Hi,
Thanks for reporting this issue. As mentioned in the other email thread [1], we are still using mbedTLS 3.3.0 right now and we have not attempted to upgrade to 3.4.0 yet. So thanks for the heads up!
From what you're saying, we need to add support for %c format in TF-A's implementation of snprintf() to solve this issue. This should be pretty forward.
Would you be able to propose a patch to this effect? Otherwise, I think we'll look into this later this month / next month, closer to the v2.9 TF-A release time.
As a stop-gap solution, maybe you could try disabling MBEDTLS_PLATFORM_SNPRINTF_ALT macro in mbedTLS config file [2] in your local tree. AFAIU, this should stop mbedTLS from using TF-A's snprintf and rather use the implementation provided by mbedTLS library (which I assume, supports %c format).
Regards, Sandrine
[1] https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.o...
[2] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/include/dri...
On 4/7/23 11:23, Chen-Yu Yang via TF-A wrote:
Hi, I'm using TF-A 2.8 on mt7986 board, enable TRUSTED_BOARD_BOOT using mbedtls-3.4.0, TF-A BL2 hanged when loading BL31, it seems that BL2 failed to get correct oid in function get_ext(drivers/auth/mbedtls/mbedtls_x509_parser.c) after calling mbedtls_oid_get_numeric_string
mbedtls_oid_get_numeric_string in 3.4.0 uses %c to print part of oid, (https://github.com/Mbed-TLS/mbedtls/blob/v3.4.0/library/oid.c#L864)
but seems that ATF libc's snprintf doesn't support %c format, which causes mbedtls_oid_get_numeric_string to return incorrect oid
oid_str dump in get_ext
oid_str=%c.49.6.1.4.1.4128.2100.1 (mbedtls_oid_get_numeric_string) oid_str=1.3.6.1.4.1.4128.2100.1 (TRUSTED_FW_NVCOUNTER_OID)
I try to change snprintf format %c to %u in mbedtls_oid_get_numeric_string, TF-A boots successfully
Thanks