Can't get WiFi and PSA API to work in the same application using nRF7002DK

Hi.

We're working on a project using nRF Connect SDK 2.5.0 and nRF7002DK that needs to use both WiFi and PSA in order to do some cryptographic operations, but there are memory issues when running the application, even changing drastically the values in CONFIG_MAIN_STACK_SIZE and/or CONFIG_HEAP_MEM_POOL_SIZE. To replicate the problem, I've tried to combine both WiFi Station and PSA SHA256 samples in a single application using the required configurations but I still face the same problem, getting errors on WiFi and hash operations. I've also tried to increase the stack size with a value up to 40960 without making a difference. The output looks like this: 

[00:00:00.406,829] <err> wifi_nrf: nrf_wifi_hal_dev_add: No space for TX buf info

[00:00:00.407,043] <err> wifi_nrf: nrf_wifi_fmac_dev_add: nrf_wifi_hal_dev_add failed

[00:00:00.407,073] <err> wifi_nrf: nrf_wifi_fmac_dev_add_zep: nrf_wifi_fmac_dev_add failed

[00:00:00.407,073] <err> wifi_nrf: nrf_wifi_if_init_zep: nrf_wifi_fmac_dev_add_zep failed

[00:00:00.419,525] <err> wifi_nrf: nrf_wifi_hal_dev_add: No space for TX buf info

[00:00:00.419,708] <err> wifi_nrf: nrf_wifi_fmac_dev_add: nrf_wifi_hal_dev_add failed

[00:00:00.419,738] <err> wifi_nrf: nrf_wifi_fmac_dev_add_zep: nrf_wifi_fmac_dev_add failed

[00:00:00.419,769] <err> wifi_nrf: nrf_wifi_if_start_zep: nrf_wifi_fmac_dev_add_zep failed

*** Booting nRF Connect SDK v2.5.0 ***
[00:00:00.419,921] <inf> net_config: Initializing network
[00:00:00.419,921] <inf> net_config: Waiting interface 1 (0x20001508) to be up...
[00:00:00.420,013] <inf> net_config: IPv4 address: 192.168.1.99
[00:00:00.420,074] <inf> net_config: Running dhcpv4 client...
[00:00:00.420,318] <inf> sta: Starting nrf7002dk_nrf5340_cpuapp with CPU frequency: 64 MHz
[00:00:01.397,491] <inf> sta: QSPI Encryption disabled
[00:00:01.397,583] <inf> sta: Static IP address (overridable): 192.168.1.99/255.255.255.0 -> 192.168.1.1
[00:00:01.397,583] <inf> sta: Starting SHA256 example...
[00:00:01.397,613] <inf> sta: ---- Plaintext to hash (len: 150): ----
[00:00:01.397,613] <inf> sta: Content:
                              45 78 61 6d 70 6c 65 20  73 74 72 69 6e 67 20 74 |Example  string t
                              6f 20 64 65 6d 6f 6e 73  74 72 61 74 65 20 62 61 |o demons trate ba
                              73 69 63 20 75 73 61 67  65 20 6f 66 20 53 48 41 |sic usag e of SHA
                              32 35 36 2e 54 68 61 74  20 75 73 65 73 20 73 69 |256.That  uses si
                              6e 67 6c 65 20 61 6e 64  20 6d 75 6c 74 69 2d 70 |ngle and  multi-p
                              61 72 74 20 50 53 41 20  63 72 79 70 74 6f 20 41 |art PSA  crypto A
                              50 49 27 73 20 74 6f 20  70 65 72 66 6f 72 6d 20 |PI's to  perform 
                              61 20 53 48 41 2d 32 35  36 20 68 61 73 68 69 6e |a SHA-25 6 hashin
                              67 20 6f 70 65 72 61 74  69 6f 6e 2e 00 00 00 00 |g operat ion.....
                              00 00 00 00 00 00                                |......           
[00:00:01.397,644] <inf> sta: ---- Plaintext to hash end  ----
[00:00:01.397,644] <inf> sta: Hashing using SHA256...
[00:00:01.397,644] <inf> sta: psa_hash_compute failed! (Error: -134)
[00:00:01.397,674] <inf> sta: Example exited with error!

Is it a problem with the device or the SDK or is there anything we can try on our side?

Thanks.

Best regards.

  • Hi.

    Sorry for the insistence. Coming back to the first topic and to sum up everything, the idea at the beginning was to use both WiFi and PSA in the secure target (without *ns), which now I know it's not possible and it has to be done with the non-secure target. This actually was the first option in our project, as we need to use a secure partition in order to have some code executed in the secure environment, but in this ticket I was told that WiFi couldn't be used with this secure/non-secure split and this led us to use the secure target. This is not what it's turned out to be in this case, although the WiFi samples documentation also specify only the secure target as compatible.

    So in order to better understand it, should it be possible to combine WiFi, PSA and secure partition using the non-secure target and the configurations you've provided to have some code executed in the secure side without issues? So far I've tried to test that combination and it actually works up to a certain point where the function call to the secure side fails (not the previous calls though), but that may be due to some memory misconfiguration. I'd like to have this clarified before moving forward in this way.

    Thanks again for your help.

    Best regards.

  • Hi,

    To successfully combine PSA with Wi-Fi you need to use non-secure target. When using PSA backend for Wi-Fi credentials, build must be with TF-M (_ns build target). Please refer to point 16 in the lesson 5 exercise 3 of the Wi-Fi Fundamentals Course.

    Best regards,
    Dejan

Related