• State Verified Answer
  • Replies 2 replies
  • Subscribers 75 subscribers
  • Views 736 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 301003
Options

nRF Connect SDK 2.2 + nrf9160: SHA256 hash calculation when TF-M minimal is used

Peter

Dear All,

we switched from nRF Connect SDK 1.9.1 to SDK 2.2 and now stuck on a problem with SHA256 hash calculation. Our application is based on the asset tracker V2 sample and therefore TF-M is activated since SDK 2.2 and set to type minimal (CONFIG_TFM_PROFILE_TYPE_MINIMAL=y). Up to now, we used these two function to initialize the crypto unit and calculate the hash:

------------------------------------------------------------------------------

int crypto_init(void) {
  psa_status_t status;

  /* Initialize PSA Crypto */
  status = psa_crypto_init();
  if (status != PSA_SUCCESS)
    return APP_ERROR;

  return APP_SUCCESS;
}
int auth_calculate_uuid_sha256(void) {
  uint32_t olen;
  psa_status_t status;

  /* Calculate the SHA256 hash */
  status = psa_hash_compute(PSA_ALG_SHA_256,
      auth_data.uuid,
      strlen(auth_data.uuid),
      auth_request.uuid_hash,
      sizeof(auth_request.uuid_hash),
      &olen);
  if (status != PSA_SUCCESS) {
    LOG_ERR("psa_hash_compute failed! (Error: %d)", status);
    return APP_ERROR;
  }
------------------------------------------------------------------------------------------------------------------------------
With SDK 2.2 the function auth_calculate_uuid_sha256() returns error -134 (-> not supported). In my understandig the reason for this error is the fact that TF-M minimal does not contain the hash module. But when switching from TF-M type "minimal" to TF-M type "not defined" the TF-M image doesn't fit into flash anymore (bin size increased fron 47k to ~220k).
So can you please give us a hint how to get SHA256 hash calculation working with TF-M type minimal activated? That would be verry helpfull.
Best regards,
Peter 
Parents
  • +1

    Hi,

    You could start by looking at PSA driver support and driver configurations. You could consider searching for some SHA256 software implementation online.

    With regard to the used flash size, when switching from minimal TF-M to TF-M which has support for several crypto operations, there are few things you could check to see if there are some TF-M features that are not needed by the application. First, you could examine changes in build/zephyr/.config. Second, you could look at CMakeCache.txt of the TF-M build. Lastly you could inspect .map file of the TF-M.

    Best regards,
    Dejan

Reply
  • +1

    Hi,

    You could start by looking at PSA driver support and driver configurations. You could consider searching for some SHA256 software implementation online.

    With regard to the used flash size, when switching from minimal TF-M to TF-M which has support for several crypto operations, there are few things you could check to see if there are some TF-M features that are not needed by the application. First, you could examine changes in build/zephyr/.config. Second, you could look at CMakeCache.txt of the TF-M build. Lastly you could inspect .map file of the TF-M.

    Best regards,
    Dejan

Children
Related
Terms of service