FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Question on Trust Zone performances

gabriele_chiodi
Associate

‎2023-05-11 07:39 AM

Hi, I’m working on a STM32L552ZEQ.

My goal is to generate a pair of RSA keys of 2048 bits using the Trust Zone.

Before start using the Trust Zone, I wrote the code to generate the RSA key pair (of 2048 bits) without the Trust Zone, and the average time for the generation is about 50 seconds (clock frequency set to 110MHZ).

After that I tried to do the same thing but this time using the Trust Zone. The configurations are the same, but with the Trust Zone enabled it takes more than 20 minutes to generate the RSA key pair.

In order to check this behaviour I wrote a simple "for loop" (with inside a malloc) and compared the execution time between the "secure" code and the "non secure" code.

The result is that the "for loop" executed inside the "secure" code is about 25 times slower than the "for loop" executed inside the "non secure" code.

Is that possibile?

Maybe I'm wrong but I have not found this reduction of performances explained inside the documentation of the MCU.

Thanks in advance.

Labels:
3 REPLIES 3
Bubbles
ST Employee

‎2023-06-12 06:44 AM

Hello @gabriele_chiodi​,

normally there is no significant performance drop associated with use of TZ.

There may be some problem with configuration, this is not a normal behavior.

Maybe try some examples from the Cube package and compare the performance with your code.

Br,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

gabriele_chiodi
Associate

‎2023-07-06 05:10 AM

Thanks, I recognized later that I've missed the configuration of the clock inside the TZ.

So, I want to ask another thing...
The configuration of the clock is shared between the "secure" zone and the "non secure" zone or each zone has a distinct configuration?

If the configuration is the same, is it possible to configure the clock inside the "secure" zone and then avoi to re-configure it inside the "non secure" zone?

0 Kudos
Bubbles
ST Employee
In response to gabriele_chiodi

‎2023-07-10 06:45 AM

Hi @gabriele_chiodi,

I believe the answer is in chapter 4.6 of the reference manual, particularly in 4.6.6 and also 9.5.

You can set the RCC as secure and then only the secure part can set the clock.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Top