Merge pull request #10210 from gilles-peskine-arm/nv-seed-only-3.6

3.6 only: Test a build with entropy only from NV seed
2025-07-06 22:10:34 +08:00 · 2025-07-02 07:50:45 +00:00 · 2025-07-02 07:50:45 +00:00 · a329f398e4
commit a329f398e4
parent 1a22f21b74 361799acbe
3 changed files with 22 additions and 4 deletions
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@ -86,10 +86,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
            # Untested platform-specific optimizations.
            # https://github.com/Mbed-TLS/mbedtls/issues/9588
            'Config: MBEDTLS_HAVE_SSE2',
-            # Obsolete configuration option, to be replaced by
-            # PSA entropy drivers.
-            # https://github.com/Mbed-TLS/mbedtls/issues/8150
-            'Config: MBEDTLS_NO_PLATFORM_ENTROPY',
            # Untested aspect of the platform interface.
            # https://github.com/Mbed-TLS/mbedtls/issues/9589
            'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@ -426,6 +426,23 @@ component_test_psa_external_rng_use_psa_crypto () {
    tests/ssl-opt.sh -f 'Default\|opaque'
 }

+component_test_entropy_nv_seed_only () {
+    msg "build: full minus platform entropy (NV seed only)"
+    scripts/config.py full
+    scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY
+    make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
+
+    msg "build: full minus platform entropy (NV seed only)"
+    make test
+
+    # Check that the library seems to refer to the seedfile, but not to
+    # platform entropy sources.
+    grep seedfile library/platform.o
+    not grep getrandom library/entropy*.o
+    not grep /dev/random library/entropy*.o
+    not grep /dev/.random library/entropy*.o
+}
+
 component_test_psa_inject_entropy () {
    msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
    scripts/config.py full
--- a/tests/suites/test_suite_config.crypto_combinations.data
+++ b/tests/suites/test_suite_config.crypto_combinations.data
@ -1,5 +1,10 @@
 # Interesting combinations of low-level crypto options

+# Entropy: available in mbedtls_entropy_init(), thanks to NV seed, no platform sources, no custom source
+Config: entropy: NV seed only
+depends_on:!MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_NO_PLATFORM_ENTROPY:!MBEDTLS_ENTROPY_HARDWARE_ALT
+pass:
+
 Config: ECC: Weierstrass curves only
 depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:!MBEDTLS_ECP_MONTGOMERY_ENABLED
 pass: