• State Not Answered
  • Replies 17 replies
  • Subscribers 74 subscribers
  • Views 2376 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 318530
Options

Can't get WiFi and PSA API to work in the same application using nRF7002DK

MarioDLH

Hi.

We're working on a project using nRF Connect SDK 2.5.0 and nRF7002DK that needs to use both WiFi and PSA in order to do some cryptographic operations, but there are memory issues when running the application, even changing drastically the values in CONFIG_MAIN_STACK_SIZE and/or CONFIG_HEAP_MEM_POOL_SIZE. To replicate the problem, I've tried to combine both WiFi Station and PSA SHA256 samples in a single application using the required configurations but I still face the same problem, getting errors on WiFi and hash operations. I've also tried to increase the stack size with a value up to 40960 without making a difference. The output looks like this: 

[00:00:00.406,829] <err> wifi_nrf: nrf_wifi_hal_dev_add: No space for TX buf info

[00:00:00.407,043] <err> wifi_nrf: nrf_wifi_fmac_dev_add: nrf_wifi_hal_dev_add failed

[00:00:00.407,073] <err> wifi_nrf: nrf_wifi_fmac_dev_add_zep: nrf_wifi_fmac_dev_add failed

[00:00:00.407,073] <err> wifi_nrf: nrf_wifi_if_init_zep: nrf_wifi_fmac_dev_add_zep failed

[00:00:00.419,525] <err> wifi_nrf: nrf_wifi_hal_dev_add: No space for TX buf info

[00:00:00.419,708] <err> wifi_nrf: nrf_wifi_fmac_dev_add: nrf_wifi_hal_dev_add failed

[00:00:00.419,738] <err> wifi_nrf: nrf_wifi_fmac_dev_add_zep: nrf_wifi_fmac_dev_add failed

[00:00:00.419,769] <err> wifi_nrf: nrf_wifi_if_start_zep: nrf_wifi_fmac_dev_add_zep failed

*** Booting nRF Connect SDK v2.5.0 ***
[00:00:00.419,921] <inf> net_config: Initializing network
[00:00:00.419,921] <inf> net_config: Waiting interface 1 (0x20001508) to be up...
[00:00:00.420,013] <inf> net_config: IPv4 address: 192.168.1.99
[00:00:00.420,074] <inf> net_config: Running dhcpv4 client...
[00:00:00.420,318] <inf> sta: Starting nrf7002dk_nrf5340_cpuapp with CPU frequency: 64 MHz
[00:00:01.397,491] <inf> sta: QSPI Encryption disabled
[00:00:01.397,583] <inf> sta: Static IP address (overridable): 192.168.1.99/255.255.255.0 -> 192.168.1.1
[00:00:01.397,583] <inf> sta: Starting SHA256 example...
[00:00:01.397,613] <inf> sta: ---- Plaintext to hash (len: 150): ----
[00:00:01.397,613] <inf> sta: Content:
                              45 78 61 6d 70 6c 65 20  73 74 72 69 6e 67 20 74 |Example  string t
                              6f 20 64 65 6d 6f 6e 73  74 72 61 74 65 20 62 61 |o demons trate ba
                              73 69 63 20 75 73 61 67  65 20 6f 66 20 53 48 41 |sic usag e of SHA
                              32 35 36 2e 54 68 61 74  20 75 73 65 73 20 73 69 |256.That  uses si
                              6e 67 6c 65 20 61 6e 64  20 6d 75 6c 74 69 2d 70 |ngle and  multi-p
                              61 72 74 20 50 53 41 20  63 72 79 70 74 6f 20 41 |art PSA  crypto A
                              50 49 27 73 20 74 6f 20  70 65 72 66 6f 72 6d 20 |PI's to  perform 
                              61 20 53 48 41 2d 32 35  36 20 68 61 73 68 69 6e |a SHA-25 6 hashin
                              67 20 6f 70 65 72 61 74  69 6f 6e 2e 00 00 00 00 |g operat ion.....
                              00 00 00 00 00 00                                |......           
[00:00:01.397,644] <inf> sta: ---- Plaintext to hash end  ----
[00:00:01.397,644] <inf> sta: Hashing using SHA256...
[00:00:01.397,644] <inf> sta: psa_hash_compute failed! (Error: -134)
[00:00:01.397,674] <inf> sta: Example exited with error!

Is it a problem with the device or the SDK or is there anything we can try on our side?

Thanks.

Best regards.

  • 0 in reply to dejans

    Hi,

    The error is basically the output when hash fails, like this:

    *** Booting nRF Connect SDK v2.5.OK
0 ***
[00:00:00.451,721] <inf> net_config: Initializing network
[00:00:00.451,721] <inf> net_config: Waiting interface 1 (0x20001508) to be up...
[00:00:00.451,843] <inf> net_config: IPv4 address: 192.168.1.99
[00:00:00.451,904] <inf> net_config: Running dhcpv4 client...
[00:00:00.452,148] <inf> sta: Starting SHA256 example...
[00:00:00.452,178] <inf> sta: ---- Plaintext to hash (len: 150): ----
[00:00:00.452,178] <inf> sta: Content:
                              45 78 61 6d 70 6c 65 20  73 74 72 69 6e 67 20 74 |Example  string t
                              6f 20 64 65 6d 6f 6e 73  74 72 61 74 65 20 62 61 |o demons trate ba
                              73 69 63 20 75 73 61 67  65 20 6f 66 20 53 48 41 |sic usag e of SHA
                              32 35 36 2e 54 68 61 74  20 75 73 65 73 20 73 69 |256.That  uses si
                              6e 67 6c 65 20 61 6e 64  20 6d 75 6c 74 69 2d 70 |ngle and  multi-p
                              61 72 74 20 50 53 41 20  63 72 79 70 74 6f 20 41 |art PSA  crypto A
                              50 49 27 73 20 74 6f 20  70 65 72 66 6f 72 6d 20 |PI's to  perform 
                              61 20 53 48 41 2d 32 35  36 20 68 61 73 68 69 6e |a SHA-25 6 hashin
                              67 20 6f 70 65 72 61 74  69 6f 6e 2e 00 00 00 00 |g operat ion.....
                              00 00 00 00 00 00                                |......           
[00:00:00.452,209] <inf> sta: ---- Plaintext to hash end  ----
[00:00:00.452,209] <inf> sta: Hashing using SHA256...
[00:00:00.452,239] <inf> sta: psa_hash_compute failed! (Error: -134)
[00:00:00.452,239] <inf> sta: Example exited with error!

    To combine both samples, I simply copied the configurations in prj.conf from sha256 sample into the prj.conf file of the station sample, looking like this:

    #
# Copyright (c) 2022 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
CONFIG_WIFI=y
CONFIG_WIFI_NRF700X=y

# WPA supplicant
CONFIG_WPA_SUPP=y

# Below configs need to be modified based on security
# CONFIG_STA_KEY_MGMT_NONE=y
CONFIG_STA_KEY_MGMT_WPA2=y
# CONFIG_STA_KEY_MGMT_WPA2_256=y
# CONFIG_STA_KEY_MGMT_WPA3=y
CONFIG_STA_SAMPLE_SSID=""
CONFIG_STA_SAMPLE_PASSWORD=""

# System settings
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_NANO=n

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_LOG=y
CONFIG_NET_IPV4=y
CONFIG_NET_UDP=y
CONFIG_NET_TCP=y
CONFIG_NET_DHCPV4=y

CONFIG_NET_PKT_RX_COUNT=8
CONFIG_NET_PKT_TX_COUNT=8

# Below section is the primary contributor to SRAM and is currently
# tuned for performance, but this will be revisited in the future.
CONFIG_NET_BUF_RX_COUNT=16
CONFIG_NET_BUF_TX_COUNT=16
CONFIG_NET_BUF_DATA_SIZE=128
CONFIG_HEAP_MEM_POOL_SIZE=153600
CONFIG_NET_TC_TX_COUNT=1

CONFIG_NET_IF_UNICAST_IPV4_ADDR_COUNT=1
CONFIG_NET_MAX_CONTEXTS=5
CONFIG_NET_CONTEXT_SYNC_RECV=y

CONFIG_INIT_STACKS=y

CONFIG_NET_L2_ETHERNET=y

CONFIG_NET_CONFIG_SETTINGS=y
CONFIG_NET_CONFIG_INIT_TIMEOUT=0

CONFIG_NET_SOCKETS_POLL_MAX=6

# Memories
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048
CONFIG_NET_TX_STACK_SIZE=4096
CONFIG_NET_RX_STACK_SIZE=4096

# Debugging
CONFIG_STACK_SENTINEL=y
CONFIG_DEBUG_COREDUMP=y
CONFIG_DEBUG_COREDUMP_BACKEND_LOGGING=y
CONFIG_DEBUG_COREDUMP_MEMORY_DUMP_MIN=y
CONFIG_SHELL_CMDS_RESIZE=n


# Kernel options
CONFIG_ENTROPY_GENERATOR=y

# Logging
CONFIG_LOG=y
CONFIG_LOG_BUFFER_SIZE=2048
CONFIG_POSIX_CLOCK=y

CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.168.1.99"
CONFIG_NET_CONFIG_MY_IPV4_NETMASK="255.255.255.0"
CONFIG_NET_CONFIG_MY_IPV4_GW="192.168.1.1"

# printing of scan results puts pressure on queues in new locking
# design in net_mgmt. So, use a higher timeout for a crowded
# environment.
CONFIG_NET_MGMT_EVENT_QUEUE_TIMEOUT=5000

# The Zephyr CMSIS emulation assumes that ticks are ms, currently
CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000

# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192

CONFIG_PSA_WANT_ALG_SHA_256=y

    I also copied the required code from main.c of sha256 into main.c of the station sample, adding the hash operations before the execution of the original code and giving the output specified before.

    This is the case of the combination of both samples, but I also face the other problems I mentioned in other replies when I use both WiFi and hash in my full project, like variables having wrong values while debugging or stack overflows, probably caused by the same memory problems that occur with this combination. I've attached the modified sample.

    Thanks.

    Best regards.

    sta.zip

  • 0 in reply to MarioDLH

    Hi,

    I have reproduced your issue. I tested the combination of both samples and observed the same behavior as you reported. The only way crypto sample was able to correctly compute hash was when I disabled 2 wi-fi configuration options shown below.

    CONFIG_WPA_SUPP=n
CONFIG_NETWORKING=n

    I have also asked internally for more information.

    Best regards,
    Dejan

  • 0 in reply to dejans

    Hi,

    I am sorry for a delayed reply. I was out of the office.

    There is a functionality implication of disabling 2 mentioned configuration options in the sense that this would potentially make all wifi features unusable. In other words, they would probably not work. WPA_SUPP uses non-PSA calls which might affect PSA SHA 256 sample. I have reported this issue to our developers and they will look into it. I will get back to you with new findings, probably during next week.

    Best regards,
    Dejan

  • 0 in reply to dejans

    Hi,

    I have tested potential solution to your problem. You should be able to get both samples to work if you make nrf7002dk_nrf5340_cpuapp_ns.conf file and include it into your build configuration. The content of the file is shown below. Please test it yourself to verify that it is working for you.

    CONFIG_WIFI_CREDENTIALS_BACKEND_PSA=y
CONFIG_TFM_PROFILE_TYPE_MEDIUM=y
CONFIG_PM_PARTITION_SIZE_TFM_SRAM=0x18000
CONFIG_MBEDTLS_HEAP_SIZE=16384


    Best regards,
    Dejan

  • 0 in reply to dejans

    Hi.

    Thanks for your reply. I've tested the configurations and it works fine. Since those are TF-M configs and the target is the non-secure one, do they make the WiFi sample compatible with it then? The sample only lists the secure target as compatible and is the one I was using at first but it actually works adding those options, so I'd like to clarify that.

    Thanks again for the solution.

    Best regards.

Related
Terms of service