Skip to content

Commit

Permalink
mbedtls: reduce heap usage when building PSA crypto
Browse files Browse the repository at this point in the history 
By default PSA crypto library copies all the buffers that are passed
in into the heap before further processing them. This is required
when the PSA crypto library is on the secure side and it accepts
buffers from a non-secure code. However this case in Zephyr
is already handled by TF-M, so when the PSA crypto library is
built (CONFIG_MBEDTLS_PSA_CRYPTO_C) then it will be on the
non-secure side. Therefore this malloc copy is useless and
it consumes heap memory. Setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
at Mbed TLS build time helps in removing this mechanism and
it saves heap memory.

(cherry picked from commit 11920e3)

Original-Signed-off-by: Valerio Setti <vsetti@baylibre.com>
GitOrigin-RevId: 11920e3
Change-Id: I626d40b4afcb809f13deda4f85d4665006cfc335
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/zephyr/+/5569732
Tested-by: Fabio Baltieri <fabiobaltieri@google.com>
Reviewed-by: Fabio Baltieri <fabiobaltieri@google.com>
Tested-by: ChromeOS Prod (Robot) <chromeos-ci-prod@chromeos-bot.iam.gserviceaccount.com>
Commit-Queue: Fabio Baltieri <fabiobaltieri@google.com>
  • Loading branch information
@valeriosetti
valeriosetti authored and Chromeos LUCI committed May 24, 2024
1 parent 1eca5d2 commit 93e36a0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions modules/mbedtls/configs/config-tls-generic.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -473,6 +473,7 @@

#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_C)
#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS

#if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_PICOLIBC)
#define MBEDTLS_PSA_KEY_SLOT_COUNT 64
Expand Down

0 comments on commit 93e36a0

Please sign in to comment.