error "MBEDTLS_RSA_C defined, but not all prerequisites

Hello Anthony,

We have a earlier thread (+) Downsizing the TFM with PSA support - Nordic Q&A - Nordic DevZone - Nordic DevZone (nordicsemi.com) you can look at. Though they were not talking about removing RSA. I think it is not that stratight forward. However, I will check with the team and will let you know.

You can let me know if this discussion helps. 

Thanks.

BR

Kazi

I already attempted the approach of comparing the .config from the minimal and non-minimal build.  Just like the developer in the other thread, I found the TF-M is still very large and I'm looking for additional ways to shrink it.  Unfortunately many of the CONFIG values in the minimal .config are not directly settable.  

For now, I have a non-TFM version of this application working and will eventually continue to explore TF-M for 9160 in the 2.4.0 with TF-M in medium size mode.

Hi Anthony,

I will continue helping with this case.

As Einar says in the Thread linked by Kazi, our TF-M team had optimization of TF-M on their ageda.
To v2.4.0, the Crypto backend was changed, which helped a lot here.

And we are continuing to work on improving TF-M optimization and configurability.
Unfortunally we are not fully finished with it yet, and as you experience it can currently be complicated to reduce TF-M size for non-minimal use.

Here is some of an previous conversation I had with or devs:

Me:
"
A customer has asked me if I can help him minimize flash usage for TF-M with Protected Storage enabled.
Because of Protected Storage we can not use TFM_PROFILE_TYPE_MINIMAL, so we must use TFM_PROFILE_TYPE_SMALL and go from there right.
I have tried a bit of this, but other than Kconfig options, I am unsure where I can configure stuff.
Got any tips on how I can do this / where I can start?
"

Dev:

"
Hey Sigurd, we support TFM_PROFILE_TYPE_MINIMAL for the very minimal builds and then TFM_PROFILE_TYPE_NOT_SET for everything else. This is basically a custom profile. I good start is to check what crypto algorithms do they have enabled. At the moment we have cyrpto algorithms enabled by default which might not be used. So a good suggestion is to build with the option TFM_PROFILE_TYPE_NOT_SET enabled and check the autoconfig.h for PSA_WANT algorithms that they don't need, and remove everything unused. 
"
Me:
"

check the autoconfig.h for PSA_WANT algorithms that they don't need
If the application needs something or not, I can figure out.
But what about other systems PSA needs?
For example, is there a good way to find out which algorithms are needed for Protected Storage?
"

Dev:
"

What other systems needs depends on the systems.
We're working on improving this ... redacted ...
You can have a look here
github.com/.../11610

Simple test on the samples/crypto/hkdf TF-M image usage.

ncs/main: 157 KB

PR-psa-default-off: 117 KB

As you can see this is a lot of flash space saved.
You can look at that PR for what Protected storage needs. I think apart from that you can disable everything else, there are not a lot of users of the PSA crypto APIs yet.
"

So that is pretty much what we have at the moment.
It will get better in future releases, but I can not give specific details on that. As we use to say: Ask sales for timeline information.

Was this helpful?

Regards,
Sigurd Hellesvik

Hi Anthony,

I will continue helping with this case.

As Einar says in the Thread linked by Kazi, our TF-M team had optimization of TF-M on their ageda.
To v2.4.0, the Crypto backend was changed, which helped a lot here.

And we are continuing to work on improving TF-M optimization and configurability.
Unfortunally we are not fully finished with it yet, and as you experience it can currently be complicated to reduce TF-M size for non-minimal use.

Here is some of an previous conversation I had with or devs:

Me:
"
A customer has asked me if I can help him minimize flash usage for TF-M with Protected Storage enabled.
Because of Protected Storage we can not use TFM_PROFILE_TYPE_MINIMAL, so we must use TFM_PROFILE_TYPE_SMALL and go from there right.
I have tried a bit of this, but other than Kconfig options, I am unsure where I can configure stuff.
Got any tips on how I can do this / where I can start?
"

Dev:

"
Hey Sigurd, we support TFM_PROFILE_TYPE_MINIMAL for the very minimal builds and then TFM_PROFILE_TYPE_NOT_SET for everything else. This is basically a custom profile. I good start is to check what crypto algorithms do they have enabled. At the moment we have cyrpto algorithms enabled by default which might not be used. So a good suggestion is to build with the option TFM_PROFILE_TYPE_NOT_SET enabled and check the autoconfig.h for PSA_WANT algorithms that they don't need, and remove everything unused. 
"
Me:
"

check the autoconfig.h for PSA_WANT algorithms that they don't need
If the application needs something or not, I can figure out.
But what about other systems PSA needs?
For example, is there a good way to find out which algorithms are needed for Protected Storage?
"

Dev:
"

What other systems needs depends on the systems.
We're working on improving this ... redacted ...
You can have a look here
github.com/.../11610

Simple test on the samples/crypto/hkdf TF-M image usage.

ncs/main: 157 KB

PR-psa-default-off: 117 KB

As you can see this is a lot of flash space saved.
You can look at that PR for what Protected storage needs. I think apart from that you can disable everything else, there are not a lot of users of the PSA crypto APIs yet.
"

So that is pretty much what we have at the moment.
It will get better in future releases, but I can not give specific details on that. As we use to say: Ask sales for timeline information.

Was this helpful?

Regards,
Sigurd Hellesvik