Add mbedtls as a submodule.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Take mbedtls LTS release from tag v3.6.0

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Retrieve all git submodules before building

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Port mbedtls with dummy libc header files.
Add mbedtls default config header file.
Add mbedtls kbuild makefile.
Add Kconfig and mbedtls config submenu.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Apply MbedTLS patch if any exist before building.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Add text section alignment to fix sbsign signing warning
'gaps in the section table may result in different checksums'
which causes a failure of efi_image_verify_diges()

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Fix a permission issue when running virt-make-fs

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h,
u-boot/sha256.h and u-boot/sha512.h

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Remove the redundant includes of u-boot/sha1.h, u-boot/sha256.h
and u-boot/sha512.h

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Create a hash shim layer on top of mbedtls crypto library.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Integrate common/hash.c on the hash shim layer so that hash APIs
from mbedtls can be leveraged by boot/image and efi_loader.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Add the mbedtls include directories into the build system.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

When MBEDTLS_LIB_CRYPTO is enabled, use the APIs of sha256 from
hash shim layer instead.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

When MBEDTLS_LIB_CRYPTO is enabled, use the APIs of sha256 from
hash shim layer instead.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Added patches for MBedTLS PKCS7 parser to support MicroSoft
Authenticate Code with Authenticate Attributes.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Add mbedtls patch to support multiple signer's certs in the signed
data within a PKCS7 message.
Update the related MbedTLS test suites.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Integrate function public_key_verify_signature on top of MbedTLS
pk library.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Integrate x509_cert_parser on top of MbedTLS x509 library.
Add API x509_populate_cert and x509_populate_pubkey for code
reusability between x509 and pkcs7 parsers.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Integrate PKCS7 parser on top of MbedTLS PKCS7 library.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Integrate MicroSoft Authenticate Code parser on top of MbedTLS
ASN.1 decoder.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

When building with MbedTLS,  we are using MbedTLS to decode ASN1 data
for x509, pkcs7 and mscode. So we can remove the dependence on ASN1
decoder when MBEDTLS_LIB_X509 is enabled.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Disable the unused features of MbedTLS to reduce the target size.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>

Enable MbedTLS as default setting for qemu arm64

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>