From 0f2ef4a896dff5f2d53affbc3b083032e8326cac Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 30 Sep 2025 18:30:32 +0200 Subject: [PATCH] README.md: Update Configuration section Signed-off-by: Ronald Cron --- README.md | 7 ++++--- configs/README.txt | 34 ++++++++++++++++++---------------- 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 0e35fe9aa8..171323c7d0 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,13 @@ Mbed TLS includes the [TF-PSA-Crypto repository](https://github.com/Mbed-TLS/TF- Configuration ------------- +Configuration options related to X.509 and TLS are available in `include/mbedtls/mbedtls_config.h`, while cryptography and platform options are located in the TF-PSA-Crypto configuration file `tf-psa-crypto/include/psa/crypto_config.h`. -Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/mbedtls_config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions). +With the default platform options, Mbed TLS should build out of the box on most systems. -Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS`. +These configuration files can be edited manually, or programmatically using the Python 3 script scripts/config.py (run with --help for usage instructions). -We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt` +We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`. Documentation ------------- diff --git a/configs/README.txt b/configs/README.txt index 86496db013..9e471344ef 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -1,24 +1,26 @@ This directory contains example configuration files. -The examples are generally focused on a particular usage case (eg, support for -a restricted number of ciphersuites) and aim at minimizing resource usage for -this target. They can be used as a basis for custom configurations. +The examples are generally focused on a particular use case (eg, support for +a restricted set of ciphersuites) and aim to minimize resource usage for +the target. They can be used as a basis for custom configurations. -These files are complete replacements for the default mbedtls_config.h. To use one of -them, you can pick one of the following methods: +These files come in pairs and are complete replacements for the default +mbedtls_config.h and crypto_config.h. The two files of a pair share the same or +very similar name, with the crypto file prefixed by "crypto-". Note +that some of the cryptography configuration files may be located in +tf-psa-crypto/configs. -1. Replace the default file include/mbedtls/mbedtls_config.h with the chosen one. +To use one of these pairs, you can pick one of the following methods: -2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly. - For example, using make: +1. Replace the default files include/mbedtls/mbedtls_config.h and + tf-psa-crypto/include/psa/crypto_config.h with the chosen ones. - CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE=''" make +2. Use the MBEDTLS_CONFIG_FILE and TF_PSA_CRYPTO_CONFIG_FILE options of the + CMake build system: - Or, using cmake: + cmake -DMBEDTLS_CONFIG_FILE="path-to-your-mbedtls-config-file" \ + -DTF_PSA_CRYPTO_CONFIG_FILE="path-to-your-tf-psa-crypto-config-file" . + make - find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} + - CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE=''" cmake . - make - -Note that the second method also works if you want to keep your custom -configuration file outside the Mbed TLS tree. +The second method also works if you want to keep your custom configuration +files outside the Mbed TLS tree.