[
https://issues.apache.org/jira/browse/MYNEWT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15782583#comment-15782583
]
Simon Ratner commented on MYNEWT-523:
-------------------------------------
For reference, here is the mbedtls config I used for EC:
{noformat}
#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H
/* System support */
#define MBEDTLS_HAVE_ASM
//#define MBEDTLS_HAVE_TIME
//#define MBEDTLS_HAVE_TIME_DATE
/* Use only specific elliptic curves */
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
/* Significant speed benefit at the expense of some ROM */
//#define MBEDTLS_ECP_NIST_OPTIM
/* mbed TLS entropy support */
#define MBEDTLS_ENTROPY_HARDWARE_ALT
/* No default entropy platfrom */
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
#define MBEDTLS_NO_PLATFORM_ENTROPY
/* Use SHA-256 with lower ROM footprint, but also lower performance */
#define MBEDTLS_SHA256_SMALLER
/* Enable self test */
//#define MBEDTLS_SELF_TEST
/* mbed TLS modules */
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
//#define MBEDTLS_ECDH_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
//#define MBEDTLS_ERROR_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
//#define MBEDTLS_RSA_C
#define MBEDTLS_SHA256_C
//#define MBEDTLS_VERSION_C
/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_ECP_MAX_BITS 256
#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits are 32 bytes (Bignum support)
/* Save RAM at the expense of speed, see ecp.h */
#define MBEDTLS_ECP_WINDOW_SIZE 4
#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
#define MBEDTLS_ENTROPY_MAX_SOURCES 2
#define MBEDTLS_SSL_CIPHERSUITES
#include "mbedtls/check_config.h"
/* Some code assumes that including mbedtls will also include some system
* headers; with most features disabled, that assumption doesn't hold. */
#include <string.h>
#endif /* MBEDTLS_CONFIG_H */
{noformat}
{noformat}
$ newt size nrf51_boot
Size of Application Image: app
FLASH RAM
42 192 *fill*
94 0 apps_boot.a
2777 4000 boot_bootutil.a
128 0 crt0.o
8 0 crti.o
16 0 crtn.o
13548 4 crypto_mbedtls.a
695 496 hw_bsp_nrf51-blenano.a
52 0 hw_cmsis-core.a
303 0 hw_drivers_uart_uart_hal.a
386 0 hw_hal.a
2289 64 hw_mcu_nordic_nrf51xxx.a
2193 456 kernel_os.a
12 84 lib_keys.a
482 32 libc_baselibc.a
76 0 libg_nano.a
1296 0 libgcc.a
72 0 nrf51_boot-sysinit-app.a
533 128 sys_flash_map.a
318 12 sys_mfg.a
objsize
text data bss dec hex filename
25320 160 4876 30356 7694
bin/targets/nrf51_boot/app/apps/boot/boot.elf
{noformat}
> boot - boot loader with BOOTUTIL_SIGN_RSA/EC is too large
> ---------------------------------------------------------
>
> Key: MYNEWT-523
> URL: https://issues.apache.org/jira/browse/MYNEWT-523
> Project: Mynewt
> Issue Type: Bug
> Components: Bootloader
> Affects Versions: v1_0_0_beta1
> Reporter: Simon Ratner
> Assignee: Marko Kiiskila
>
> With image signatures enabled, boot loader weighs in at ~25kB, which is too
> big for both the nrf51 and nrf52. Even disabling most of mbedtls and only
> keeping minimum required features still comes to ~20kB.
> Without signature support, boot loader is ~12kB.
> Maybe consider secp256r1 with tinycrypt as an option for smaller footprint?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
