file it works wel,l but it's not a future-proof option for me, is there anyone that could help me with this setup ?
Hi,
I have noticed that PSA driver wrapper function is missing for single part MAC verify function. In the current implementation, it calls the MAC compute wrapper and does the comparison using mbedtls_psa_safer_memcmp.
The hardware I am working on allows the complete process to be offloaded to it. Can we have an option for the same in wrapper layer for PSA for MAC verify ?
Regards,
Ruchika
