From d77b98cabf228b277af2bc5e5ea9c4b221a6cd7b Mon Sep 17 00:00:00 2001 From: Antonio Nino Diaz Date: Wed, 24 May 2017 14:11:07 +0100 Subject: [PATCH] mbedtls: Use `MBEDTLS_SHA256_SMALLER` in ARM platforms This options enables an implementation of SHA-256 that has a smaller code footprint (~1.6 KB less) but is also ~30% slower. For ARM platforms, code size is currently considered more important than execution speed in the mbed TLS crypto module. Added a small note about this option to the documentation of the authentication framework. Change-Id: I4c0b221ea5d3466465261316ba07b627fa01b233 Signed-off-by: Antonio Nino Diaz --- docs/auth-framework.md | 6 +++++- plat/arm/common/arm_common.mk | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/auth-framework.md b/docs/auth-framework.md index 531505bfa..b416acfc2 100644 --- a/docs/auth-framework.md +++ b/docs/auth-framework.md @@ -909,9 +909,13 @@ int verify_hash(void *data_ptr, unsigned int data_len, ``` The key algorithm (rsa, ecdsa) must be specified in the build system using the -`MBEDTLS_KEY_ALG` variable, so the Makefile can include the corresponding +`TF_MBEDTLS_KEY_ALG` variable, so the Makefile can include the corresponding sources in the build. +Note: If code size is a concern, the build option `MBEDTLS_SHA256_SMALLER` can +be defined in the platform Makefile. It will make mbed TLS use an implementation +of SHA-256 with smaller memory footprint (~1.5 KB less) but slower (~30%). + - - - - - - - - - - - - - - - - - - - - - - - - - - _Copyright (c) 2015, ARM Limited and Contributors. All rights reserved._ diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 58fc94ec6..38c8cf85a 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -76,6 +76,10 @@ ARM_XLAT_TABLES_LIB_V1 := 0 $(eval $(call assert_boolean,ARM_XLAT_TABLES_LIB_V1)) $(eval $(call add_define,ARM_XLAT_TABLES_LIB_V1)) +# Use an implementation of SHA-256 with a smaller memory footprint but reduced +# speed. +$(eval $(call add_define,MBEDTLS_SHA256_SMALLER)) + # Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms ENABLE_PSCI_STAT := 1 ENABLE_PMF := 1