From 570aefcb9042e94732cf63636f99624cacd96fd4 Mon Sep 17 00:00:00 2001 From: Aksel Skauge Mellbye Date: Thu, 11 Jun 2026 10:38:10 +0200 Subject: [PATCH 1/5] scripts: Add dispatch include path and new generation location PSA crypto driver dispatch files are generated into dispatch/ instead of core/ in newer TF-PSA-Crypto versions. API headers that rely on driver/dispatch implementation details are also moved from include/ to dispatch/include/. Signed-off-by: Aksel Skauge Mellbye --- scripts/make_generated_files.py | 9 +++++++-- scripts/mbedtls_framework/build_tree.py | 8 ++++++++ scripts/mbedtls_framework/psa_storage.py | 2 ++ scripts/test_psa_constant_names.py | 1 + 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/scripts/make_generated_files.py b/scripts/make_generated_files.py index ad8c5b8a96..588965ffd6 100755 --- a/scripts/make_generated_files.py +++ b/scripts/make_generated_files.py @@ -22,11 +22,16 @@ ] if build_tree.looks_like_tf_psa_crypto_root("."): + new_dispatch_layout = (Path.cwd() / "dispatch" / "CMakeLists.txt").exists() + if build_tree.tf_psa_crypto_version() >= (1,1,0) and new_dispatch_layout: + dispatch_prefix = Path("dispatch") + else: + dispatch_prefix = Path("core") TF_PSA_CRYPTO_GENERATION_SCRIPTS = [ GenerationScript( Path("scripts/generate_driver_wrappers.py"), - [Path("core/psa_crypto_driver_wrappers.h"), - Path("core/psa_crypto_driver_wrappers_no_static.c")], + [dispatch_prefix / "psa_crypto_driver_wrappers.h", + dispatch_prefix / "psa_crypto_driver_wrappers_no_static.c"], "", None ), GenerationScript( diff --git a/scripts/mbedtls_framework/build_tree.py b/scripts/mbedtls_framework/build_tree.py index 04dbf54fc5..225b8f56a1 100644 --- a/scripts/mbedtls_framework/build_tree.py +++ b/scripts/mbedtls_framework/build_tree.py @@ -148,3 +148,11 @@ def is_mbedtls_3_6() -> bool: return False with open(os.path.join(root, 'include', 'mbedtls', 'build_info.h'), 'r') as f: return re.search(r"#define MBEDTLS_VERSION_NUMBER.*0x0306", f.read()) is not None + +def tf_psa_crypto_version() -> tuple: + root = guess_project_root() + if not looks_like_root(root): + raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') + with open(os.path.join(root, 'include', 'tf-psa-crypto', 'build_info.h'), 'r') as f: + m = re.search(r"#define TF_PSA_CRYPTO_VERSION_STRING.*\"([\d]+)\.([\d]+)\.([\d]+)\"", f.read()) + return tuple(int(i) for i in m.groups()) diff --git a/scripts/mbedtls_framework/psa_storage.py b/scripts/mbedtls_framework/psa_storage.py index 22d981c051..9ccbbb58f1 100644 --- a/scripts/mbedtls_framework/psa_storage.py +++ b/scripts/mbedtls_framework/psa_storage.py @@ -48,12 +48,14 @@ def update_cache(self) -> None: if build_tree.looks_like_root('.'): includes = ['include'] if build_tree.looks_like_tf_psa_crypto_root('.'): + includes.append('dispatch/include') includes.append('drivers/builtin/include') includes.append('drivers/everest/include') includes.append('drivers/everest/include/tf-psa-crypto/private/') includes.append('drivers/pqcp/include') elif not build_tree.is_mbedtls_3_6(): includes.append('tf-psa-crypto/include') + includes.append('tf-psa-crypto/dispatch/include') includes.append('tf-psa-crypto/drivers/builtin/include') includes.append('tf-psa-crypto/drivers/everest/include') includes.append('tf-psa-crypto/drivers/everest/include/tf-psa-crypto/private/') diff --git a/scripts/test_psa_constant_names.py b/scripts/test_psa_constant_names.py index a741047819..f155fabdb2 100755 --- a/scripts/test_psa_constant_names.py +++ b/scripts/test_psa_constant_names.py @@ -171,6 +171,7 @@ def main(): else: parser.add_argument('--include', '-I', action='append', default=['tf-psa-crypto/include', + 'tf-psa-crypto/dispatch/include', 'tf-psa-crypto/drivers/builtin/include', 'tf-psa-crypto/drivers/everest/include', 'tf-psa-crypto/drivers/everest/include/' + From 3bd19adf10819a06215e757454658d6a29adff7b Mon Sep 17 00:00:00 2001 From: Aksel Skauge Mellbye Date: Fri, 12 Jun 2026 11:02:59 +0200 Subject: [PATCH 2/5] scripts: Simplify check for new dispatch location Assume the new dispatch location is possible for any TF-PSA-Crypto version to avoid needing to perform a version check. Signed-off-by: Aksel Skauge Mellbye --- scripts/make_generated_files.py | 11 +++++------ scripts/mbedtls_framework/build_tree.py | 8 -------- 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/scripts/make_generated_files.py b/scripts/make_generated_files.py index 588965ffd6..e8d94c1e9f 100755 --- a/scripts/make_generated_files.py +++ b/scripts/make_generated_files.py @@ -22,16 +22,15 @@ ] if build_tree.looks_like_tf_psa_crypto_root("."): - new_dispatch_layout = (Path.cwd() / "dispatch" / "CMakeLists.txt").exists() - if build_tree.tf_psa_crypto_version() >= (1,1,0) and new_dispatch_layout: - dispatch_prefix = Path("dispatch") + if (Path.cwd() / "dispatch" / "CMakeLists.txt").exists(): + DISPATCH_PREFIX = Path("dispatch") else: - dispatch_prefix = Path("core") + DISPATCH_PREFIX = Path("core") TF_PSA_CRYPTO_GENERATION_SCRIPTS = [ GenerationScript( Path("scripts/generate_driver_wrappers.py"), - [dispatch_prefix / "psa_crypto_driver_wrappers.h", - dispatch_prefix / "psa_crypto_driver_wrappers_no_static.c"], + [DISPATCH_PREFIX / "psa_crypto_driver_wrappers.h", + DISPATCH_PREFIX / "psa_crypto_driver_wrappers_no_static.c"], "", None ), GenerationScript( diff --git a/scripts/mbedtls_framework/build_tree.py b/scripts/mbedtls_framework/build_tree.py index 225b8f56a1..04dbf54fc5 100644 --- a/scripts/mbedtls_framework/build_tree.py +++ b/scripts/mbedtls_framework/build_tree.py @@ -148,11 +148,3 @@ def is_mbedtls_3_6() -> bool: return False with open(os.path.join(root, 'include', 'mbedtls', 'build_info.h'), 'r') as f: return re.search(r"#define MBEDTLS_VERSION_NUMBER.*0x0306", f.read()) is not None - -def tf_psa_crypto_version() -> tuple: - root = guess_project_root() - if not looks_like_root(root): - raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') - with open(os.path.join(root, 'include', 'tf-psa-crypto', 'build_info.h'), 'r') as f: - m = re.search(r"#define TF_PSA_CRYPTO_VERSION_STRING.*\"([\d]+)\.([\d]+)\.([\d]+)\"", f.read()) - return tuple(int(i) for i in m.groups()) From e55c7b621a01f6297e0f1471d3ae214893fc1cf7 Mon Sep 17 00:00:00 2001 From: Aksel Skauge Mellbye Date: Fri, 12 Jun 2026 11:38:17 +0200 Subject: [PATCH 3/5] scripts: Add new dispatch location in check_names Add the dispatch include directory to the list of public paths to check. Add the generated driver wrapper path to the list of excluded patterns. Signed-off-by: Aksel Skauge Mellbye --- scripts/check_names.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/check_names.py b/scripts/check_names.py index 9bc8ebc9e8..8cb876aa1c 100755 --- a/scripts/check_names.py +++ b/scripts/check_names.py @@ -778,6 +778,7 @@ def __init__(self, log: logging.Logger) -> None: H_PUBLIC = [ "include/**/*.h", + "dispatch/include/**/*.h", "drivers/*/include/**/*.h", ] H_PUBLIC_EXCLUDE = [ @@ -795,6 +796,11 @@ def __init__(self, log: logging.Logger) -> None: "utilities/*.h", ] + H_GENERATED_EXCLUDE = [ + "core/psa_crypto_driver_wrappers.h", + "dispatch/psa_crypto_driver_wrappers.h" + ] + H_TEST_DRIVERS = [ "framework/tests/include/test/drivers/*.h", ] @@ -830,7 +836,7 @@ def comprehensive_parse(self) -> ParseResult: self.H_PUBLIC_EXCLUDE + ["drivers/p256-m/p256-m/p256-m.h"]) mbed_psa_words = self.parse_mbed_psa_words( self.H_PUBLIC + self.H_INTERNAL + self.C_INTERNAL, - self.H_PUBLIC_EXCLUDE + ["core/psa_crypto_driver_wrappers.h"]) + self.H_PUBLIC_EXCLUDE + self.H_GENERATED_EXCLUDE) symbols = self.parse_symbols() return self._parse(all_macros, enum_consts, identifiers, From 021762aa47d2376b131d08d12f664ec399b0a5c1 Mon Sep 17 00:00:00 2001 From: Aksel Skauge Mellbye Date: Mon, 15 Jun 2026 09:40:29 +0200 Subject: [PATCH 4/5] scripts: Remove driver wrapper exclusion in check_names The check_names.py script excluded the driver wrapper from being included in API checks. The limitations that led to that being necessary are no longer present, so remove the exclude for all possible driver wrapper locations across Mbed TLS and TF-PSA-Crypto. Signed-off-by: Aksel Skauge Mellbye --- scripts/check_names.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/scripts/check_names.py b/scripts/check_names.py index 8cb876aa1c..ff7d8a33a4 100755 --- a/scripts/check_names.py +++ b/scripts/check_names.py @@ -796,11 +796,6 @@ def __init__(self, log: logging.Logger) -> None: "utilities/*.h", ] - H_GENERATED_EXCLUDE = [ - "core/psa_crypto_driver_wrappers.h", - "dispatch/psa_crypto_driver_wrappers.h" - ] - H_TEST_DRIVERS = [ "framework/tests/include/test/drivers/*.h", ] @@ -836,7 +831,7 @@ def comprehensive_parse(self) -> ParseResult: self.H_PUBLIC_EXCLUDE + ["drivers/p256-m/p256-m/p256-m.h"]) mbed_psa_words = self.parse_mbed_psa_words( self.H_PUBLIC + self.H_INTERNAL + self.C_INTERNAL, - self.H_PUBLIC_EXCLUDE + self.H_GENERATED_EXCLUDE) + self.H_PUBLIC_EXCLUDE) symbols = self.parse_symbols() return self._parse(all_macros, enum_consts, identifiers, @@ -969,7 +964,7 @@ def comprehensive_parse(self) -> ParseResult: "library/*.c", "3rdparty/everest/library/everest.c", "3rdparty/everest/library/x25519.c" - ], ["library/psa_crypto_driver_wrappers.h"]) + ]) else: all_macros = {"public": [], "internal": [], "private":[]} all_macros["public"] = self.parse_macros([ From 957b8a1b7492054a18eee5f20e3f7f626be06503 Mon Sep 17 00:00:00 2001 From: Aksel Skauge Mellbye Date: Thu, 18 Jun 2026 14:56:56 +0200 Subject: [PATCH 5/5] scripts: Add dispatch include dir to check-doxy-blocks Check for stray Doxygen commands in the dispatch include directory. Signed-off-by: Aksel Skauge Mellbye --- scripts/check-doxy-blocks.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/check-doxy-blocks.pl b/scripts/check-doxy-blocks.pl index 8c4ecd7410..ae86166a64 100755 --- a/scripts/check-doxy-blocks.pl +++ b/scripts/check-doxy-blocks.pl @@ -21,6 +21,7 @@ include/mbedtls drivers/builtin/include/mbedtls drivers/builtin/src core dispatch + dispatch/include/psa doxygen/input extras platform utilities); # very naive pattern to find directives: