Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 9ce5eb4a57f5ae16c9b5d9e306da335d665d685a^! / . / include / drivers / auth / mbedtls / mbedtls_config-3.h
commit9ce5eb4a57f5ae16c9b5d9e306da335d665d685a[log] [tgz]
authorJimmy Brisson <jimmy.brisson@arm.com>Thu Jul 11 10:10:55 2024 -0500
committerManish V Badarkhe <manish.badarkhe@arm.com>Wed Sep 04 10:55:15 2024 +0200
treed2477453b111d0aba706e2888cb4ed3518628e81
parent5fc97caa88a1266be6893352395aed3acfe46eb4 [diff] [blame]
chore(mbedtls): remove hash configs

After the upgrade to mbedtls 3.6.0, some of these configuation limitations
are no longer present.

Size chages:
build config | executable | Delta
-------------|------------|-------
tbb ecdsa    | bl1        |  -176
-------------|------------|-------
tbb rsa      | bl1        |  -192
             | bl2        | -4096
-------------|------------|-------
drtm         | romlib     |  -576
-------------|------------|-------
spm          | romlib     |  -576
-------------|------------|-------
mb384        | romlib     | -1016

Change-Id: I019bc59adc93cf95f6f28ace9579e7bf1e785b62
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

diff --git a/include/drivers/auth/mbedtls/mbedtls_config-3.h b/include/drivers/auth/mbedtls/mbedtls_config-3.h
index 37a9288..6ed9397 100644
--- a/include/drivers/auth/mbedtls/mbedtls_config-3.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config-3.h

@@ -73,23 +73,17 @@
 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 #endif
 
-/* The library does not currently support enabling SHA-256 without SHA-224. */
-#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA256_C
-/*
- * If either Trusted Boot or Measured Boot require a stronger algorithm than
- * SHA-256, pull in SHA-512 support. Library currently needs to have SHA_384
- * support when enabling SHA-512.
- */
-#if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) /* TBB hash algo */
-#define MBEDTLS_SHA384_C
-#define	MBEDTLS_SHA512_C
-#else
-   /* TBB uses SHA-256, what about measured boot? */
-#if defined(TF_MBEDTLS_MBOOT_USE_SHA512)
-#define MBEDTLS_SHA384_C
-#define MBEDTLS_SHA512_C
+/* Enable hash algorithms based on TBB or Measured Boot */
+#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256) || defined(TF_MBEDTLS_MBOOT_USE_SHA256)
+    #define MBEDTLS_SHA256_C
 #endif
+
+#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384) || defined(TF_MBEDTLS_MBOOT_USE_SHA384)
+    #define MBEDTLS_SHA384_C
+#endif
+
+#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512) || defined(TF_MBEDTLS_MBOOT_USE_SHA512)
+    #define MBEDTLS_SHA512_C
 #endif
 
 #define MBEDTLS_VERSION_C
@@ -104,7 +98,9 @@
 #endif
 
 /* MPI / BIGNUM options */
-#define MBEDTLS_MPI_WINDOW_SIZE			2
+
+/* Note: Lower numbers trade longer execution time for less RAM allocation */
+#define MBEDTLS_MPI_WINDOW_SIZE			1
 
 #if TF_MBEDTLS_USE_RSA
 #if TF_MBEDTLS_KEY_SIZE <= 2048