mbedtls: Use `MBEDTLS_SHA256_SMALLER` in ARM platforms

This options enables an implementation of SHA-256 that has a smaller
code footprint (~1.6 KB less) but is also ~30% slower. For ARM
platforms, code size is currently considered more important than
execution speed in the mbed TLS crypto module.

Added a small note about this option to the documentation of the
authentication framework.

Change-Id: I4c0b221ea5d3466465261316ba07b627fa01b233
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

2 files changed, 9 insertions, 1 deletions

diff --git a/docs/auth-framework.md b/docs/auth-framework.md
index 531505bf..b416acfc 100644
--- a/docs/auth-framework.md
+++ b/docs/auth-framework.md
@@ -909,9 +909,13 @@ int verify_hash(void *data_ptr, unsigned int data_len,
 ```
 
 The key algorithm (rsa, ecdsa) must be specified in the build system using the
-`MBEDTLS_KEY_ALG` variable, so the Makefile can include the corresponding
+`TF_MBEDTLS_KEY_ALG` variable, so the Makefile can include the corresponding
 sources in the build.
 
+Note: If code size is a concern, the build option `MBEDTLS_SHA256_SMALLER` can
+be defined in the platform Makefile. It will make mbed TLS use an implementation
+of SHA-256 with smaller memory footprint (~1.5 KB less) but slower (~30%).
+
 - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 _Copyright (c) 2015, ARM Limited and Contributors. All rights reserved._
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 58fc94ec..38c8cf85 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -76,6 +76,10 @@ ARM_XLAT_TABLES_LIB_V1		:=	0
 $(eval $(call assert_boolean,ARM_XLAT_TABLES_LIB_V1))
 $(eval $(call add_define,ARM_XLAT_TABLES_LIB_V1))
 
+# Use an implementation of SHA-256 with a smaller memory footprint but reduced
+# speed.
+$(eval $(call add_define,MBEDTLS_SHA256_SMALLER))
+
 # Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms
 ENABLE_PSCI_STAT		:=	1
 ENABLE_PMF			:=	1