Page MenuHomePhabricator

TF-A with TRUSTED_BOARD_BOOT failed when using mbedtls-3.4.0
Open, Needs TriagePublic

Description

Hi, I'm using TF-A 2.8 on mt7986 board, enable TRUSTED_BOARD_BOOT using mbedtls-3.4.0,
TF-A BL2 hanged when loading BL31, it seems that BL2 failed to get correct oid in function get_ext(drivers/auth/mbedtls/mbedtls_x509_parser.c) after calling mbedtls_oid_get_numeric_string

mbedtls_oid_get_numeric_string in 3.4.0 uses %c to print part of oid,
(https://github.com/Mbed-TLS/mbedtls/blob/v3.4.0/library/oid.c#L864)

but seems that ATF libc's snprintf doesn't support %c format, which causes mbedtls_oid_get_numeric_string to return incorrect oid

oid_str dump in get_ext

oid_str=%c.49.6.1.4.1.4128.2100.1 (mbedtls_oid_get_numeric_string)
oid_str=1.3.6.1.4.1.4128.2100.1 (TRUSTED_FW_NVCOUNTER_OID)

I try to change snprintf format %c to %u in mbedtls_oid_get_numeric_string, TF-A boots successfully

Thanks

Event Timeline

tl455047 created this task.Apr 7 2023, 9:15 AM
tl455047 updated the task description. (Show Details)Apr 7 2023, 9:23 AM