CONFIG_MBEDTLS_SHA256_SMALLER

Use SHA256 small footprint implementation

Enable smaller SHA-256 implementation

Type: bool

Help

Use a SHA-256 implementation with smaller footprint. Note, that this implementation will also have a lower performance. On a Cortex-M4 the size of mbedtls_sha256_process() will be reduced from ~2KB to ~0.5KB, however it will also perform around 30% slower. MBEDTLS_SHA256_SMALLER setting in mbed TLS config file.

Help

Enable an implementation of SHA-256 that has lower ROM footprint but also lower performance

Direct dependencies

(VANILLA_MBEDTLS_SHA256_C && NRF_SECURITY_ADVANCED && NRF_SECURITY_ANY_BACKEND && NORDIC_SECURITY_BACKEND) || (MBEDTLS_MAC_SHA256_ENABLED && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = “config-tls-generic.h” && MBEDTLS)

(Includes any dependencies from ifs and menus.)

Default

  • y

Kconfig definitions

At <nrfxlib>/nrf_security/Kconfig:1497

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:9<BuildDir>/Kconfig/Kconfig.modules:5<nrfxlib>/Kconfig.nrfxlib:13

Menu path: (Top) → Modules → Nordic nrfxlib → Nordic Security → Use Nordic provided security backend → Advanced mbed TLS Configuration Settings

config MBEDTLS_SHA256_SMALLER
    bool "Use SHA256 small footprint implementation"
    depends on VANILLA_MBEDTLS_SHA256_C && NRF_SECURITY_ADVANCED && NRF_SECURITY_ANY_BACKEND && NORDIC_SECURITY_BACKEND
    help
      Use a SHA-256 implementation with smaller footprint.
      Note, that this implementation will also have a lower performance.
      On a Cortex-M4 the size of mbedtls_sha256_process() will be reduced from ~2KB to ~0.5KB,
      however it will also perform around 30% slower.
      MBEDTLS_SHA256_SMALLER setting in mbed TLS config file.

At <Zephyr>/modules/Kconfig.tls-generic:264

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:10<Zephyr>/modules/Kconfig:17<Zephyr>/modules/Kconfig.mbedtls:44

Menu path: (Top) → Modules → mbedTLS Support → TLS configuration → Ciphersuite configuration → Enable the SHA-224 and SHA-256 hash algorithms

config MBEDTLS_SHA256_SMALLER
    bool "Enable smaller SHA-256 implementation"
    default y
    depends on MBEDTLS_MAC_SHA256_ENABLED && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS
    help
      Enable an implementation of SHA-256 that has lower ROM footprint but also
      lower performance

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)