Hi,

 

I want to talk about whether TFM should support the PEM key format in crypto operation. In the PSA crypto spec, it describes:

```

This specification supports a single format for each key type. Implementations may support other formats as long as the standard format is supported.

```

The PEM format is not the standard format described in the spec. However, in the tfm_mbedcrypto_config_default.h, the MBEDTLS_PEM_PARSE_C and the MBEDTLS_PEM_WRITE_C is defined which  leads to that PEM key format operation is enabled in TFM crypto service.

 

In isolation level1, about more than 2000 bytes code is introduced by this feature:

 

.ER_TFM_CODE    0x2a01c  // MBEDTLS_PEM_PARSE_C and the MBEDTLS_PEM_WRITE_C enabled

.ER_TFM_CODE    0x29848 // MBEDTLS_PEM_PARSE_C and the MBEDTLS_PEM_WRITE_C disabled

 

Is it necessary to support the PEM format in the key operation in crypto service at the cost of more than 2000 bytes?

 

Any comments on that?

 

Regards,

Sherry Zhang