• State Verified Answer
  • Replies 7 replies
  • Subscribers 64 subscribers
  • Views 505 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 318605
Options

nrfConnect 2.5.0: mbedTLS fails to compile (calloc())

RobMeades

Hi there: we've just updated from nrfConnect 2.3.0 to nrfConnect 2.5.0 and mbedTLS (which seems to have been modified in nrfConnect 2.5.0) now fails to link (in platform.c) because it needs and is unable to find calloc():

/home/arm_embedded_gcc-10-2020-q4-major/bin/ld.bfd: modules/mbedtls/libmbedTLSBase.a(platform.c.obj):/home/nrfconnectsdk-v2.5.0/modules/crypto/mbedtls/library/platform.c:56: undefined reference to `calloc'

As you can see, we are just compiling with GCC for ARM, the newlib of which likely does provide calloc(), but since the linker seems to be being given -nostdlib I guess that is not being included, Zephyr must be providing it.

FYI, we use the default Zephyr MINIMAL_LIBC with normal malloc (so CONFIG_MINIMAL_LIBC_MALLOC=n), however that shouldn't affect calloc(); we don't use calloc() at all and it seems to be under a separate Zephyr configuration switch, CONFIG_MINIMAL_LIBC_CALLOC, which is at the default of y, confirmed by looking in the generated .config file, so it is there inside Zephyr (and just calls malloc() then zeroes it, as you might expect).

Have checked the migration guide but couldn't find anything about this.

Anyway, we don't really care, just need to know how to make it happy please.

FYI, here is our build configuration:

CONFIG_DEBUG=y
CONFIG_MINIMAL_LIBC=y
CONFIG_HEAP_MEM_POOL_SIZE=131072
CONFIG_USERSPACE=y
CONFIG_MINIMAL_LIBC_MALLOC=n
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_INIT_STACKS=y
CONFIG_THREAD_STACK_INFO=y
CONFIG_THREAD_NAME=y
CONFIG_IRQ_OFFLOAD=y
CONFIG_MAIN_STACK_SIZE=8192
CONFIG_EXECUTE_XOR_WRITE=n
CONFIG_ASSERT=y
CONFIG_LOG=y
CONFIG_LOG_DEFAULT_LEVEL=3
CONFIG_DEBUG_OPTIMIZATIONS=y
CONFIG_USE_SEGGER_RTT=y
CONFIG_RTT_CONSOLE=y
CONFIG_UART_CONSOLE=n
CONFIG_LOG_BACKEND_UART=n
CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=2048
CONFIG_EXTRA_EXCEPTION_INFO=y
CONFIG_I2C=y
CONFIG_SPI=y

...and here is the complete linker line as emitted by west:

[612/633] Linking CXX executable zephyr/zephyr_pre0.elf
FAILED: zephyr/zephyr_pre0.elf zephyr/zephyr_pre0.map /home/workspace/build/zephyr/zephyr_pre0.map
: && ccache /home/arm_embedded_gcc-10-2020-q4-major/bin/arm-none-eabi-g++ -gdwarf-4 zephyr/CMakeFiles/zephyr_pre0.dir/misc/empty_file.c.obj -o zephyr/zephyr_pre0.elf zephyr/CMakeFiles/offsets.dir/./arch/arm/core/offsets/offsets.c.obj -fuse-ld=bfd -T zephyr/linker_zephyr_pre0.cmd -Wl,-Map=/home/workspace/build/zephyr/zephyr_pre0.map -Wl,--whole-archive app/libapp.a zephyr/libzephyr.a zephyr/arch/common/libarch__common.a zephyr/arch/arch/arm/core/aarch32/libarch__arm__core__aarch32.a zephyr/arch/arch/arm/core/aarch32/cortex_m/libarch__arm__core__aarch32__cortex_m.a zephyr/arch/arch/arm/core/aarch32/cortex_m/cmse/libarch__arm__core__aarch32__cortex_m__cmse.a zephyr/arch/arch/arm/core/aarch32/mpu/libarch__arm__core__aarch32__mpu.a zephyr/lib/libc/minimal/liblib__libc__minimal.a zephyr/lib/libc/common/liblib__libc__common.a zephyr/soc/soc/arm/common/cortex_m/libsoc__arm__common__cortex_m.a zephyr/boards/arm/nrf5340dk_nrf5340/libboards__arm__nrf5340dk_nrf5340.a zephyr/subsys/random/libsubsys__random.a zephyr/subsys/bluetooth/common/libsubsys__bluetooth__common.a zephyr/subsys/bluetooth/host/libsubsys__bluetooth__host.a zephyr/subsys/net/libsubsys__net.a zephyr/drivers/bluetooth/libdrivers__bluetooth.a zephyr/drivers/clock_control/libdrivers__clock_control.a zephyr/drivers/console/libdrivers__console.a zephyr/drivers/gpio/libdrivers__gpio.a zephyr/drivers/i2c/libdrivers__i2c.a zephyr/drivers/mbox/libdrivers__mbox.a zephyr/drivers/pinctrl/libdrivers__pinctrl.a zephyr/drivers/serial/libdrivers__serial.a zephyr/drivers/spi/libdrivers__spi.a zephyr/drivers/timer/libdrivers__timer.a modules/nrf/drivers/hw_cc310/lib..__nrf__drivers__hw_cc310.a modules/mbedtls/libmbedTLSBase.a modules/mbedtls/libmbedTLSCrypto.a modules/mbedtls/libmbedTLSX509.a modules/mbedtls/libmodules__mbedtls.a modules/hal_nordic/nrfx/libmodules__hal_nordic__nrfx.a modules/libmetal/libmetal/lib/libmetal.a modules/open-amp/open-amp/lib/libopen_amp.a modules/segger/libmodules__segger.a -Wl,--no-whole-archive zephyr/kernel/libkernel.a -L"/home/arm_embedded_gcc-10-2020-q4-major/bin/../lib/gcc/arm-none-eabi/10.2.1/thumb/v8-m.main/nofp" -L/home/workspace/build/zephyr -lgcc zephyr/arch/common/libisr_tables.a modules/mbedtls/libmbedTLSBase.a modules/mbedtls/libmbedTLSCrypto.a modules/mbedtls/libmbedTLSX509.a -mcpu=cortex-m33 -mthumb -mabi=aapcs -mfp16-format=ieee -Wl,--gc-sections -Wl,--build-id=none -Wl,--sort-common=descending -Wl,--sort-section=alignment -Wl,--no-relax -Wl,-u,_OffsetAbsSyms -Wl,-u,_ConfigAbsSyms -nostdlib -static -Wl,-X -Wl,-N -Wl,--orphan-handling=warn /home/nrfconnectsdk-v2.5.0/nrfxlib/crypto/nrf_cc312_platform/lib/cortex-m33/soft-float/no-interrupts/libnrf_cc312_platform_0.9.18.a && cd /home/workspace/build/zephyr && /usr/local/bin/cmake -E true

Parents Reply Children
  • 0 in reply to RobMeades

    Thanks!

    With only the configurations I can not reproduce this error.
    Neither are any of the configurations related to mbedtls.
    Do you have anything in cmakelists.txt to trigger this?

    Can you share the includes from your project as well?

    With this, maybe I am able to get the error on my side.

    Alternatively, if you feel like spending the time on it: a zip file with a minimal reproducible project would also work.

  • 0 in reply to Sigurd Hellesvik

    Sure, I'm just building our code, which you can find here:

    https://github.com/u-blox/ubxlib

    The build information is here:

    https://github.com/u-blox/ubxlib/tree/master/port/platform/zephyr/runner

    Just clone the repo, CD to that directory, and run:

    west build -p auto -b nrf5340dk_nrf5340_cpuapp . --build-dir build_nrf5340dk_nrf5340_cpuapp


    EDIT: you might need to git submodule update --init --recursive after cloning.

  • 0 in reply to RobMeades

    I see that CONFIG_NRF_SECURITY=n.
    Is this on purpose?

    Can you try to enable it and try again?

  • 0 in reply to Sigurd Hellesvik

    I see that CONFIG_NRF_SECURITY=n.

    Where did you see this?  We don't set it to n anywhere that I can find.  For the ubxlib library (that is the thing we really care about; the build I pointed to above is just the test application for it) we bring in the specific mbedTLS modules we need if the application has set NRF_SECURITY to n, but we never set it to n ourselves; this way the application can do what it wishes, the ubxlib library doesn't care.  Also we do not want to rely on NRF-specific configuration switches as the same ubxlib library build will currently work on any Zephyr platform.

    I tried adding CONFIG_NRF_SECURITY=y anyway but that leads to a different compilation error 'cos mbedtls_aes_crypt_cbc() (one of the mbedTLS functions our library uses) now can't be found.  What CONFIG variables would I need to add to get the equivalent of:

    select MBEDTLS
select MBEDTLS_MAC_SHA256_ENABLED
select MBEDTLS_CIPHER_AES_ENABLED

    ...when CONFIG_NRF_SECURITY=y?  If I select these when CONFIG_NRF_SECURITY is also selected, the configuration step of the build fails with:

    warning: MBEDTLS_CIPHER_AES_ENABLED (defined at C:/Users/rmea/.ubxlibpkg/nrfconnectsdk-v2.5.0/zephyr/modules/mbedtls\Kconfig.tls-generic:257, modules\mbedtls\Kconfig.tls-generic:257) has direct dependencies (!(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS) || (!(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0) with value n, but is currently being y-selected by the following symbols:
    - UBXLIB_CRYPTO (defined at C:/projects/ubxlib_priv/port/platform/zephyr/Kconfig:9), with value y, direct dependencies UBXLIB (value: y), and select condition UBXLIB (value: y)

    ...which suggests that, with CONFIG_NRF_SECURITY on, the MBEDTLS_CIPHER_AES_ENABLED that we need is actively being switched off (and we make sure to fail our build when configuration warnings like that appear).

    Basically, we expect mbedtls_sha256()mbedtls_md_info_from_type()mbedtls_md_hmac(), mbedtls_aes_setkey_enc(), mbedtls_aes_crypt_cbc(), mbedtls_aes_setkey_dec() and mbedtls_aes_crypt_cbc() to be available.

  • 0 in reply to RobMeades

    Actually, never mind: I've just noticed that we have already deprecated the functions in our library which required these cryptographic algorithms so, since this only affects NCS/Zephyr, I'm happy that simply removing the calls from our library entirely is an acceptable way forward.

Related