• State Not Answered
  • Replies 3 replies
  • Subscribers 75 subscribers
  • Views 510 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 333550
Options

AES encryption on NRF52833 and NRF52840 with memory report problem on different NCS

Bartosz22

Hi, 
We are currently migrating our project, originally developed with NCS version 1.8.0, to the latest NCS 2.7.0, while incorporating MCUboot for both of them. During this process, I encountered an unusual issue related to memory size after compilation on the NRF52840 and NRF52833 MCUs, both with and without AES ECB encryption enabled for our specific data. Below, I have included screenshots of the memory reports and compiler outputs for the same codebase, compiled with NCS 1.8.0 and NCS 2.7.0 for both MCUs. Note that the base code remains identical across both NCS versions and both MCUs.

For NCS 1.8.0 for crypto I enabled this flags in prj.conf for both MCU's (NRF52833 and NRF52840) - as in examples for this tag on NCS crypto examples: 

CONFIG_MBEDTLS_LIBRARY_NRF_SECURITY=y
CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C=y
CONFIG_PSA_NATIVE_ITS=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192
CONFIG_FLASH=y
CONFIG_FLASH_PAGE_LAYOUT=y
CONFIG_FLASH_MAP=y
CONFIG_NVS=y
CONFIG_SETTINGS=y


For NCS 2.7.0 for crypto this flags are enabled in prj.conf for both MCU's (NRF52833 and NRF52840):

CONFIG_MBEDTLS_LIBRARY_NRF_SECURITY=y
CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
CONFIG_PSA_WANT_GENERATE_RANDOM=y
CONFIG_PSA_WANT_KEY_TYPE_AES=y
CONFIG_PSA_WANT_ALG_CBC_NO_PADDING=y
CONFIG_PSA_WANT_ALG_ECB_NO_PADDING=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
CONFIG_FLASH=y
CONFIG_FLASH_PAGE_LAYOUT=y
CONFIG_FLASH_MAP=y
CONFIG_NVS=y
CONFIG_SETTINGS=y
CONFIG_SETTINGS_NVS=y
CONFIG_TRUSTED_STORAGE=y


- Memory usage NCS 1.8.0 with NRF52833 without crypto:

- Memory usage NCS 1.8.0 with NRF52833 with crypto:

- Memory usage NCS 1.8.0 with NRF52840 without crypto:

- Memory usage NCS 1.8.0 with NRF52840 with crypto:

- Memory usage NCS 2.7.0 with NRF52833 without crypto:

- Memory usage NCS 2.7.0 with NRF52833 with crypto:

- Memory usage NCS 2.7.0 with NRF52840 without crypto:

- Memory usage NCS 2.7.0 with NRF52840 with crypto:

So for this memory usage I have few questions:

1) Why for older NCS 1.8.0 there is such difference in code size with and without crypto: about 73k for NRF52833 and 112k for NRF52840 ?

2) Why there is difference in size of code with crypto for NRF52833 and NRF52840 - I mean why adding crypto for NRF52833 adds about 73k and 112k for NRF5840 for NCS 1.8.0 and about 5k for NRF52833 and 15k for NRF52840 on NCS 2.7.0 ? 

3) Almost the same question as above but why code without crypto is different for both MCU's also on both NCS versions ? 

4) Why on old NCS 1.8.0 there is such big difference in code size with crypto (73k for NRF52833 and 112k for NRF52840) in compare to NCS 2.7.0 ? 

5) What this memory report means and why total size is so different than size showed after compilation on NCS 2.7.0 ? For example code for NRF52840 without crypto after compilation shows 102516B in terminal and memory report shows 147.45kB - what it means ? 

  • 0

    Hi,

    1) Why for older NCS 1.8.0 there is such difference in code size with and without crypto: about 73k for NRF52833 and 112k for NRF52840 ?

    In case of the nRF52833 cryto operations are done in software, and on the nRF52840 supported algorithms are done in hardware (CryptoCell CC310), but this also has a large runtime library that is included. So essentially you have two different implementations.

    2) Why there is difference in size of code with crypto for NRF52833 and NRF52840 - I mean why adding crypto for NRF52833 adds about 73k and 112k for NRF5840 for NCS 1.8.0 and about 5k for NRF52833 and 15k for NRF52840 on NCS 2.7.0 ? 

    There are a large number of significant changs from nRF Connect SDK 1.8.0 to 2.7.0 so I cannot say exactly what cause this other than that that is the result of the sum of differences.

    3) Almost the same question as above but why code without crypto is different for both MCU's also on both NCS versions ? 

    We need to digg into the details to know why. Appart from missing the crypto accelerator, the SoCs are quite similar, but there may be differences in your project configuration (there are also differences in the default configuration parameters in the different SDK versions).

    4) Why on old NCS 1.8.0 there is such big difference in code size with crypto (73k for NRF52833 and 112k for NRF52840) in compare to NCS 2.7.0 ? 

    We would need to look into the details. But again, ther are a very large number of differences. So I would not focus much on this. If you need to reduce the size of the 2.7.0 application you can look into optimizing that, and I would expect you should be ablet to get down to comparable nubmers to what you ad earlier (provided you do not add additional features, which may be the case here).

    5) What this memory report means and why total size is so different than size showed after compilation on NCS 2.7.0 ? For example code for NRF52840 without crypto after compilation shows 102516B in terminal and memory report shows 147.45kB - what it means ? 

    You should see the same numbers. But I see from the screenshot that you are building multiple images, so make sure you look at the memory report for he image you have built (for instance do not look at the memory report for the application and compare that with the size of mcuboot, etc).

  • 0 in reply to Einar Thorsrud

    1) But from what I see from datasheet of NRF52833 it have AES co-processor so all crypto operations are done in software ? 

    5) I still doesn't understand memory report, I will give example for NRF52833, I added some features and now after compilation I have flash usage 215856B without mcuboot which takes 32996B, I run arm-zephyr-eabi-size command and get total size of merged.hex file of 249700B which is about main app + mcuboot, but memory report shows total size of 261,37kB so can you explain how this memory usage is calculated ? Here are screens of the memory report, flash partitions configuration.

  • 0 in reply to Bartosz22

    Hi,

    Bartosz22 said:
    1) But from what I see from datasheet of NRF52833 it have AES co-processor so all crypto operations are done in software ? 

    Yes. It has two AES peripherals. The AES CCM module is used with the radio, for encrypting BLE traffic etc. The AES ECB peripheral can be used in principle but it it very specifc (it only does 128 bit AES ECB encryption). So it is not used by the crypto APIs in the SDK and in most cases it is not what you want (though there are exceptions).

    Bartosz22 said:
    can you explain how this memory usage is calculated ?

    The memory report in nRF Connet for VS code is  a graphical representation of the Zephyr memory reports, so you can look into that if you want to understand the details. In practice this is used for optimization, but to see the actual size of your binaries, you shoudl look at the hex files which is the real end result.

Related
Terms of service