Configuration Conflicts with OSDP and NRF Security

Question

Issue: 
 We are attempting to implement NRF and OSDP into a Zephyr project. In order for NRF to be, properly, included this requires a configuration statement in the prj.conf for nrf security (CONFIG_NRF_SECURITY) . And in order to leverage the OSDP library it requires that we include the necessary dependencies for the configuration symbol MBEDTLS_CIPHER_CCM_ENABLED . However, it explicitly says in the documentation that CONFIG_NRF_SECURITY must be disabled for the OSDP symbol. 
 
 Context & Progress: 
 After removing CONFIG_NRF_SECURITY The errors related to OSDP go away, but I then get errors related to NRF such as undefined references. So effectively it seems that I can choose to have NRF or OSDP not both at this point. 
 
 Development Setup 
 
 MacOS 
 Zephyr RTOS 
 VS Code w/ nRF Connect Extension 
 nrf52840 
 
 Error Messages: 
 OSDP Related Errors: 
 
 warning: MBEDTLS_CIPHER_CCM_ENABLED (defined at modules/mbedtls/Kconfig.tls-generic:282, modules/mbedtls/Kconfig.tls-generic:282) has direct dependencies ((MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED) && !(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS) || ((MBEDTLS_CIPHER_AES_ENABLED || MBEDTLS_CIPHER_CAMELLIA_ENABLED) && !(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0) with value n, but is currently being y-selected by the following symbols: - OSDP_SC_ENABLED (defined at subsys/mgmt/osdp/Kconfig:71), with value y, direct dependencies CSPRING_ENABLED && OSDP (value: y), and select condition CSPRING_ENABLED && OSDP (value: y) 
 
 NRF/PSA Related Errors: 
 I Included this for context the hope is that I will be able to use NRF_Security because that component is already implemented in our products. 
 
 Question: Is there a way to leverage both libraries or edit the OSDP configuration so MBEDTLS_CIPHER_CCM_ENABLED is not required?

Vidar Berg · Accepted Answer

Hi, 
 The initial reason I couldn't reproduce the error was that I had disabled CONFIG_OSDP_SC_ENABLED to allow me to build the original sample without considering what this option actually did (i.e., enabling encryption support). 
 To fix these compile errors I had to cherry pick the commits from this PR: https://github.com/zephyrproject-rtos/zephyr/pull/66258 
 /ncs/v2.5.0/zephyr$ git remote add arkwad https://github.com/arkwad/zephyr.git
/ncs/v2.5.0/zephyr$ git remote fetch arkwad
/ncs/v2.5.0/zephyr$ git cherry-pick a30723d52fe4bb3afd605af5b204bbbcfad759b5
/ncs/v2.5.0/zephyr$ git cherry-pick 5fd916aa8f855c8d03652f7d8ed7bbd773b42d12 
 After applying this fix, I was able to reproduce the same build error because CONFIG_OSDP_SC_ENABLED is selecting the Zephyr mbedtls module here: https://github.com/nrfconnect/sdk-zephyr/blob/b3979ec709df026fc655286f1a58be30b0f688e0/subsys/mgmt/osdp/Kconfig#L71 
 Please try to comment the lines shown below in /v2.5.0/zephyr/subsys/mgmt/osdp/Kconfig and see if it fixes the problem: 
 config OSDP_SC_ENABLED
	bool "OSDP Secure Channel"
	depends on CSPRING_ENABLED
	default y
	#select CRYPTO
	#select CRYPTO_MBEDTLS_SHIM
	#select MBEDTLS
	#select MBEDTLS_CIPHER_CCM_ENABLED
	help
 Secure the OSDP communication channel with encryption and mutual
 authentication.

Configuration Conflicts with OSDP and NRF Security

Top Replies