diff options
author | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2017-05-24 14:11:07 +0100 |
---|---|---|
committer | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2017-05-24 14:17:02 +0100 |
commit | d77b98cabf228b277af2bc5e5ea9c4b221a6cd7b (patch) | |
tree | b3a175b0c131de46d6920c670bb767d7c1ca34e0 | |
parent | ab1794f57659a77ad66defbc7ea5cb8afb920b2f (diff) |
mbedtls: Use `MBEDTLS_SHA256_SMALLER` in ARM platforms
This options enables an implementation of SHA-256 that has a smaller
code footprint (~1.6 KB less) but is also ~30% slower. For ARM
platforms, code size is currently considered more important than
execution speed in the mbed TLS crypto module.
Added a small note about this option to the documentation of the
authentication framework.
Change-Id: I4c0b221ea5d3466465261316ba07b627fa01b233
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
-rw-r--r-- | docs/auth-framework.md | 6 | ||||
-rw-r--r-- | plat/arm/common/arm_common.mk | 4 |
2 files changed, 9 insertions, 1 deletions
diff --git a/docs/auth-framework.md b/docs/auth-framework.md index 531505bf..b416acfc 100644 --- a/docs/auth-framework.md +++ b/docs/auth-framework.md @@ -909,9 +909,13 @@ int verify_hash(void *data_ptr, unsigned int data_len, ``` The key algorithm (rsa, ecdsa) must be specified in the build system using the -`MBEDTLS_KEY_ALG` variable, so the Makefile can include the corresponding +`TF_MBEDTLS_KEY_ALG` variable, so the Makefile can include the corresponding sources in the build. +Note: If code size is a concern, the build option `MBEDTLS_SHA256_SMALLER` can +be defined in the platform Makefile. It will make mbed TLS use an implementation +of SHA-256 with smaller memory footprint (~1.5 KB less) but slower (~30%). + - - - - - - - - - - - - - - - - - - - - - - - - - - _Copyright (c) 2015, ARM Limited and Contributors. All rights reserved._ diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 58fc94ec..38c8cf85 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -76,6 +76,10 @@ ARM_XLAT_TABLES_LIB_V1 := 0 $(eval $(call assert_boolean,ARM_XLAT_TABLES_LIB_V1)) $(eval $(call add_define,ARM_XLAT_TABLES_LIB_V1)) +# Use an implementation of SHA-256 with a smaller memory footprint but reduced +# speed. +$(eval $(call add_define,MBEDTLS_SHA256_SMALLER)) + # Enable PSCI_STAT_COUNT/RESIDENCY APIs on ARM platforms ENABLE_PSCI_STAT := 1 ENABLE_PMF := 1 |