DPE: Refactor certificate creation to reduce memory usage
The layer_ctx_array eats up too much memory because a
DICE_CERT_SIZE (3KB) buffer is allocated per context.
These buffers are meant to create and store the certificates.
The certificates are created when create-certificate=true
and from that time onwards they are stored in encoded format.
The memory usage is reduced by:
- Per context buffers are removed.
- Certificates are created on the fly when a query arrives.
The create certificate step is split into preparing and
encoding the certificate.
- Certificates are not stored anymore in an encoded format,
just their raw content.
- Certificates are always created in place within cmd_buf
to avoid stack usage.
Change-Id: I6e8a4f2aecd4c935d41458d4ba5a0a1026b903ec
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/partitions/dice_protection_environment/dpe_cmd_decode.c b/partitions/dice_protection_environment/dpe_cmd_decode.c
index 143e12c..ad5f811 100644
--- a/partitions/dice_protection_environment/dpe_cmd_decode.c
+++ b/partitions/dice_protection_environment/dpe_cmd_decode.c
@@ -308,7 +308,7 @@
sizeof(new_parent_context_handle) });
/* The certificate is already encoded into a CBOR array by the function
- * add_encoded_layer_certificate. Add it as a byte string so that its
+ * encode_layer_certificate(). Add it as a byte string so that its
* decoding can be skipped and the CBOR returned to the caller.
*/
CHECK_OVERFLOW_TO_TEMP_BUF;