mbedtls: kconfig: created MBEDTLS_PROMPTLESS and CUSTOM_MBEDTLS_CFG_FILE

tejlmand · galak · commit 588842854189 · 2021-05-09T15:24:23.000-05:00
Introducing MBEDTLS_PROMPTLESS and CUSTOM_MBEDTLS_CFG_FILE settings.
The MBEDTLS_PROMPTLESS can be set to true whenever configuration of
mbedTLS is done from a subsystem or module.

Such an example is OpenThread, which selects mbedTLS for some predefined
crypto settings using OPENTHREAD_MBEDTLS=y.

Unfortunately, extensive use of select can easily cause stuck symbol
syndrome making it harder than neccesarry for users to later reconfigure
as they easily get stuck in incompatible configurations.

Providing a MBEDTLS_PROMPTLESS allows such configurations to disable the
MBEDTLS prompt itself when selected but avoid stuck symbol if user
select another security configuration.

Similar with CUSTOM_MBEDTLS_CFG_FILE which ensures that user must
explicitly select this symbol before providing a custom mbedTLS config
file.

Today, other parts the Kconfig tree may set a default value for
MBEDTLS_CFG_FILE but that value is stuck and thus changed Kconfig
selections elsewhere in the tree will not adjust the value.

Introducing CUSTOM_MBEDTLS_CFG_FILE ensures it is known when the user
has provided the value.

Signed-off-by: Torsten Rasmussen &lt;Torsten.Rasmussen@nordicsemi.no&gt;
Signed-off-by: Ioannis Glaropoulos &lt;Ioannis.Glaropoulos@nordicsemi.no&gt;
diff --git a/modules/mbedtls/Kconfig b/modules/mbedtls/Kconfig
@@ -5,9 +5,17 @@
 
 config ZEPHYR_MBEDTLS_MODULE
 	bool
+config MBEDTLS_PROMPTLESS
+	bool
+	help
+	  Symbol to disable the prompt for MBEDTLS selection.
+	  This symbol may be used internally in a Kconfig tree to hide the
+	  mbed TLS menu prompt and instead handle the selection of MBEDTLS from
+	  dependent sub-configurations and thus preven stuck symbol behavior.
+
 
 menuconfig MBEDTLS
-	bool "mbedTLS Support"
+	bool "mbed TLS Support" if !MBEDTLS_PROMPTLESS
 	help
 	  This option enables the mbedTLS cryptography library.
 
@@ -32,8 +40,15 @@ config MBEDTLS_LIBRARY
 
 endchoice
 
+config CUSTOM_MBEDTLS_CFG_FILE
+	bool "Custom mbed TLS configuration file"
+	help
+	  Allow user defined input for the MBEDTLS_CFG_FILE setting.
+	  You can specify the actual configuration file using the
+	  MBEDTLS_CFG_FILE setting.
+
 config MBEDTLS_CFG_FILE
-	string "mbed TLS configuration file"
+	string "mbed TLS configuration file" if CUSTOM_MBEDTLS_CFG_FILE
 	depends on MBEDTLS_BUILTIN
 	default "config-tls-generic.h"
 	help
diff --git a/samples/drivers/crypto/prj_mtls_shim.conf b/samples/drivers/crypto/prj_mtls_shim.conf
@@ -3,6 +3,7 @@ CONFIG_LOG_MODE_MINIMAL=y
 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_BUILTIN=y
 CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h"
+CONFIG_CUSTOM_MBEDTLS_CFG_FILE=y
 CONFIG_MBEDTLS_HEAP_SIZE=512
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y
