Configuration Conflicts with OSDP and NRF Security

Issue:

We are attempting to implement NRF and OSDP into a Zephyr project. In order for NRF to be, properly, included this requires a configuration statement in the prj.conf for nrf security (CONFIG_NRF_SECURITY). And in order to leverage the OSDP library it requires that we include the necessary dependencies for the configuration symbol MBEDTLS_CIPHER_CCM_ENABLED. However, it explicitly says in the documentation that CONFIG_NRF_SECURITY must be disabled for the OSDP symbol.

Context & Progress:

After removing CONFIG_NRF_SECURITY The errors related to OSDP go away, but I then get errors related to NRF such as undefined references. So effectively it seems that I can choose to have NRF or OSDP not both at this point.

Development Setup

  • MacOS
  • Zephyr RTOS
  • VS Code w/ nRF Connect Extension
  • nrf52840


Error Messages:

OSDP Related Errors:

warning: MBEDTLS_CIPHER_CCM_ENABLED (defined at modules/mbedtls/Kconfig.tls-generic:282, modules/mbedtls/Kconfig.tls-generic:282) has direct dependencies ((MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED) && !(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS) || ((MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED) && !(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0) with value n, but is currently being y-selected by the following symbols:
- OSDP_SC_ENABLED (defined at subsys/mgmt/osdp/Kconfig:71), with value y, direct dependencies CSPRING_ENABLED && OSDP (value: y), and select condition CSPRING_ENABLED && OSDP (value: y)

NRF/PSA Related Errors:

I Included this for context the hope is that I will be able to use NRF_Security because that component is already implemented in our products.

Question:
Is there a way to leverage both libraries or edit the OSDP configuration so MBEDTLS_CIPHER_CCM_ENABLED is not required?

Parents
  • Hello,

    Which version of the nRF Connect SDK are you using? I tried to reproduce this by building the /zephyr/samples/subsys/mgmt/osdp/peripheral_device sample with CONFIG_NRF_SECURITY enabled in SDK v.2.5.0, but did not get any build errors. Please try to add CONFIG_PSA_WANT_ALG_CCM=y to your build and see if you receive the same linker errors.

    Best regards,

    Vidar

  • I downloaded the 2.5.0 SDK this morning and attempted the, peripheral_device sample, build again. Unfortunately, there was no change.

    I tried to add these statements to the prj.config:

    • CONFIG_NRF_SECURITY=y
    • CONFIG_PSA_WANT_ALG_CCM=y

    Here is an image of the prj.config file:

    I initially was using 2.4.99-dev2, I switched over to 2.5.0 this morning. Im getting the same results.

    Here is an image of the build attempt on 2.5.0


Reply
  • I downloaded the 2.5.0 SDK this morning and attempted the, peripheral_device sample, build again. Unfortunately, there was no change.

    I tried to add these statements to the prj.config:

    • CONFIG_NRF_SECURITY=y
    • CONFIG_PSA_WANT_ALG_CCM=y

    Here is an image of the prj.config file:

    I initially was using 2.4.99-dev2, I switched over to 2.5.0 this morning. Im getting the same results.

    Here is an image of the build attempt on 2.5.0


Children
Related