-
Notifications
You must be signed in to change notification settings - Fork 48
Code Footprint
Final code footprint depends on many factors, such as target compiler, compilation flags; e.g. with or without code optimization, used applications, third-party crypto library to support the shielded communication, usage of the shielded communication itself, or I2C frame buffer size.
For the table below we used DAVE™ build-in compiler (ARM GCC) for the XMC4800 IoT Connectivity Kit. All numbers are aprox. The setup based on the Get Started Guide (SHA Fingerprint b6ae6d8).
The following generated map files were used for calculations:
- ECC; Protected Update; RND; TLS PRF; RSA; Shielded Communication, -s Optimisation
- ECC; Protected Update; RND; TLS PRF; NO RSA; Shielded Communication, -s Optimisation
- ECC; Protected Update; RND; TLS PRF; NO RSA; NO Shielded Communication, -s Optimisation
| A generic module | FLASH/RAM in kB | Part of the module | FLASH in kB | RAM1 in kB |
|---|---|---|---|---|
| OPTIGA™ Trust M hostcode | 25.2 / 11.5 2 | Core Functions3 | 2.7 | 2.9 |
| ECC; Protected Update; RND; TLS PRF | 5.2 | |||
| RSA | 1.4 | |||
| Infineon I2C protocol3 | 3.7 | |||
|
Shielded Connection + 3rd party crypto |
4 + 8.2 | 8.6 |
1 Compile time memory allocation (.bss and .data sections, no heap included if it's used)
2 Values include all features and mbed TLS as the third-party crypto provider
3 Mandatory modules, all others are optional.
The Software Framework offers a way to optimize the final code footprint depending on the use case. Below are the security chip features which you might want to control (the features of the chip itself aren't blocked, instead the code is compiled excluding/including selected options).
The OPTIGA_COMMS_SHIELDED_CONNECTION macro enables or disables the shielded communication. Don't forget to excluded the pal_crypt provider; e.g. pal_crypt_mbedtls.c, from your build together with the crypto library; e.g.mbedtls, if it's not used in your project.
Note: some of this functions can be used only in conjunction with shielded connection (RSA encrypt/decrypt)
- OPTIGA_CRYPT_RSA_GENERATE_KEYPAIR_ENABLED OPTIGA CRYPT RSA generate keypair feature enable/disable macro
- OPTIGA_CRYPT_RSA_SIGN_ENABLED OPTIGA CRYPT RSA sign feature enable/disable macro
- OPTIGA_CRYPT_RSA_VERIFY_ENABLED OPTIGA CRYPT RSA verify sign feature enable/disable macro
- OPTIGA_CRYPT_RSA_ENCRYPT_ENABLED OPTIGA CRYPT RSA Encrypt feature enable/disable macro
- OPTIGA_CRYPT_RSA_DECRYPT_ENABLED OPTIGA CRYPT RSA Decrypt feature enable/disable macro
- OPTIGA_CRYPT_RSA_PRE_MASTER_SECRET_ENABLED OPTIGA CRYPT RSA pre-master feature enable/disable macro
- OPTIGA_CRYPT_ECC_GENERATE_KEYPAIR_ENABLED OPTIGA CRYPT ECC generate keypair feature enable/disable macro
- OPTIGA_CRYPT_ECDSA_SIGN_ENABLED OPTIGA CRYPT ECDSA signature feature enable/disable macro
- OPTIGA_CRYPT_ECDSA_VERIFY_ENABLED OPTIGA CRYPT verify ECDSA signature feature enable/disable macro
- OPTIGA_CRYPT_ECDH_ENABLED OPTIGA CRYPT ECDH feature enable/disable macro
- OPTIGA_CRYPT_RANDOM_ENABLED OPTIGA CRYPT random number generation feature enable/disable macro
- OPTIGA_CRYPT_HASH_ENABLED OPTIGA CRYPT hash feature enable/disable macro
- OPTIGA_CRYPT_TLS_PRF_SHA256_ENABLED OPTIGA CRYPT TLS PRF sha256 feature enable/disable macro
Decrease memory for the maximum context registrations. Find it [here](https://github.com/Infineon/optiga-trust-m/blob/e642d47835861c88463f557ff289ba8ce7e61364/optiga/include/optiga/optiga_lib_config_m_v3.h#L122)
#define OPTIGA_CMD_MAX_REGISTRATIONS (0x06)Decrese maxmum communicaiton buffer size. Find it [here](https://github.com/Infineon/optiga-trust-m/blob/e642d47835861c88463f557ff289ba8ce7e61364/optiga/include/optiga/optiga_lib_config_m_v3.h#L124)
#define OPTIGA_MAX_COMMS_BUFFER_SIZE (0x615) //1557 in decimal