Fix mbedtls link runtime resolution.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

cmake/trusted.cmake

@@ -1,7 +1,7 @@
 include_guard(GLOBAL)
 
 function(picokeys_trusted_region_enabled out_var)
-    if(PICO_RP2350 OR ENABLE_EMULATION OR ESP_PLATFORM)
+    if(PICO_RP2350)
         set(${out_var} TRUE PARENT_SCOPE)
     else()
         set(${out_var} FALSE PARENT_SCOPE)
@@ -12,26 +12,26 @@ macro(picokeys_init_trusted_config)
     set(PICOKEYS_TRUSTED_REGION_FLASH_BASE "0x100B0000" CACHE STRING "Fixed flash base for the trusted measurement region on Pico firmware builds")
     set(PICOKEYS_TRUSTED_STATE_RAM_BASE "0x20070000" CACHE STRING "Fixed RAM base for trusted writable state on Pico firmware builds")
 
-    if(CMAKE_C_COMPILER)
+    set(TRUSTED_MBEDTLS_HELPER_SOURCES
+        ${CMAKE_CURRENT_LIST_DIR}/src/trusted/trusted_mem.c
+    )
+endmacro()
+
+macro(picokeys_resolve_trusted_toolchain)
+    if(CMAKE_C_COMPILER AND PICO_RP2350)
         set(PICOKEYS_LIBGCC_QUERY_ARGS -print-libgcc-file-name)
-        if(PICO_RP2350)
+        set(PICOKEYS_LIBGCC_QUERY_ARGS
-            set(PICOKEYS_LIBGCC_QUERY_ARGS
+            -mthumb
-                -mthumb
+            -march=armv8-m.main+fp
-                -march=armv8-m.main+fp
+            -mfloat-abi=softfp
-                -mfloat-abi=softfp
+            -print-libgcc-file-name
-                -print-libgcc-file-name
+        )
-            )
-        endif()
         execute_process(
             COMMAND ${CMAKE_C_COMPILER} ${PICOKEYS_LIBGCC_QUERY_ARGS}
             OUTPUT_VARIABLE PICOKEYS_LIBGCC
             OUTPUT_STRIP_TRAILING_WHITESPACE
         )
     endif()
-
-    set(TRUSTED_MBEDTLS_HELPER_SOURCES
-        ${CMAKE_CURRENT_LIST_DIR}/src/trusted_mem.c
-    )
 endmacro()
 
 function(configure_picokeys_mbedtls_target target_name)
@@ -86,117 +86,68 @@ function(configure_picokeys_trusted_mbedtls_target target_name)
 endfunction()
 
 macro(picokeys_setup_trusted_mbedtls)
-    if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION)
+    if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION AND PICO_PLATFORM AND PICO_RP2350 AND NOT ENABLE_EMULATION)
-        if(NOT ESP_PLATFORM)
+        add_library(trusted_mbedtls_build STATIC ${MBEDTLS_SOURCES})
-            if(PICO_PLATFORM AND PICO_RP2350 AND NOT ENABLE_EMULATION)
+        target_include_directories(trusted_mbedtls_build SYSTEM PUBLIC
-                add_library(trusted_mbedtls_build STATIC ${MBEDTLS_SOURCES})
+            ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include
-                target_include_directories(trusted_mbedtls_build SYSTEM PUBLIC
+            ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library
-                    ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include
+        )
-                    ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library
+        configure_picokeys_trusted_mbedtls_target(trusted_mbedtls_build)
-                )
+        set(TRUSTED_MBEDTLS_ARCHIVE ${CMAKE_CURRENT_BINARY_DIR}/libtrusted_mbedtls.a)
-                configure_picokeys_trusted_mbedtls_target(trusted_mbedtls_build)
+        set(TRUSTED_LIBGCC_DIR ${CMAKE_CURRENT_BINARY_DIR}/trusted_libgcc)
-                set(TRUSTED_MBEDTLS_ARCHIVE ${CMAKE_CURRENT_BINARY_DIR}/libtrusted_mbedtls.a)
+        add_custom_command(
-                set(TRUSTED_LIBGCC_DIR ${CMAKE_CURRENT_BINARY_DIR}/trusted_libgcc)
+            OUTPUT ${TRUSTED_MBEDTLS_ARCHIVE}
-                add_custom_command(
+            COMMAND ${CMAKE_COMMAND} -E rm -f ${TRUSTED_MBEDTLS_ARCHIVE}
-                    OUTPUT ${TRUSTED_MBEDTLS_ARCHIVE}
+            COMMAND ${CMAKE_COMMAND} -E rm -rf ${TRUSTED_LIBGCC_DIR}
-                    COMMAND ${CMAKE_COMMAND} -E rm -f ${TRUSTED_MBEDTLS_ARCHIVE}
+            COMMAND ${CMAKE_COMMAND} -E make_directory ${TRUSTED_LIBGCC_DIR}
-                    COMMAND ${CMAKE_COMMAND} -E rm -rf ${TRUSTED_LIBGCC_DIR}
+            COMMAND ${CMAKE_OBJCOPY}
-                    COMMAND ${CMAKE_COMMAND} -E make_directory ${TRUSTED_LIBGCC_DIR}
+                --prefix-alloc-sections=.trusted
-                    COMMAND ${CMAKE_OBJCOPY}
+                --redefine-sym memset=picokeys_trusted_memset
-                        --prefix-alloc-sections=.trusted
+                --redefine-sym mbedtls_sha256_init=picokeys_trusted_sha256_init
-                        --redefine-sym memset=picokeys_trusted_memset
+                --redefine-sym mbedtls_sha256_free=picokeys_trusted_sha256_free
-                        --redefine-sym mbedtls_sha256_init=picokeys_trusted_sha256_init
+                --redefine-sym mbedtls_sha256_starts=picokeys_trusted_sha256_starts
-                        --redefine-sym mbedtls_sha256_free=picokeys_trusted_sha256_free
+                --redefine-sym mbedtls_sha256_update=picokeys_trusted_sha256_update
-                        --redefine-sym mbedtls_sha256_starts=picokeys_trusted_sha256_starts
+                --redefine-sym mbedtls_sha256_finish=picokeys_trusted_sha256_finish
-                        --redefine-sym mbedtls_sha256_update=picokeys_trusted_sha256_update
+                --redefine-sym mbedtls_sha256_clone=picokeys_trusted_sha256_clone
-                        --redefine-sym mbedtls_sha256_finish=picokeys_trusted_sha256_finish
+                --redefine-sym __aeabi_uldivmod=picokeys_trusted___aeabi_uldivmod
-                        --redefine-sym mbedtls_sha256_clone=picokeys_trusted_sha256_clone
+                $<TARGET_FILE:trusted_mbedtls_build>
-                        --redefine-sym __aeabi_uldivmod=picokeys_trusted___aeabi_uldivmod
+                ${TRUSTED_MBEDTLS_ARCHIVE}
-                        $<TARGET_FILE:trusted_mbedtls_build>
+            COMMAND ${CMAKE_COMMAND} -E chdir ${TRUSTED_LIBGCC_DIR}
-                        ${TRUSTED_MBEDTLS_ARCHIVE}
+                ${CMAKE_AR} x ${PICOKEYS_LIBGCC}
-                    COMMAND ${CMAKE_COMMAND} -E chdir ${TRUSTED_LIBGCC_DIR}
+                _aeabi_uldivmod.o
-                        ${CMAKE_AR} x ${PICOKEYS_LIBGCC}
+                _udivmoddi4.o
-                        _aeabi_uldivmod.o
+                _dvmd_tls.o
-                        _udivmoddi4.o
+            COMMAND ${CMAKE_OBJCOPY}
-                        _dvmd_tls.o
+                --prefix-alloc-sections=.trusted
-                    COMMAND ${CMAKE_OBJCOPY}
+                --redefine-sym __aeabi_uldivmod=picokeys_trusted___aeabi_uldivmod
-                        --prefix-alloc-sections=.trusted
+                --redefine-sym __udivmoddi4=picokeys_trusted___udivmoddi4
-                        --redefine-sym __aeabi_uldivmod=picokeys_trusted___aeabi_uldivmod
+                --redefine-sym __aeabi_idiv0=picokeys_trusted___aeabi_idiv0
-                        --redefine-sym __udivmoddi4=picokeys_trusted___udivmoddi4
+                ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.o
-                        --redefine-sym __aeabi_idiv0=picokeys_trusted___aeabi_idiv0
+                ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.trusted.o
-                        ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.o
+            COMMAND ${CMAKE_OBJCOPY}
-                        ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.trusted.o
+                --prefix-alloc-sections=.trusted
-                    COMMAND ${CMAKE_OBJCOPY}
+                --redefine-sym __udivmoddi4=picokeys_trusted___udivmoddi4
-                        --prefix-alloc-sections=.trusted
+                ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.o
-                        --redefine-sym __udivmoddi4=picokeys_trusted___udivmoddi4
+                ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.trusted.o
-                        ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.o
+            COMMAND ${CMAKE_OBJCOPY}
-                        ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.trusted.o
+                --prefix-alloc-sections=.trusted
-                    COMMAND ${CMAKE_OBJCOPY}
+                --redefine-sym __aeabi_idiv0=picokeys_trusted___aeabi_idiv0
-                        --prefix-alloc-sections=.trusted
+                ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.o
-                        --redefine-sym __aeabi_idiv0=picokeys_trusted___aeabi_idiv0
+                ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.trusted.o
-                        ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.o
+            COMMAND ${CMAKE_AR} q ${TRUSTED_MBEDTLS_ARCHIVE}
-                        ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.trusted.o
+                ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.trusted.o
-                    COMMAND ${CMAKE_AR} q ${TRUSTED_MBEDTLS_ARCHIVE}
+                ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.trusted.o
-                        ${TRUSTED_LIBGCC_DIR}/_aeabi_uldivmod.trusted.o
+                ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.trusted.o
-                        ${TRUSTED_LIBGCC_DIR}/_udivmoddi4.trusted.o
+            COMMAND ${CMAKE_RANLIB} ${TRUSTED_MBEDTLS_ARCHIVE}
-                        ${TRUSTED_LIBGCC_DIR}/_dvmd_tls.trusted.o
+            DEPENDS trusted_mbedtls_build
-                    COMMAND ${CMAKE_RANLIB} ${TRUSTED_MBEDTLS_ARCHIVE}
+            VERBATIM
-                    DEPENDS trusted_mbedtls_build
+        )
-                    VERBATIM
+        add_custom_target(trusted_mbedtls_archive DEPENDS ${TRUSTED_MBEDTLS_ARCHIVE})
-                )
+        add_library(trusted_mbedtls STATIC IMPORTED GLOBAL)
-                add_custom_target(trusted_mbedtls_archive DEPENDS ${TRUSTED_MBEDTLS_ARCHIVE})
+        add_dependencies(trusted_mbedtls trusted_mbedtls_archive)
-                add_library(trusted_mbedtls STATIC IMPORTED GLOBAL)
+        set_target_properties(trusted_mbedtls PROPERTIES
-                add_dependencies(trusted_mbedtls trusted_mbedtls_archive)
+            IMPORTED_LOCATION ${TRUSTED_MBEDTLS_ARCHIVE}
-                set_target_properties(trusted_mbedtls PROPERTIES
+        )
-                    IMPORTED_LOCATION ${TRUSTED_MBEDTLS_ARCHIVE}
-                )
-            elseif(ENABLE_EMULATION AND NOT MSVC)
-                set(TRUSTED_REGION_EMBED_INPUT
-                    ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_STATIC_LIBRARY_PREFIX}mbedtls${CMAKE_STATIC_LIBRARY_SUFFIX}
-                )
-                if(APPLE)
-                    set(PICOKEYS_TRUSTED_SECTION_DIRECTIVE ".section __DATA,__trusted_region,regular,no_dead_strip")
-                    set(PICOKEYS_TRUSTED_START_SYM "___trusted_start")
-                    set(PICOKEYS_TRUSTED_END_SYM "___trusted_end")
-                    set(PICOKEYS_TRUSTED_LOAD_START_SYM "___trusted_load_start")
-                    set(PICOKEYS_TRUSTED_LOAD_END_SYM "___trusted_load_end")
-                else()
-                    set(PICOKEYS_TRUSTED_SECTION_DIRECTIVE ".section .trusted_region,\"a\",@progbits")
-                    set(PICOKEYS_TRUSTED_START_SYM "__trusted_start")
-                    set(PICOKEYS_TRUSTED_END_SYM "__trusted_end")
-                    set(PICOKEYS_TRUSTED_LOAD_START_SYM "__trusted_load_start")
-                    set(PICOKEYS_TRUSTED_LOAD_END_SYM "__trusted_load_end")
-                endif()
-                set(TRUSTED_REGION_EMBED_SOURCE ${CMAKE_CURRENT_BINARY_DIR}/trusted_region_embed.S)
-                configure_file(
-                    ${CMAKE_CURRENT_LIST_DIR}/src/trusted_region_embed.in.S
-                    ${TRUSTED_REGION_EMBED_SOURCE}
-                    @ONLY
-                )
-            endif()
-        elseif(ESP_PLATFORM)
-            add_library(trusted_mbedtls_payload STATIC ${MBEDTLS_SOURCES})
-            target_include_directories(trusted_mbedtls_payload
-                SYSTEM PRIVATE
-                    ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include
-                    ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library
-            )
-            configure_picokeys_mbedtls_target(trusted_mbedtls_payload)
-            set(TRUSTED_REGION_EMBED_INPUT
-                ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_STATIC_LIBRARY_PREFIX}trusted_mbedtls_payload${CMAKE_STATIC_LIBRARY_SUFFIX}
-            )
-            set(PICOKEYS_TRUSTED_SECTION_DIRECTIVE ".section .rodata.trusted_region,\"a\",@progbits")
-            set(PICOKEYS_TRUSTED_START_SYM "__trusted_start")
-            set(PICOKEYS_TRUSTED_END_SYM "__trusted_end")
-            set(PICOKEYS_TRUSTED_LOAD_START_SYM "__trusted_load_start")
-            set(PICOKEYS_TRUSTED_LOAD_END_SYM "__trusted_load_end")
-            set(TRUSTED_REGION_EMBED_SOURCE ${CMAKE_CURRENT_BINARY_DIR}/trusted_region_embed.S)
-            configure_file(
-                ${CMAKE_CURRENT_LIST_DIR}/src/trusted_region_embed.in.S
-                ${TRUSTED_REGION_EMBED_SOURCE}
-                @ONLY
-            )
-        endif()
     endif()
 endmacro()
 
@@ -204,11 +155,11 @@ macro(picokeys_configure_trusted_support_sources)
     picokeys_trusted_region_enabled(enable_trusted_region)
     if(enable_trusted_region)
         if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
-            set_source_files_properties(${CMAKE_CURRENT_LIST_DIR}/src/trusted_mem.c PROPERTIES
+            set_source_files_properties(${CMAKE_CURRENT_LIST_DIR}/src/trusted/trusted_mem.c PROPERTIES
                 COMPILE_OPTIONS "-fno-builtin;-fno-tree-loop-distribute-patterns"
             )
         else()
-            set_source_files_properties(${CMAKE_CURRENT_LIST_DIR}/src/trusted_mem.c PROPERTIES
+            set_source_files_properties(${CMAKE_CURRENT_LIST_DIR}/src/trusted/trusted_mem.c PROPERTIES
                 COMPILE_OPTIONS "-fno-builtin"
             )
         endif()
@@ -228,9 +179,12 @@ macro(picokeys_configure_rp2350_trusted)
         target_include_directories(trusted_mbedtls_build PRIVATE
             ${CMAKE_CURRENT_LIST_DIR}/config/rp2350/alt
         )
+        target_include_directories(${CMAKE_PROJECT_NAME} PUBLIC
+            ${CMAKE_CURRENT_LIST_DIR}/src/trusted
+        )
         target_sources(trusted_mbedtls_build PRIVATE
             ${CMAKE_CURRENT_LIST_DIR}/config/rp2350/alt/sha256_alt.c
-            ${CMAKE_CURRENT_LIST_DIR}/src/trusted_pico_sha256.c
+            ${CMAKE_CURRENT_LIST_DIR}/src/trusted/trusted_pico_sha256.c
         )
         target_link_libraries(trusted_mbedtls_build PRIVATE
             pico_sha256_headers
@@ -242,7 +196,6 @@ endmacro()
 
 macro(picokeys_link_trusted_region target_name)
     if(TARGET trusted_mbedtls)
-        target_link_libraries(${target_name} PRIVATE trusted_mbedtls)
         target_link_options(${target_name} PRIVATE
             "LINKER:--defsym=__trusted_region_fixed_base=${PICOKEYS_TRUSTED_REGION_FLASH_BASE}"
             "LINKER:-T,${CMAKE_CURRENT_LIST_DIR}/config/rp2350/ld/trusted_region.ld"

picokeys_sdk_import.cmake

@@ -335,13 +335,6 @@ list(APPEND PICOKEYS_SOURCES
     ${CMAKE_CURRENT_LIST_DIR}/src/signal.c
 )
 
-if(PICO_RP2350 OR ENABLE_EMULATION OR ESP_PLATFORM)
-    add_compile_definitions(PICOKEYS_HAS_TRUSTED_REGION=1)
-    list(APPEND PICOKEYS_SOURCES
-        ${CMAKE_CURRENT_LIST_DIR}/src/trusted.c
-    )
-endif()
-
 if(ESP_PLATFORM)
     list(APPEND PICOKEYS_SOURCES
         ${CMAKE_CURRENT_LIST_DIR}/src/led/led_neopixel.c
@@ -460,35 +453,6 @@ if(UNIX AND NOT APPLE AND ENABLE_EMULATION)
     endif()
 endif()
 
-if(NOT ESP_PLATFORM)
-    if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION)
-        add_library(mbedtls STATIC ${MBEDTLS_SOURCES})
-        target_include_directories(mbedtls SYSTEM PUBLIC
-            ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include
-            ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library
-        )
-        configure_picokeys_mbedtls_target(mbedtls)
-    endif()
-    if(ENABLE_LIBCVC)
-        add_library(libcvc STATIC ${LIBCVC_SOURCES})
-        target_include_directories(libcvc SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/libcvc/src ${CMAKE_CURRENT_LIST_DIR}/third-party/libcvc/include)
-        target_link_libraries(libcvc PRIVATE mbedtls)
-        list(APPEND LIBRARIES libcvc)
-    endif()
-    if(USB_ITF_HID)
-        add_library(tinycbor STATIC ${CBOR_SOURCES})
-        target_include_directories(tinycbor SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/tinycbor/src)
-        list(APPEND LIBRARIES tinycbor)
-    endif()
-    if(USB_ITF_LWIP)
-        add_library(cjson STATIC ${CJSON_SOURCES})
-        target_include_directories(cjson SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/cjson)
-        list(APPEND LIBRARIES cjson)
-    endif()
-endif()
-
-picokeys_setup_trusted_mbedtls()
-
 if(PICO_PLATFORM)
     list(APPEND LIBRARIES
         pico_stdlib
@@ -562,7 +526,6 @@ else()
         ${CMAKE_CURRENT_LIST_DIR}/src/fs/mman.c
     )
 endif()
-picokeys_configure_trusted_support_sources()
 
 if(ENABLE_EMULATION)
     if(APPLE)
@@ -616,6 +579,48 @@ endif()
 
 if(PICO_PLATFORM)
     pico_sdk_init()
+    picokeys_resolve_trusted_toolchain()
+    picokeys_setup_trusted_mbedtls()
+else()
+    picokeys_resolve_trusted_toolchain()
+    picokeys_setup_trusted_mbedtls()
+endif()
+picokeys_configure_trusted_support_sources()
+
+if(NOT ESP_PLATFORM)
+    if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION)
+        if(PICO_RP2350)
+            add_library(mbedtls INTERFACE)
+            target_include_directories(mbedtls INTERFACE
+                ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include
+                ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library
+            )
+            target_link_libraries(mbedtls INTERFACE trusted_mbedtls)
+        else()
+            add_library(mbedtls STATIC ${MBEDTLS_SOURCES})
+            target_include_directories(mbedtls SYSTEM PUBLIC
+                ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/include
+                ${CMAKE_CURRENT_LIST_DIR}/third-party/mbedtls/library
+            )
+            configure_picokeys_mbedtls_target(mbedtls)
+        endif()
+    endif()
+    if(ENABLE_LIBCVC)
+        add_library(libcvc STATIC ${LIBCVC_SOURCES})
+        target_include_directories(libcvc SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/libcvc/src ${CMAKE_CURRENT_LIST_DIR}/third-party/libcvc/include)
+        target_link_libraries(libcvc PRIVATE mbedtls)
+        list(APPEND LIBRARIES libcvc)
+    endif()
+    if(USB_ITF_HID)
+        add_library(tinycbor STATIC ${CBOR_SOURCES})
+        target_include_directories(tinycbor SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/tinycbor/src)
+        list(APPEND LIBRARIES tinycbor)
+    endif()
+    if(USB_ITF_LWIP)
+        add_library(cjson STATIC ${CJSON_SOURCES})
+        target_include_directories(cjson SYSTEM PUBLIC ${CMAKE_CURRENT_LIST_DIR}/third-party/cjson)
+        list(APPEND LIBRARIES cjson)
+    endif()
 endif()
 
 if(ESP_PLATFORM)
@@ -680,6 +685,10 @@ if(USB_ITF_LWIP)
 endif()
 
 if(PICO_RP2350)
+    add_compile_definitions(PICOKEYS_HAS_TRUSTED_REGION=1)
+    list(APPEND PICOKEYS_SOURCES
+        ${CMAKE_CURRENT_LIST_DIR}/src/trusted/trusted.c
+    )
     pico_set_uf2_family(${CMAKE_PROJECT_NAME} "rp2350-arm-s")
     pico_embed_pt_in_binary(${CMAKE_PROJECT_NAME} "${CMAKE_CURRENT_LIST_DIR}/config/rp2350/pt.json")
     if(NOT IS_CYW43)
@@ -696,17 +705,24 @@ if(PICO_RP2350)
         ${CMAKE_CURRENT_LIST_DIR}/config/rp2350/alt
     )
     if(TARGET mbedtls)
-        target_include_directories(mbedtls PRIVATE
+        target_include_directories(mbedtls INTERFACE
             ${CMAKE_CURRENT_LIST_DIR}/config/rp2350/alt
         )
-        target_link_libraries(mbedtls PRIVATE pico_sha256_headers)
+        target_link_libraries(mbedtls INTERFACE pico_sha256_headers)
     endif()
     picokeys_configure_rp2350_trusted()
     list(APPEND PICOKEYS_SOURCES
         ${CMAKE_CURRENT_LIST_DIR}/config/rp2350/alt/sha256_alt.c
     )
     add_compile_definitions(MBEDTLS_SHA256_ALT=1)
+    if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION)
+        list(APPEND LIBRARIES mbedtls)
+    endif()
     list(APPEND LIBRARIES pico_sha256)
+elseif(PICO_RP2040)
+    if(NOT SKIP_MBEDTLS_FOR_OPENSSL_EMULATION)
+        list(APPEND LIBRARIES mbedtls)
+    endif()
 endif()
 set(INTERNAL_SOURCES ${PICOKEYS_SOURCES})
 

src/trusted/trusted_mem.c

@@ -1,3 +1,20 @@
+/*
+ * This file is part of the Pico Keys SDK distribution (https://github.com/polhenarejos/pico-keys-sdk).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
 #include "mbedtls/platform_util.h"
 #include "trusted.h"
 
@@ -123,8 +140,8 @@ void picokeys_trusted_free(void *ptr)
 
 void mbedtls_platform_zeroize(void *buf, size_t len)
 {
-    if (len > 0) {
+    if (buf != NULL && len != 0) {
         picokeys_trusted_memset(buf, 0, len);
-        asm volatile ("" : : "m" (*(char (*)[len]) buf) :);
+        __asm__ volatile ("" ::: "memory");
     }
 }

src/trusted/trusted_pico_sha256.c

@@ -1,3 +1,20 @@
+/*
+ * This file is part of the Pico Keys SDK distribution (https://github.com/polhenarejos/pico-keys-sdk).
+ * Copyright (c) 2022 Pol Henarejos.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
 #include <inttypes.h>
 #include <stdint.h>
 #include <string.h>