TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / acd7bafcbbc1d97abc82551958cdba8d580e1f74^! / .
commitacd7bafcbbc1d97abc82551958cdba8d580e1f74[log] [tgz]
authorValerio Setti <valerio.setti@nordicsemi.no>Wed Dec 06 15:17:12 2023 +0100
committerValerio Setti <valerio.setti@nordicsemi.no>Wed Dec 06 15:17:12 2023 +0100
treea377c404db3a5a7bf89b10805ac9af6bc9ff7290
parent1e3fcc5692c776695b8e7190cfe17939e28499c1 [diff]
driver-only-build: update AEADs section

Note: this section shouldn't actually be updated in #8357, but
rather in #8358 which is the wrapup related to cipher and AEADs
accelaration. As a consequence we start the AEAD section with
a disclaimer explaining that the information written there will
be updated soon by a follow up PR.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md
index 200f439..2dcfe67 100644
--- a/docs/driver-only-builds.md
+++ b/docs/driver-only-builds.md

@@ -245,6 +245,9 @@
 AEADs
 -----
 
+[This section might contain incomplete data and it is going to be updated in
+#8358, i.e. the wrap-up task for accelerated ciphers and AEADs.]
+
 It is possible to have all AEADs operations provided only by a driver.
 
 More precisely you can:
@@ -252,15 +255,20 @@
   - `PSA_WANT_ALG_[CCM|GCM]` with `PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]`
   - `PSA_WANT_ALG_CHACHA20_POLY1305` with `PSA_WANT_KEY_TYPE_CHACHA20`;
 - enable `MBEDTLS_PSA_ACCEL_xxx` symbol(s) which correspond to the
-  `PSA_WANT_xxx` of the previous step;
-- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY]_C` algorithms and
-  key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs which are
-  accelerated.
+  `PSA_WANT_xxx` of the previous step (both for algorithms and key types);
+- disable builtin support of `MBEDTLS_[CCM|GCM|CHACHAPOLY|POLY1305]_C`
+  algorithms and key types `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C` for AEADs
+  which are accelerated.
 
-In such a build all AEADs operations requested through the PSA Crypto API
-(including those in TLS and X.509) will be performed by the provided driver.
-Of course direct calls to the disabled builtin modules
-(ex: `mbedtls_ccm_init()`, etc) won't be possible.
+In a build in which all AEADs algorithms and related key types are accelerated
+all AEADs operations requested through the PSA Crypto API (including those in
+TLS and X.509) will be performed by the driver.
+Moreover if no unauthenticated cipher is required, it is also possible to
+disable all built-in block cipher's key types
+(i.e. `MBEDTLS_[AES|ARIA|CAMELLIA|CHACHA20]_C`) and `MBEDTLS_CIPHER_C`. This
+helps in further reducing code's footprint, but unfortunately it makes the
+following modules unavailable:
+- `MBEDTLS_PKCS[5|12]_C`
+- `MBEDTLS_CTR_DRBG_C`
+- `MBEDTLS_NIST_KW_C`
 
-If no other non-authenticated cipher is required, it is also possible to
-disable `MBEDTLS_CIPHER_C` in order to further reduce code's footprint.