new file mode 100644
@@ -0,0 +1,72 @@
+Upstream-Status: Backport
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+
+From a93084be95634b66b917f1c8baf403067dc75c5d Mon Sep 17 00:00:00 2001
+From: Sandrine Bailleux <sandrine.bailleux@arm.com>
+Date: Thu, 21 Apr 2022 10:21:29 +0200
+Subject: [PATCH] build(deps): upgrade to mbed TLS 2.28.0
+
+Upgrade to the latest and greatest 2.x release of Mbed TLS library
+(i.e. v2.28.0) to take advantage of their bug fixes.
+
+Note that the Mbed TLS project published version 3.x some time
+ago. However, as this is a major release with API breakages, upgrading
+to 3.x might require some more involved changes in TF-A, which we are
+not ready to do. We shall upgrade to mbed TLS 3.x after the v2.7
+release of TF-A.
+
+Actually, the upgrade this time simply boils down to including the new
+source code module 'constant_time.c' into the firmware.
+
+To quote mbed TLS v2.28.0 release notes [1]:
+
+ The mbedcrypto library includes a new source code module
+ constant_time.c, containing various functions meant to resist timing
+ side channel attacks. This module does not have a separate
+ configuration option, and functions from this module will be
+ included in the build as required.
+
+As a matter of fact, if one is attempting to link TF-A against mbed
+TLS v2.28.0 without the present patch, one gets some linker errors
+due to missing symbols from this new module.
+
+Apart from this, none of the items listed in mbed TLS release
+notes [1] directly affect TF-A. Special note on the following one:
+
+ Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
+ exceeds 2^32.
+
+In TF-A, we do use mbedtls_gcm_starts() when the firmware decryption
+feature is enabled with AES-GCM as the authenticated decryption
+algorithm (DECRYPTION_SUPPORT=aes_gcm). However, the iv_len variable
+which gets passed to mbedtls_gcm_starts() is an unsigned int, i.e. a
+32-bit value which by definition is always less than 2**32. Therefore,
+we are immune to this bug.
+
+With this upgrade, the size of BL1 and BL2 binaries does not appear to
+change on a standard sample test build (with trusted boot and measured
+boot enabled).
+
+[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.0
+
+Change-Id: Icd5dbf527395e9e22c8fd6b77427188bd7237fd6
+Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
+---
+ drivers/auth/mbedtls/mbedtls_common.mk | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
+index 0a4775d00..3eb41617f 100644
+--- a/drivers/auth/mbedtls/mbedtls_common.mk
++++ b/drivers/auth/mbedtls/mbedtls_common.mk
+@@ -48,6 +48,7 @@ LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \
+ rsa_internal.c \
+ x509.c \
+ x509_crt.c \
++ constant_time.c \
+ )
+
+ # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
+--
+2.25.1
+
@@ -6,7 +6,9 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
inherit deploy
SRC_URI = "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https;name=tfa;branch=master \
- file://ssl.patch"
+ file://ssl.patch \
+ file://build-deps-upgrade-to-mbed-TLS-2.28.0.patch"
+
UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$"
SRCREV_FORMAT = "tfa"
@@ -5,8 +5,8 @@ SRCREV_tfa = "a1f02f4f3daae7e21ee58b4c93ec3e46b8f28d15"
LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
-# mbed TLS v2.26.0
-SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master"
-SRCREV_mbedtls = "e483a77c85e1f9c1dd2eb1c5a8f552d2617fe400"
+# mbed TLS v2.28.0
+SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-2.28"
+SRCREV_mbedtls = "8b3f26a5ac38d4fdccbc5c5366229f3e01dafcc0"
LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"