Hi Nordic team, I would like to compare the differences between hardware-accelerated and software-based encryption to encrypt a small message. When I tried the crypto example, I was unsure whether I was using the hardware crypto engine. When I looked at the library documentation, I got confused about the different components and layers of implementation. Before moving into my main question, I would like to clarify my understanding of Crypto Library and CryptoCell. As far as I understand, the PSA API comes from the TFM side. It requires underly drivers to support crypto operations, namely the Arm CryptoCell cc3xx binary and nrf_oberon binary. My Questions are: Only the CryptoCell cc3xx driver utilizes CC310 to perform crypto operations, while the Oberon driver performs the operations by the MCU Core? Do all crypto samples by default utilize CC310? It mentioned in the documentation, [CONFIG_HW_CC3XX] has a default value of y. In my project, this value is n due to TRUSTED_EXECUTION_NONSECURE =n, what is the implication of this? What is the difference between [ CONFIG_PSA_CRYPTO_DRIVER_CC3XX ] [CONFIG_HW_CC3XX] and [CONFIG_CC3XX_BACKEND] ? How can I correctly configure to use either hardware-accelerated or software-based implementation? Does the current PSA AIP support to use along with KMU? Best Regards, Anthony

Utilizing hardware-accelerated or software-based PSA Crypto API

Hi Nordic team,

I would like to compare the differences between hardware-accelerated and software-based encryption to encrypt a small message. When I tried the crypto example, I was unsure whether I was using the hardware crypto engine. When I looked at the library documentation, I got confused about the different components and layers of implementation. Before moving into my main question, I would like to clarify my understanding of Crypto Library and CryptoCell.

As far as I understand, the PSA API comes from the TFM side. It requires underly drivers to support crypto operations, namely the Arm CryptoCell cc3xx binary and nrf_oberon binary.

My Questions are:

Only the CryptoCell cc3xx driver utilizes CC310 to perform crypto operations, while the Oberon driver performs the operations by the MCU Core?
Do all crypto samples by default utilize CC310?
It mentioned in the documentation, [CONFIG_HW_CC3XX] has a default value of y. In my project, this value is n due to TRUSTED_EXECUTION_NONSECURE =n, what is the implication of this?
What is the difference between [CONFIG_PSA_CRYPTO_DRIVER_CC3XX][CONFIG_HW_CC3XX]and [CONFIG_CC3XX_BACKEND]?
How can I correctly configure to use either hardware-accelerated or software-based implementation?
Does the current PSA AIP support to use along with KMU?

Best Regards,
Anthony

Parents

0 dejans over 1 year ago

Hi,

Which board do you use?

Which NRF Connect SDK version do you use?

In my project,

Is your project based on any of the crypto samples?

When I tried the crypto example, I was unsure whether I was using the hardware crypto engine.

Which sample did you try?

Best regards,
Dejan
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 dejans over 1 year ago

Hi,

Which board do you use?

Which NRF Connect SDK version do you use?

In my project,

Is your project based on any of the crypto samples?

When I tried the crypto example, I was unsure whether I was using the hardware crypto engine.

Which sample did you try?

Best regards,
Dejan
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data