[PATCH v6 08/28] mbedtls: Enable smaller implementation for SHA256/512

Raymond Mao raymond.mao at linaro.org
Fri Aug 16 23:43:57 CEST 2024 

Smaller implementation for SHA256 and SHA512 helps to reduce the
ROM footprint though it has a certain impact on performance.
As a trade-off, enable it as a default config when MbedTLS is
enabled can reduce the target size significantly with acceptable
performace loss.

Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
---
Changes in v6
- Initial patch

 lib/mbedtls/Kconfig              | 24 ++++++++++++++++++++++++
 lib/mbedtls/mbedtls_def_config.h |  6 ++++++
 2 files changed, 30 insertions(+)

diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
index 12f8c965f5a..0e22edf1b6c 100644
--- a/lib/mbedtls/Kconfig
+++ b/lib/mbedtls/Kconfig
@@ -151,18 +151,42 @@ config SHA1_MBEDTLS
 config SHA256_MBEDTLS
 	bool "Enable SHA256 support with MbedTLS crypto library"
 	depends on MBEDTLS_LIB_CRYPTO && SHA256
+	select SHA256_SMALLER
 	help
 	  This option enables support of hashing using SHA256 algorithm
 	  with MbedTLS crypto library.
 
+if SHA256_MBEDTLS
+
+config SHA256_SMALLER
+	bool "Enable SHA256 smaller implementation with MbedTLS crypto library"
+	depends on SHA256_MBEDTLS
+	help
+	  This option enables support of hashing using SHA256 algorithm
+	  smaller implementation with MbedTLS crypto library.
+
+endif
+
 config SHA512_MBEDTLS
 	bool "Enable SHA512 support with MbedTLS crypto library"
 	depends on MBEDTLS_LIB_CRYPTO && SHA512
 	default y if TI_SECURE_DEVICE && FIT_SIGNATURE
+	select SHA512_SMALLER
 	help
 	  This option enables support of hashing using SHA512 algorithm
 	  with MbedTLS crypto library.
 
+if SHA512_MBEDTLS
+
+config SHA512_SMALLER
+	bool "Enable SHA512 smaller implementation with MbedTLS crypto library"
+	depends on SHA512_MBEDTLS
+	help
+	  This option enables support of hashing using SHA512 algorithm
+	  smaller implementation with MbedTLS crypto library.
+
+endif
+
 config SHA384_MBEDTLS
 	bool "Enable SHA384 support with MbedTLS crypto library"
 	depends on MBEDTLS_LIB_CRYPTO && SHA384
diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h
index 38de6b0b9af..750db8705e8 100644
--- a/lib/mbedtls/mbedtls_def_config.h
+++ b/lib/mbedtls/mbedtls_def_config.h
@@ -25,6 +25,9 @@
 
 #if CONFIG_IS_ENABLED(SHA256)
 #define MBEDTLS_SHA256_C
+#if CONFIG_IS_ENABLED(SHA256_SMALLER)
+#define MBEDTLS_SHA256_SMALLER
+#endif
 #endif
 
 #if CONFIG_IS_ENABLED(SHA384)
@@ -33,6 +36,9 @@
 
 #if CONFIG_IS_ENABLED(SHA512)
 #define MBEDTLS_SHA512_C
+#if CONFIG_IS_ENABLED(SHA512_SMALLER)
+#define MBEDTLS_SHA512_SMALLER
+#endif
 #endif
 
 #endif /* CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO) */
-- 
2.25.1

More information about the U-Boot mailing list