• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 218 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM2432: Using hardware crypto accelerator with mbedTLS on AM2432

Akihiro Tamura
Prodigy 60 points

Part Number: AM2432

Tool/software:

Hello,

In our product under development, we are trying to implement an HTTPS-enabled web server.

However, we observed that as soon as a client connects to the web server, CPU usage increases significantly, and other tasks are affected.

It seems that the TLS handshake is taking considerable time.

Since the AM2432 has hardware accelerators for cryptographic operations, I would like to know:

  • Is it possible to use the hardware crypto accelerator with mbedTLS on AM2432?

  • If so, could you provide guidance or references on how to enable or configure it?

For development, we are using INDUSTRIAL-COMMUNICATIONS-SDK-AM243X 11.00.00.08.

Thank you in advance for your support.

  • 0
    TI__Expert 6480 points

    Hi,

    It is possible to use hardware crypto accelerator for mBedTLS. But currently, we do not have a reference design or an example which implements this feature. To achieve this, one would need to route the calls from mBedTLS to HSM and integrate the pipeline. Currently this is not planned as part of the development activities from TI. 

    So, it is feasible to enable it, but the activity needs some time for designing the system, and implement it. If this activity is planned by your development, TI can support queries related to implementation.

    Regards,
    Teja.

  • 0 in reply to Teja Rowthu
    Prodigy 60 points

    Hello  ,

    Thank you for your previous response regarding the possibility of using the hardware crypto accelerator with mbedTLS on AM2432.

    While exploring the SDK (INDUSTRIAL-COMMUNICATIONS-SDK-AM243X 11.00.00.08), I found the following header file:

    mcu_plus_sdk\source\networking\mbedtls_library\mbedtls_ti\alt_config.h
    In this file, several #define macros related to hardware acceleration are present but commented out. The comments suggest that these macros are intended for enabling hardware crypto acceleration.

    My questions are:

    1. If we enable these macros in alt_config.h, will mbedTLS automatically start using the hardware crypto accelerator?

    2. Or are these definitions placeholders that require additional integration work (e.g., routing calls to HSM as you mentioned earlier)?

    3. If additional integration is needed, could you please clarify what parts of the system we need to modify (mbedTLS glue code, driver layer, etc.)?

    This will help us to better estimate the effort required to enable hardware acceleration for TLS handshakes.

    Thank you again for your support.

  • 0 in reply to Akihiro Tamura
    TI__Expert 6480 points

    Hi,

    As per what was earlier implemented, these are only placeholders and need additional integration to bring up the functionality. Regarding the details on what are needed to be implemented for enabling hardware offloading, we need some time to evaluate the requirements. I will check with this info and let you know the details in 2 working days. 

    Regards,
    Teja.