Mbed forum

How to use STM32F437/STM32F439 hardware cryptoengine with mbed TLS

(Sami K) #1

Hello,

How mbed tls should be compiled so that it uses STM32F437 (or STM32F439) hardware cryptoengine for AES, (3)DES and SHA?

Is there some kind of configuration flag/define?
I assume that there’s already support for STM32F437/STM32F439 hardware acceleration and there’s no need to implement it by myself.

Is there need to use mbed os in addition to get hardware acceleration?

Or is the correct way to use polarSSL version provided by STMicroelectronics? This is fairly old (mbed tls v2.6.1)?

(Jaeden Amero) #2

Hi Sami,

There isn’t a need to use Mbed OS to get hardware acceleration, but it’s the most straightforward way. In Mbed OS, we (by default) enable all hardware acceleration available for your chosen target. For TARGET_STM32F437xG and TARGET_STM32F439xI, hardware acceleration is available in Mbed OS for AES, SHA1, SHA256, and MD5 (but not DES).

In general, hardware acceleration is enabled through the use of the ALT configuration options. For AES, SHA, and DES, these are: MBEDTLS_AES_ALT, MBEDTLS_SHA1_ALT, MBEDTLS_SHA256_ALT, and MBEDTLS_DES_ALT.

Enabling one of those options in your configuration file will cause Mbed TLS to look for source code implementing hardware acceleration support. Source files that implement the required functions need to be present (whether Mbed OS or not).

Regards,
Jaeden
Mbed TLS Team member

(Sami K) #3

Hello,

So how much exactly I have to manually configure&enable and write code to get hardware acceleration to work with mbed tls (when using STM32F437/STM32F439)?
I assume that atleast I have to figure out correct implementation to functions that are enabled by those MBEDTLS_x_ALT defines. Is this correct? Or is there some easier way?

Does Mbed OS make this configuration needless and somehow it configures mbed TLS to use those _ALT interfaces automatically?

PS. I’m not familiar with mbed OS, but I have tried mbed TLS.

(Jaeden Amero) #4

Hi Sami,

You can see how Mbed OS selects to use hardware acceleration in the configuration file used with STM32F439. You can also see the hardware acceleration code provided by ST to Mbed OS. With both implementation files and the configuration file all included in your build, Mbed TLS will select to use the hardware acceleration provided by the implementation files.

It’s up to you to ensure you have a hardware acceleration implementation in your build. After that, you can opt-in to using it by adding MBEDTLS_AES_ALT , MBEDTLS_SHA1_ALT , MBEDTLS_SHA256_ALT, or MBEDTLS_DES_ALT to your Mbed TLS configuration file. Mbed TLS does not provide any ALT implementations on its own (the hardware acceleration implementation comes from ST or Mbed OS or elsewhere).

Regards,
Jaeden
Mbed TLS Team member

(Sami K) #5

Hello,

Thank you for the advice and clarification!
I’ll study those.