Cannot use Zephyr built-in mbedTLS library with nRF5340

Hello,

I have implemented an application for nRF5340 chip derived from the Zephyr AWS IoT MQTT sample. The application is based on W5500 Ethernet driver so the idea is to work with AWS IoT over Ethernet. This sample uses the Zephyr built-in mbedTLS library and I can successfully compile and run my application for nRF52840 chip. So the code itself is fine. Although when I compile for nRF5340 I get Kconfig warnings, compile warnings and linker errors related to mbedTLS. 

It is clear to me that CONFIG_NRF_SECURITY, despite being disabled in my prj.conf prevents the use of the built-in Zephyr mbedTLS library. Since it works fine for nRF52, I'd rather use the same approach but I am also happy to switch to the Nordic pre-built mbedTLS library if necessary as long as I do not need to modify the application code.

I have tried to fix the issue for hours with no luck so any help would be much appreciated.

Thank you. 7875.prj.conf

warning: NRF_SECURITY (defined at /Users/marcorussi/firmware/elimo/template-app-

aws/external/nrf/subsys/nrf_security/Kconfig:33) was assigned the value 'n' but got the value 'y'.

See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_NRF_SECURITY and/or look up

NRF_SECURITY in the menuconfig/guiconfig interface. The Application Development Primer, Setting

Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful

too.

warning: MBEDTLS_MEMORY_DEBUG (defined at /Users/marcorussi/firmware/elimo/template-app-

aws/external/nrf/subsys/nrf_security/Kconfig.tls:167, modules/mbedtls/Kconfig:163,

modules/mbedtls/Kconfig:163) was assigned the value 'y' but got the value 'n'. Check these

unsatisfied dependencies: ((MBEDTLS_TLS_LIBRARY && NRF_SECURITY) || (MBEDTLS_BUILTIN && MBEDTLS) ||

(MBEDTLS_BUILTIN && MBEDTLS && 0)) (=n). See

http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_MEMORY_DEBUG and/or look up

MBEDTLS_MEMORY_DEBUG in the menuconfig/guiconfig interface. The Application Development Primer,

Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be

helpful too.

warning: MBEDTLS_AES_ROM_TABLES (defined at /Users/marcorussi/firmware/elimo/template-app-

aws/external/nrf/subsys/nrf_security/Kconfig.legacy:421, modules/mbedtls/Kconfig.tls-generic:261,

modules/mbedtls/Kconfig.tls-generic:261) was assigned the value 'y' but got the value 'n'. Check

these unsatisfied dependencies: ((!(OBERON_BACKEND || CC3XX_BACKEND) && MBEDTLS_CIPHER_MODE_CBC &&

MBEDTLS_AES_C && MBEDTLS_LEGACY_CRYPTO_C && NRF_SECURITY) || (MBEDTLS_CIPHER_AES_ENABLED &&

!(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-

generic.h" && MBEDTLS) || (MBEDTLS_CIPHER_AES_ENABLED && !(NRF_SECURITY || NORDIC_SECURITY_BACKEND)

&& MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n). See

http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_AES_ROM_TABLES and/or look up

MBEDTLS_AES_ROM_TABLES in the menuconfig/guiconfig interface. The Application Development Primer,

Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be

helpful too.

warning: MBEDTLS_PEM_CERTIFICATE_FORMAT (defined at modules/mbedtls/Kconfig.tls-generic:403,

modules/mbedtls/Kconfig.tls-generic:403) was assigned the value 'y' but got the value 'n'. Check

these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&

MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).

See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT and/or

look up MBEDTLS_PEM_CERTIFICATE_FORMAT in the menuconfig/guiconfig interface. The Application

Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of

the manual might be helpful too.

warning: MBEDTLS_SERVER_NAME_INDICATION (defined at modules/mbedtls/Kconfig.tls-generic:448,

modules/mbedtls/Kconfig.tls-generic:448) was assigned the value 'y' but got the value 'n'. Check

these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&

MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).

See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_SERVER_NAME_INDICATION and/or

look up MBEDTLS_SERVER_NAME_INDICATION in the menuconfig/guiconfig interface. The Application

Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of

the manual might be helpful too.

warning: MBEDTLS_HAVE_TIME_DATE (defined at modules/mbedtls/Kconfig.tls-generic:460,

modules/mbedtls/Kconfig.tls-generic:460) was assigned the value 'y' but got the value 'n'. Check

these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&

MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).

See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_HAVE_TIME_DATE and/or look up

MBEDTLS_HAVE_TIME_DATE in the menuconfig/guiconfig interface. The Application Development Primer,

Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be

helpful too.

warning: MBEDTLS_SSL_MAX_CONTENT_LEN (defined at modules/mbedtls/Kconfig:70,

modules/mbedtls/Kconfig:70) was assigned the value '16384' but got the value ''. Check these

unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS && 0)) (=n).

See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN and/or look

up MBEDTLS_SSL_MAX_CONTENT_LEN in the menuconfig/guiconfig interface. The Application Development

Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual

might be helpful too.

warning: The choice symbol MBEDTLS_BUILTIN (defined at modules/mbedtls/Kconfig:28,

modules/mbedtls/Kconfig:28) was selected (set =y), but MBEDTLS_LIBRARY_NRF_SECURITY (defined at

/Users/marcorussi/firmware/elimo/template-app-aws/external/nrf/subsys/nrf_security/Kconfig:254)

ended up as the choice selection. See

http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_BUILTIN and/or look up

MBEDTLS_BUILTIN in the menuconfig/guiconfig interface. The Application Development Primer, Setting

Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful

too.

warning: Experimental symbol NET_SOCKETS_SOCKOPT_TLS is enabled.





warning: Experimental symbol NET_CONNECTION_MANAGER is enabled.

----- Installing platform NS -----

[302/467] Building C object zephyr/subsys/net/CMakeFiles/subsys__net.dir/lib/sockets/sockets_tls.c.obj

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c: In function 'tls_session_store':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:663:15: warning: implicit declaration of function 'mbedtls_ssl_get_session'; did you mean 'mbedtls_ssl_get_version'? [-Wimplicit-function-declaration]

  663 |         ret = mbedtls_ssl_get_session(&context->ssl, &session);

      |               ^~~~~~~~~~~~~~~~~~~~~~~

      |               mbedtls_ssl_get_version

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c: In function 'tls_session_restore':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:699:15: warning: implicit declaration of function 'mbedtls_ssl_set_session'; did you mean 'mbedtls_ssl_get_version'? [-Wimplicit-function-declaration]

  699 |         ret = mbedtls_ssl_set_session(&context->ssl, &session);

      |               ^~~~~~~~~~~~~~~~~~~~~~~

      |               mbedtls_ssl_get_version

[459/467] Linking C executable zephyr/zephyr_pre0.elf

FAILED: zephyr/zephyr_pre0.elf zephyr/zephyr_pre0.map /Users/marcorussi/firmware/elimo/template-app-aws/build/zephyr/zephyr_pre0.map 

: && ccache /opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc  -gdwarf-4 zephyr/CMakeFiles/zephyr_pre0.dir/misc/empty_file.c.obj -o zephyr/zephyr_pre0.elf  zephyr/CMakeFiles/offsets.dir/./arch/arm/core/offsets/offsets.c.obj  tfm/api_ns/interface/lib/s_veneers.o  -fuse-ld=bfd  -T  zephyr/linker_zephyr_pre0.cmd  -Wl,-Map=/Users/marcorussi/firmware/elimo/template-app-aws/build/zephyr/zephyr_pre0.map  -Wl,--whole-archive  app/libapp.a  zephyr/libzephyr.a  zephyr/arch/common/libarch__common.a  zephyr/arch/arch/arm/core/libarch__arm__core.a  zephyr/arch/arch/arm/core/cortex_m/libarch__arm__core__cortex_m.a  zephyr/arch/arch/arm/core/cortex_m/cmse/libarch__arm__core__cortex_m__cmse.a  zephyr/arch/arch/arm/core/mpu/libarch__arm__core__mpu.a  zephyr/lib/libc/picolibc/liblib__libc__picolibc.a  zephyr/lib/libc/common/liblib__libc__common.a  zephyr/lib/posix/liblib__posix.a  zephyr/soc/soc/arm/nordic_nrf/libsoc__arm__nordic_nrf.a  zephyr/boards/arm/nrf5340dk_nrf5340/libboards__arm__nrf5340dk_nrf5340.a  zephyr/subsys/random/libsubsys__random.a  zephyr/subsys/bluetooth/common/libsubsys__bluetooth__common.a  zephyr/subsys/bluetooth/host/libsubsys__bluetooth__host.a  zephyr/subsys/bluetooth/crypto/libsubsys__bluetooth__crypto.a  zephyr/subsys/net/libsubsys__net.a  zephyr/subsys/net/l2/ethernet/libsubsys__net__l2__ethernet.a  zephyr/subsys/net/ip/libsubsys__net__ip.a  zephyr/subsys/net/lib/mqtt/libsubsys__net__lib__mqtt.a  zephyr/subsys/net/lib/dns/libsubsys__net__lib__dns.a  zephyr/subsys/net/conn_mgr/libsubsys__net__conn_mgr.a  zephyr/drivers/bluetooth/libdrivers__bluetooth.a  zephyr/drivers/clock_control/libdrivers__clock_control.a  zephyr/drivers/console/libdrivers__console.a  zephyr/drivers/entropy/libdrivers__entropy.a  zephyr/drivers/flash/libdrivers__flash.a  zephyr/drivers/gpio/libdrivers__gpio.a  zephyr/drivers/hwinfo/libdrivers__hwinfo.a  zephyr/drivers/mbox/libdrivers__mbox.a  zephyr/drivers/ethernet/libdrivers__ethernet.a  zephyr/drivers/pinctrl/libdrivers__pinctrl.a  zephyr/drivers/serial/libdrivers__serial.a  zephyr/drivers/spi/libdrivers__spi.a  zephyr/drivers/timer/libdrivers__timer.a  modules/nrf/lib/fatal_error/lib..__nrf__lib__fatal_error.a  modules/nrf/subsys/nrf_security/src/zephyr/libmbedtls_zephyr.a  modules/nrf/modules/trusted-firmware-m/lib..__nrf__modules__trusted-firmware-m.a  modules/nrf/modules/trusted-firmware-m/libtfm_api_nrf.a  modules/dali-if/drivers/misc/daliif/lib..__dali-if__drivers__misc__daliif.a  modules/dali-lib/modules/dalilib/lib..__dali-lib__modules__dalilib.a  modules/trusted-firmware-m/libtfm_api.a  modules/hal_nordic/nrfx/libmodules__hal_nordic__nrfx.a  modules/libmetal/libmetal/lib/libmetal.a  modules/open-amp/open-amp/lib/libopen_amp.a  modules/segger/libmodules__segger.a  -Wl,--no-whole-archive  zephyr/kernel/libkernel.a  -L"/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/thumb/v8-m.main/nofp"  -L/Users/marcorussi/firmware/elimo/template-app-aws/build/zephyr  -lgcc  zephyr/arch/common/libisr_tables.a  -Wl,--gc-sections  -Wl,--build-id=none  -Wl,--sort-common=descending  -Wl,--sort-section=alignment  -Wl,-u,_OffsetAbsSyms  -Wl,-u,_ConfigAbsSyms  -nostdlib  -static  -Wl,-X  -Wl,-N  -Wl,--orphan-handling=warn  -Wl,-no-pie  -DPICOLIBC_LONG_LONG_PRINTF_SCANF  modules/nrf/subsys/nrf_security/src/libmbedcrypto.a  /Users/marcorussi/firmware/elimo/template-app-aws/external/nrfxlib/crypto/nrf_oberon/lib/cortex-m33/soft-float/liboberon_mbedtls_3.0.14.a  modules/nrf/subsys/nrf_security/src/libmbedcrypto_base.a  -mcpu=cortex-m33  -mthumb  -mabi=aapcs  -mfp16-format=ieee  -mtp=soft  /Users/marcorussi/firmware/elimo/template-app-aws/external/nrfxlib/crypto/nrf_oberon/lib/cortex-m33/soft-float/liboberon_3.0.14.a  --specs=picolibc.specs  -lc  -lgcc && cd /Users/marcorussi/firmware/elimo/template-app-aws/build/zephyr && /opt/homebrew/Cellar/cmake/3.28.1/bin/cmake -E true

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_mbedtls_reset':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1138: undefined reference to `mbedtls_ssl_session_reset'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_poll_update_pollin':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:2875: undefined reference to `mbedtls_ssl_get_bytes_avail'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_socket_data_check':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:2838: undefined reference to `mbedtls_ssl_read'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:2865: undefined reference to `mbedtls_ssl_get_bytes_avail'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_mbedtls_init':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1268: undefined reference to `mbedtls_ssl_set_bio'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1279: undefined reference to `mbedtls_ssl_config_defaults'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1354: undefined reference to `mbedtls_ssl_conf_authmode'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1358: undefined reference to `mbedtls_ssl_conf_rng'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1370: undefined reference to `mbedtls_ssl_conf_ciphersuites'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1392: undefined reference to `mbedtls_ssl_setup'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_poll_prepare_pollin':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:2767: undefined reference to `mbedtls_ssl_get_bytes_avail'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:2767: undefined reference to `mbedtls_ssl_get_bytes_avail'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_mbedtls_handshake':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1171: undefined reference to `mbedtls_ssl_handshake'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_alloc':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:451: undefined reference to `mbedtls_ssl_init'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:452: undefined reference to `mbedtls_ssl_config_init'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_release':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:521: undefined reference to `mbedtls_ssl_config_free'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:522: undefined reference to `mbedtls_ssl_free'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_close_ctx':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:2043: undefined reference to `mbedtls_ssl_close_notify'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_restore':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:691: undefined reference to `mbedtls_ssl_session_init'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_get':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:636: undefined reference to `mbedtls_ssl_session_load'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_restore':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:705: undefined reference to `mbedtls_ssl_session_free'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_store':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:661: undefined reference to `mbedtls_ssl_session_init'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:663: undefined reference to `mbedtls_ssl_get_session'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_restore':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:699: undefined reference to `mbedtls_ssl_set_session'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_save':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:594: undefined reference to `mbedtls_ssl_session_save'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:602: undefined reference to `mbedtls_ssl_session_save'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_store':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:675: undefined reference to `mbedtls_ssl_session_free'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `send_tls':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:2206: undefined reference to `mbedtls_ssl_write'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `recv_tls':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:2419: undefined reference to `mbedtls_ssl_read'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_opt_ciphersuite_list_get':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1535: undefined reference to `mbedtls_ssl_list_ciphersuites'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_opt_ciphersuite_used_get':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1563: undefined reference to `mbedtls_ssl_get_ciphersuite'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1568: undefined reference to `mbedtls_ssl_get_ciphersuite_id'

/opt/nordic/ncs/toolchains/580e4ef81c/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_opt_ciphersuite_list_set':

/Users/marcorussi/firmware/elimo/template-app-aws/external/zephyr/subsys/net/lib/sockets/sockets_tls.c:1517: undefined reference to `mbedtls_ssl_conf_ciphersuites'

collect2: error: ld returned 1 exit status

ninja: build stopped: subcommand failed.

Parents Reply Children
  • Hi,

     

    These are my configurations, and I'm just using a shield (-DSHIELD=arceli_eth_w5500) to get the sensor added to the board itself.

    # DNS
    CONFIG_DNS_RESOLVER=y
    CONFIG_NET_SOCKETS_DNS_TIMEOUT=30000
    
    # NET sockets
    CONFIG_NET_NATIVE=y
    CONFIG_NET_L2_ETHERNET=y
    CONFIG_NET_TCP=y
    CONFIG_NET_UDP=y
    CONFIG_NET_SOCKETS_OFFLOAD=n
    CONFIG_NET_DHCPV4=y
    CONFIG_NET_CONTEXT_SNDTIMEO=y
    
    # TLS networking
    CONFIG_NET_SOCKETS_ENABLE_DTLS=n
    CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=2
    CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
    
    # TLS credentials
    CONFIG_TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE=y
    
    # mbedTLS
    CONFIG_NRF_SECURITY=y
    CONFIG_MBEDTLS=y
    CONFIG_MBEDTLS_ENABLE_HEAP=y
    CONFIG_MBEDTLS_HEAP_SIZE=81920
    CONFIG_MBEDTLS_RSA_C=y
    CONFIG_MBEDTLS_TLS_LIBRARY=y
    CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
    
    # Optimize T-FM
    CONFIG_TFM_PROFILE_TYPE_SMALL=y
    CONFIG_PM_PARTITION_SIZE_TFM_SRAM=0xc000
    CONFIG_PM_PARTITION_SIZE_TFM=0x20000
    
    # General
    CONFIG_POSIX_CLOCK=y
    CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
    CONFIG_HEAP_MEM_POOL_SIZE=81920
    CONFIG_NET_RX_STACK_SIZE=2048
    
    # Optimize T-FM
    CONFIG_TFM_PROFILE_TYPE_SMALL=y
    CONFIG_PM_PARTITION_SIZE_TFM_SRAM=0xc000
    CONFIG_PM_PARTITION_SIZE_TFM=0x20000
    
    # PSA crypto
    CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y
    CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y

     

    For your case, I think these two should be enough:

    # PSA crypto
    CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y
    CONFIG_PSA_WANT_RSA_KEY_SIZE_2048=y

     

    Do you still see compiler issues with similar setting?

     

    Kind regards,

    Håkon

  • Hi,

    I managed to get rid of all the warning with the following conf file:

    5554.nrf5340dk_nrf5340_cpuapp_ns.conf

    I also share the prj.conf:

    48185.prj.conf

    What worries me is that I had to disable the SSL context serialization to disable related warning:

    CONFIG_MBEDTLS_SSL_CONTEXT_SERIALIZATION=n
    I am not convinced about it.
    Despite of it compiles, I do not see any RTT log being printed after flashing. If I instead run a simple application bypassing the board specific conf file and not compiling the network related application then I see the LOG. This confirms that the board and the RTT log itself works fine.
    I guess a crash or something happens on init.
    Thanks. 
  • Hi,

     

    When a fault occurs, make sure that you have "CONFIG_RESET_ON_FATAL_ERROR=n" set, and enter debug mode to see the call stack.

    Share any output, related to where you are stuck.

     

    Kind regards,

    Håkon

  • I have managed to get the project compiling and running. 

    To anyone interested: here are the final .conf files:

    2110.prj.conf

    7801.nrf5340dk_nrf5340_cpuapp_ns.conf

  • Hello Marco,

    I am working with the same hardware setup (nrf5340dk + w5500 ethernet shield), trying to get nRF Connect SDK sample (samples/net/mqtt) working with TLS. I started this thread on Devzone.

    Do you mind sharing:

    1. Which nRF Connect SDK version you used?

    2. If you used the default Zephyr W5500 driver?

    3. The overlay file for the w5500 ethernet shield?

    Best Regards,

    Makoto

Related