[0/4] RFC: detect CVEs from embedded mbedtls

Message ID	20231019105552.3631582-1-mikko.rapeli@linaro.org
Headers	show Return-Path: <mikko.rapeli@linaro.org> ip: 91.232.154.25, mailfrom: mcfrisk@lakka.kapsi.fi) From: Mikko Rapeli <mikko.rapeli@linaro.org> To: meta-arm@lists.yoctoproject.org Cc: Marta Rybczynska <rybczynska@gmail.com>, Mikko Rapeli <mikko.rapeli@linaro.org> Subject: [PATCH 0/4] RFC: detect CVEs from embedded mbedtls Date: Thu, 19 Oct 2023 13:55:48 +0300 Message-Id: <20231019105552.3631582-1-mikko.rapeli@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Symbol: FREEMAIL_ENVRCPT(0.00) Symbol: FREEMAIL_CC(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: BAYES_HAM(-3.00) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: RCVD_COUNT_TWO(0.00) Symbol: RCVD_TLS_LAST(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: MIME_GOOD(-0.10) Symbol: MID_CONTAINS_FROM(1.00) Symbol: NEURAL_HAM(0.00) Symbol: R_DKIM_NA(0.00) Symbol: R_SPF_ALLOW(-0.20) Symbol: FORGED_SENDER(0.30) Symbol: ASN(0.00) Symbol: MIME_TRACE(0.00) Symbol: TO_DN_SOME(0.00) Symbol: ARC_NA(0.00) Symbol: RCPT_COUNT_THREE(0.00) Symbol: R_MISSING_CHARSET(0.50) Message-ID: 20231019105552.3631582-1-mikko.rapeli@linaro.org
Series	RFC: detect CVEs from embedded mbedtls \| expand [0/4] RFC: detect CVEs from embedded mbedtls [1/4] trusted-firmware-a: include BSD-2-Clause license [2/4] trusted-firmware-a: set version of mbed_tls for CVE check [3/4] trusted-firmware-m: set CVE product and version for mbedtls [4/4] trusted-firmware-a: set CVE_VERSION for mbedtls too

Message ID

20231019105552.3631582-1-mikko.rapeli@linaro.org

Headers

From: Mikko Rapeli <mikko.rapeli@linaro.org>
To: meta-arm@lists.yoctoproject.org
Cc: Marta Rybczynska <rybczynska@gmail.com>,
	Mikko Rapeli <mikko.rapeli@linaro.org>
Subject: [PATCH 0/4] RFC: detect CVEs from embedded mbedtls
Date: Thu, 19 Oct 2023 13:55:48 +0300
Message-Id: <20231019105552.3631582-1-mikko.rapeli@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

RFC: detect CVEs from embedded mbedtls | expand

Message

Mikko Rapeli Oct. 19, 2023, 10:55 a.m. UTC

mbedtls is used inside tf-a and tf-m recipes and it's embedded using
SRC_URI to the build workspace. While it would better to use mbedtls
recipe from meta-openembedded, if at possible at all, at least try to
detect CVEs from current setup by setting CVE_PRODUCT and CVE_VERSION
for the embedded mbedtls.

RFC since depends on poky cve-check.bbclass patch
"cve-check.bbclass: support embedded SW components with different version number"
https://lists.openembedded.org/g/openembedded-core/message/189260

Mikko Rapeli (4):
  trusted-firmware-a: include BSD-2-Clause license
  trusted-firmware-a: set version of mbed_tls for CVE check
  trusted-firmware-m: set CVE product and version for mbedtls
  trusted-firmware-a: set CVE_VERSION for mbedtls too

 .../trusted-firmware-a/trusted-firmware-a_2.8.6.bb            | 2 +-
 .../recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc     | 4 +++-
 .../trusted-firmware-a/trusted-firmware-a_2.9.0.bb            | 2 +-
 .../trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc       | 2 +-
 .../recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc     | 2 ++
 5 files changed, 8 insertions(+), 4 deletions(-)