https://community.nxp.com/t5/Secure-Authentication/Https-requests-not-using-HW-accelerated-AES-encryption-on-SE050/m-p/1335228#M569 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/190645">@morni</a>&nbsp;,</P> <P>&nbsp;</P> <P>Indeed&nbsp;the SE05x is used for the&nbsp;TLS Handshake only. After TLS Handshake to Server and the IoT Device are using temporary AES session keys to encrypt/decrypt the application data.&nbsp;</P> <P>Due to performance reason we do not use the SE for application data encryption. To increase the performance the customer shall use the MCU AES crypto coprocessor if possible.&nbsp;</P> <P>BTW: The&nbsp;mbedTLS&nbsp;ALT&nbsp;behavior is specified in the MW doc , <A href="https://www.nxp.com/webapp/Download?colCode=AN13030" target="_blank">https://www.nxp.com/webapp/Download?colCode=AN13030</A> (especially in chapter 8.2). and AN12400, <A href="https://www.nxp.com/docs/en/application-note/AN12400.pdf" target="_blank">https://www.nxp.com/docs/en/application-note/AN12400.pdf</A>&nbsp;, the chapter 3 also shows which operation is performed by the SE.</P> <P>&nbsp;</P> <P>Hope that makes sense,</P> <P>&nbsp;</P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> Mon, 06 Sep 2021 05:54:42 GMT Kan_Li 2021-09-06T05:54:42Z https://community.nxp.com/t5/Secure-Authentication/Https-requests-not-using-HW-accelerated-AES-encryption-on-SE050/m-p/1334479#M568 <P>I'm using the SE050 to connect to AWS and upload data to an S3 bucket.&nbsp; I've found that secure uploads (using https instead of http) is VERY slow.&nbsp; Stepping through the code, it seems that the AES encryption of data in the secure pipe is done in software and not on the SE050 chip.&nbsp; As far as I understand, the Edgelock chip supports hardware accelerated AES encryption/decryption, but it does not seem to be used in https requests.&nbsp; Is this a configuration problem or is an alternative simply not implemented for mbedtls AES?&nbsp; I've made sure that MBEDTLS_AES_ENCRYPT_ALT is #defined.&nbsp;</P><P>I'm using Edgelock on an NXT i.mx rt1064 platform.</P><P>I can't find any application note or example on the subject, help would be appreciated. Thanks!</P> Fri, 03 Sep 2021 03:17:46 GMT https://community.nxp.com/t5/Secure-Authentication/Https-requests-not-using-HW-accelerated-AES-encryption-on-SE050/m-p/1334479#M568 morni 2021-09-03T03:17:46Z https://community.nxp.com/t5/Secure-Authentication/Https-requests-not-using-HW-accelerated-AES-encryption-on-SE050/m-p/1335228#M569 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/190645">@morni</a>&nbsp;,</P> <P>&nbsp;</P> <P>Indeed&nbsp;the SE05x is used for the&nbsp;TLS Handshake only. After TLS Handshake to Server and the IoT Device are using temporary AES session keys to encrypt/decrypt the application data.&nbsp;</P> <P>Due to performance reason we do not use the SE for application data encryption. To increase the performance the customer shall use the MCU AES crypto coprocessor if possible.&nbsp;</P> <P>BTW: The&nbsp;mbedTLS&nbsp;ALT&nbsp;behavior is specified in the MW doc , <A href="https://www.nxp.com/webapp/Download?colCode=AN13030" target="_blank">https://www.nxp.com/webapp/Download?colCode=AN13030</A> (especially in chapter 8.2). and AN12400, <A href="https://www.nxp.com/docs/en/application-note/AN12400.pdf" target="_blank">https://www.nxp.com/docs/en/application-note/AN12400.pdf</A>&nbsp;, the chapter 3 also shows which operation is performed by the SE.</P> <P>&nbsp;</P> <P>Hope that makes sense,</P> <P>&nbsp;</P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> Mon, 06 Sep 2021 05:54:42 GMT https://community.nxp.com/t5/Secure-Authentication/Https-requests-not-using-HW-accelerated-AES-encryption-on-SE050/m-p/1335228#M569 Kan_Li 2021-09-06T05:54:42Z