Advanced backend configuration¶

AES tables in ROM
Fewer AES tables
Multiple Precision Integers (MPI) / Bignum calculation
Elliptic Curves
SHA-256
SSL Configurations

The advanced configuration section in Kconfig can be used to fine-tune the build of specific backends. For example, the options available in the advanced configuration section can help to reduce the memory usage and/or flash footprint of the Original Mbed TLS backend.

Actual size reductions depend on the option being adjusted.

Before modifying the default settings, see this article on reducing Mbed TLS memory and storage footprint.

Note

The settings available in the advanced configuration section are not validated. Adjust these settings with caution.

AES tables in ROM ¶

You can set the CONFIG_MBEDTLS_AES_ROM_TABLES Kconfig variable to place the AES lookup tables in ROM instead of RAM. This decreases the RAM usage by about 8 KB with an additional cost of about 8 KB of ROM. Note that executing operations in ROM is slower. If the configuration CONFIG_MBEDTLS_AES_FEWER_TABLES is set, then the size moved from RAM to ROM is about 2 KB.

Option	Default	Min	Max
`CONFIG_MBEDTLS_AES_ROM_TABLES`	n	n	y

Note

This configuration is only available in Original Mbed TLS backend.

Fewer AES tables ¶

The CONFIG_MBEDTLS_AES_FEWER_TABLES Kconfig variable controls the size of the AES lookup tables in use. Enabling this omits about 75% of the AES tables in RAM or ROM. If the option is enabled, AES must perform more calculations, which impacts the overall performance.

Option	Default	Min	Max
`CONFIG_MBEDTLS_AES_FEWER_TABLES`	n	n	y

Note

This configuration is only available in Original Mbed TLS backend.

Multiple Precision Integers (MPI) / Bignum calculation ¶

The CONFIG_MBEDTLS_MPI_WINDOW_SIZE Kconfig variable controls the window size used in Mbed TLS for MPI calculations. Reduce this value to reduce memory usage. Note that reducing this this value may have an impact on the performance.

The CONFIG_MBEDTLS_MPI_MAX_SIZE Kconfig variable controls the maximum size of MPIs that can be used for calculation. Reduce this value only if you are sure that the system will not need larger sizes.

Option	Default	Min	Max
`CONFIG_MBEDTLS_MPI_WINDOW_SIZE`	6	1	6
`CONFIG_MBEDTLS_MPI_MAX_SIZE`	1024	0	1024

Note

This configuration is only available in cc310 backend and Original Mbed TLS backend.

Elliptic Curves ¶

The CONFIG_MBEDTLS_ECP_MAX_BITS Kconfig variable controls the largest elliptic curve supported in the library.

If the curves that are used are smaller than 521 bits, then this option can be reduced in order to save memory. See ECC curves configurations for information on how to select the curves to use. For example, if NIST secp384r1 is the only curve enabled, then CONFIG_MBEDTLS_ECP_MAX_BITS can be reduced to 384 bits.

The CONFIG_MBEDTLS_ECP_WINDOW_SIZE Kconfig variable controls the window size used for elliptic curve multiplication. This value can be reduced down to 2 to reduce memory usage. Keep in mind that reducing the value impacts the performance of the system.

The CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM Kconfig variable controls ECP fixed point optimizations. If disabled, the system uses less memory, but performance of the system is reduced.

Option	Default	Min	Max
`CONFIG_MBEDTLS_ECP_MAX_BITS`	521	0	521
`CONFIG_MBEDTLS_ECP_WINDOW_SIZE`	6	2	6
`CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM`	y	n	y

Note

This configuration is only available in cc310 backend and Original Mbed TLS backend.

SHA-256 ¶

The CONFIG_MBEDTLS_SHA256_SMALLER Kconfig variable can be used to select a SHA-256 implementation with smaller footprint. Such configuration reduces SHA-256 calculation performance.

For example, on a Cortex-M4, the size of mbedtls_sha256_process() is reduced from ~2 KB to ~0.5 KB, however it also performs around 30% slower.

Option	Default	Min	Max
`CONFIG_MBEDTLS_SHA256_SMALLER`	n	n	y

Note

This configuration is only available in Original Mbed TLS backend.

SSL Configurations ¶

The CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN Kconfig variable can be used to specify the maximum size for incoming and outgoing Mbed TLS I/O buffers. The default value is 16384 as specified in RFC5246, however if both sides are under your control, this value can safely be reduced under the following conditions:

Both sides support the max_fragment_length SSL extension, RFC8449. The max_fragment_length allows for buffer reduction to less than 1 KB.
Knowledge of the maximum size that will ever be sent in a single SSL/TLS frame.

If one of those conditions is met, the buffer size can safely be reduced to a more appropriate value for memory constrained devices.

The CONFIG_MBEDTLS_SSL_CIPHERSUITES Kconfig variable is a custom list of cipher suites to support in SSL/TLS. The cipher suites are provided as a comma-separated string, in order of preference. This list can only be used for restricting cipher suites available in the system.

Option	Type	Default	Min	Max
`CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN`	Integer	16384	0	16384
`CONFIG_MBEDTLS_SSL_CIPHERSUITES`	String	<empty>

Note

The string in CONFIG_MBEDTLS_SSL_CIPHERSUITES should not be quoted.

Advanced backend configuration¶

AES tables in ROM¶

Fewer AES tables¶

Multiple Precision Integers (MPI) / Bignum calculation¶

Elliptic Curves¶

SHA-256¶

SSL Configurations¶

AES tables in ROM ¶

Fewer AES tables ¶

Multiple Precision Integers (MPI) / Bignum calculation ¶

Elliptic Curves ¶

SHA-256 ¶

SSL Configurations ¶