I'm running TF-A 2.8 on an MT7986 board, and I enabled TRUSTED_BOARD_BOOT using mbedtls-3.4.0. When I tried to load BL31, TF-A BL2 hung, and it appears that BL2 failed to obtain the correct oid in the function get_ext (drivers/auth/mbedtls/mbedtls_x509_parser.
Part of the oid is printed using %c in the 3.4.0 version of mbedtls_oid_get_numeric_string (https://github.com/Mbed-TLS/mbedtls/blob/v3.4.0/library/oid.c#L864).
However, it appears that ATF libc's snprintf doesn't support%c format, as mbedtls_oid_get_numeric_string returns an erroneous oid.
[[ https://elastic-man.com | elastic man ]]
Thanks.
in get_ext oid_str dump
(mbedtls_oid_get_numeric_string) oid_str=%c.49.6.1.4.1.4128.2100.1
oid_str=1.3.6.1.4.1.4128.2100.1 (TRUSTED_FW_NVCOUNTER_OID)
I try to change snprintf format %c to %u in mbedtls_oid_get_numeric_string, TF-A boots successfully