Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-19 02:54:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(mbedtls): remove hash configs

Browse source 
After the upgrade to mbedtls 3.6.0, some of these configuation limitations
are no longer present.

Size chages:
build config | executable | Delta
-------------|------------|-------
tbb ecdsa    | bl1        |  -176
-------------|------------|-------
tbb rsa      | bl1        |  -192
             | bl2        | -4096
-------------|------------|-------
drtm         | romlib     |  -576
-------------|------------|-------
spm          | romlib     |  -576
-------------|------------|-------
mb384        | romlib     | -1016

Change-Id: I019bc59adc93cf95f6f28ace9579e7bf1e785b62
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
This commit is contained in:
Jimmy Brisson 2024-07-11 10:10:55 -05:00 committed by Manish V Badarkhe
parent cc4f383863
commit 48ee4995c5
2 changed files with 21 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
drivers/auth/mbedtls/mbedtls_common.mk
View file

@ -118,6 +118,14 @@ else
TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256
endif
ifeq (${MBOOT_EL_HASH_ALG}, sha256)
$(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA256))
else ifeq (${MBOOT_EL_HASH_ALG}, sha384)
$(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA384))
else ifeq (${MBOOT_EL_HASH_ALG}, sha512)
$(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
endif
ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA
else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)

30
include/drivers/auth/mbedtls/mbedtls_config-3.h
View file

@ -73,23 +73,17 @@
#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
#endif
/* The library does not currently support enabling SHA-256 without SHA-224. */
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
/*
* If either Trusted Boot or Measured Boot require a stronger algorithm than
* SHA-256, pull in SHA-512 support. Library currently needs to have SHA_384
* support when enabling SHA-512.
*/
#if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) /* TBB hash algo */
#define MBEDTLS_SHA384_C
#define MBEDTLS_SHA512_C
#else
/* TBB uses SHA-256, what about measured boot? */
#if defined(TF_MBEDTLS_MBOOT_USE_SHA512)
#define MBEDTLS_SHA384_C
#define MBEDTLS_SHA512_C
/* Enable hash algorithms based on TBB or Measured Boot */
#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256) || defined(TF_MBEDTLS_MBOOT_USE_SHA256)
#define MBEDTLS_SHA256_C
#endif
#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384) || defined(TF_MBEDTLS_MBOOT_USE_SHA384)
#define MBEDTLS_SHA384_C
#endif
#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512) || defined(TF_MBEDTLS_MBOOT_USE_SHA512)
#define MBEDTLS_SHA512_C
#endif
#define MBEDTLS_VERSION_C
@ -104,7 +98,9 @@
#endif
/* MPI / BIGNUM options */
#define MBEDTLS_MPI_WINDOW_SIZE 2
/* Note: Lower numbers trade longer execution time for less RAM allocation */
#define MBEDTLS_MPI_WINDOW_SIZE 1
#if TF_MBEDTLS_USE_RSA
#if TF_MBEDTLS_KEY_SIZE <= 2048