From 8ce3b6b6dce1209db9a34be6be6bbc79b078f751 Mon Sep 17 00:00:00 2001 From: Evlers <1425295900@qq.com> Date: Wed, 22 Apr 2026 16:55:22 +0800 Subject: [PATCH 1/2] [packages][mbedtls] add support for loading certificates from the file system --- security/mbedtls/Kconfig | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/security/mbedtls/Kconfig b/security/mbedtls/Kconfig index aa8afcead3..0f155ab2fe 100644 --- a/security/mbedtls/Kconfig +++ b/security/mbedtls/Kconfig @@ -11,7 +11,25 @@ menuconfig PKG_USING_MBEDTLS if PKG_USING_MBEDTLS + menuconfig PKG_USING_MBEDTLS_CERTS_FROM_FS + bool "Load CA certificates from filesystem directory" + select RT_USING_DFS_ROMFS + default n + help + Enable loading CA certificates from a runtime directory. + All regular files in the configured directory will be parsed. + + if PKG_USING_MBEDTLS_CERTS_FROM_FS + config PKG_MBEDTLS_CERTS_DIR + string "CA certificate directory path" + default "/romfs/certs" + help + Directory that stores CA certificate files (PEM/DER). + Example: /romfs/certs or /data/certs + endif + menu "Select Root Certificate" + depends on !PKG_USING_MBEDTLS_CERTS_FROM_FS config PKG_USING_MBEDTLS_USE_ALL_CERTS bool "Using all default CA(Use preset CA certificates. Take up more memory)" From 718088cfe1df4ccd6e2ba156e48e3982050c5299 Mon Sep 17 00:00:00 2001 From: Evlers <1425295900@qq.com> Date: Wed, 22 Apr 2026 17:51:25 +0800 Subject: [PATCH 2/2] [security][mbedtls] remove the mandatory dependency on romfs --- security/mbedtls/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/security/mbedtls/Kconfig b/security/mbedtls/Kconfig index 0f155ab2fe..8c1ffd18b2 100644 --- a/security/mbedtls/Kconfig +++ b/security/mbedtls/Kconfig @@ -13,7 +13,6 @@ if PKG_USING_MBEDTLS menuconfig PKG_USING_MBEDTLS_CERTS_FROM_FS bool "Load CA certificates from filesystem directory" - select RT_USING_DFS_ROMFS default n help Enable loading CA certificates from a runtime directory.