MAX32666 bare-metal SHA accelerator#10431
Conversation
There was a problem hiding this comment.
Pull request overview
This PR replaces the previous MAX32666 SHA (TPU) integration that relied on SDK one-shot hashing with a bare-metal, incremental (Update/Final) SHA accelerator implementation, enabling hashing of large inputs without buffering the entire message in RAM (e.g., wolfBoot firmware images).
Changes:
- Reworked MAX3266x SHA support to use bare-metal register-level feeding of blocks and saved intermediate state, supporting incremental hashing.
- Simplified crypto callback SHA copy/free handling and removed the prior HASH_KEEP-based message accumulation approach.
- Updated Maxim port README to remove the previous “large hash” limitation note.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| wolfssl/wolfcrypt/port/maxim/max3266x.h | Removes HASH_KEEP/empty-digest helpers and adds bare-metal TPU SHA helper APIs/state sizing constants. |
| wolfcrypt/src/port/maxim/README.md | Removes outdated note about SDK one-shot SHA limiting large hashes. |
| wolfcrypt/src/port/maxim/max3266x.c | Implements incremental bare-metal TPU SHA (setup/feed/save/read) and rewires SHA callbacks + per-algorithm wc_Sha* APIs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
Jenkins retest this please |
3 similar comments
|
Jenkins retest this please |
|
Jenkins retest this please |
|
Jenkins retest this please |
mattia-moffa
force-pushed
the
20260330-max32666-sha-bare-metal
branch
from
2e30019 to
c9a534a
Compare
|
Jenkins retest this please |
|
Jenkins retest this please |
night1rider
left a comment
night1rider
left a comment
There was a problem hiding this comment.
It does seem there is a performance regression.
- older code gave:
SHA 6 MiB took 1.000 seconds, 6.247 MiB/s
SHA-224 2 MiB took 0.319 seconds, 6.656 MiB/s
SHA-256 7 MiB took 1.004 seconds, 6.663 MiB/s
SHA-384 7 MiB took 1.004 seconds, 6.663 MiB/s
SHA-512 7 MiB took 1.004 seconds, 6.663 MiB/s
- Newer Code Gives:
SHA 5 MiB took 1.005 seconds, 4.543 MiB/s
SHA-224 5 MiB took 1.005 seconds, 4.543 MiB/s
SHA-256 5 MiB took 0.994 seconds, 4.543 MiB/s
SHA-384 5 MiB took 1.005 seconds, 4.543 MiB/s
SHA-512 5 MiB took 1.005 seconds, 4.543 MiB/s
I understand the older code buffered the entire message into memory, and then preformed the digest on the entire message.
Not sure it makes sense to have a option to return that older behavior as this refactor is more efficient overall than an accumulate and one shot.
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Let's have a build option to support the old caching option (off by default).
|
Jenkins retest this please |
|
Jenkins retest this please |
night1rider
left a comment
night1rider
left a comment
There was a problem hiding this comment.
Works and new define returns older performance
Description
Implements the SHA accelerator for MAX32666 as bare-metal, replacing the previous SDK-based one, which only supported one-shot hashing. This is needed to hash big firmwares in wolfBoot without taking up too much RAM.
Also has a fix for F#3076
Testing
Temporary test firmware: https://moffa.xyz/tmp/test_max32666.tar.gz