• State Not Answered
  • Replies 9 replies
  • Subscribers 68 subscribers
  • Views 269 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 333944
Options

MBEDTLS time/date support with nRF Security

Ligo George

Is MBEDTLS date/time is not supported in nRF security ?

warning: MBEDTLS_HAVE_TIME_DATE (defined at modules/mbedtls/Kconfig.tls-generic:458,
modules/mbedtls/Kconfig.tls-generic:458) was assigned the value 'y' but got the value 'n'. Check
these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&
MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).
See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_HAVE_TIME_DATE and/or look up
MBEDTLS_HAVE_TIME_DATE in the menuconfig/guiconfig interface. The Application Development Primer,
Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be
helpful too.

We would like to have certificate validity check, but unable to enable it. 

Parents
  • 0

    Hi,

    Can you provide information about your application?

    Can you provide complete build log and your project configuration?

    Best regards,
    Dejan

  • 0 in reply to dejans

    This is a generic issue with nRF SDK, not tied to an application. 

    I am using v2.7.0 SDK.

    For e.g. you can try building "aws_iot_mqtt" example on nRF7002DK. See the build log for the same below. 

    Building aws_iot_mqtt
west build --build-dir /home/vscode/workspaces/base-station-application/aws_iot_mqtt/build /home/vscode/workspaces/base-station-application/aws_iot_mqtt --pristine --board nrf7002dk/nrf5340/cpuapp/ns -- -DNCS_TOOLCHAIN_VERSION=NONE -DBOARD_ROOT=/home/vscode/workspaces/base-station-application

-- west build: generating a build system
Loading Zephyr default modules (Zephyr base).
-- Application: /home/vscode/workspaces/base-station-application/aws_iot_mqtt
-- CMake version: 3.30.2
-- Found Python3: /usr/bin/python3 (found suitable version "3.10.12", minimum required is "3.8") found components: Interpreter
-- Cache files will be written to: /home/vscode/workspaces/.cache/zephyr
-- Zephyr version: 3.6.99 (/home/vscode/workspaces/external_dependencies/zephyr)
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: nrf7002dk, qualifiers: nrf5340/cpuapp/ns
-- Found host-tools: zephyr 0.16.5 (/home/vscode/workspaces/external_dependencies/zephyr-sdk)
-- Found toolchain: zephyr 0.16.5 (/home/vscode/workspaces/external_dependencies/zephyr-sdk)
-- Found Dtc: /usr/bin/dtc (found suitable version "1.6.1", minimum required is "1.4.6")
-- Found BOARD.dts: /home/vscode/workspaces/external_dependencies/nrf/boards/nordic/nrf7002dk/nrf7002dk_nrf5340_cpuapp_ns.dts
-- Generated zephyr.dts: /home/vscode/workspaces/base-station-application/aws_iot_mqtt/build/zephyr/zephyr.dts
-- Generated devicetree_generated.h: /home/vscode/workspaces/base-station-application/aws_iot_mqtt/build/zephyr/include/generated/devicetree_generated.h
-- Including generated dts.cmake file: /home/vscode/workspaces/base-station-application/aws_iot_mqtt/build/zephyr/dts.cmake

warning: MBEDTLS_MEMORY_DEBUG (defined at
/home/vscode/workspaces/external_dependencies/nrf/subsys/nrf_security/Kconfig.tls:167,
modules/mbedtls/Kconfig:166, modules/mbedtls/Kconfig:166) was assigned the value 'y' but got the
value 'n'. Check these unsatisfied dependencies: ((MBEDTLS_TLS_LIBRARY && NRF_SECURITY) ||
(MBEDTLS_BUILTIN && MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS && 0)) (=n). See
http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_MEMORY_DEBUG and/or look up
MBEDTLS_MEMORY_DEBUG in the menuconfig/guiconfig interface. The Application Development Primer,
Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be
helpful too.


warning: MBEDTLS_AES_ROM_TABLES (defined at
/home/vscode/workspaces/external_dependencies/nrf/subsys/nrf_security/Kconfig.legacy:417,
modules/mbedtls/Kconfig.tls-generic:261, modules/mbedtls/Kconfig.tls-generic:261) was assigned the
value 'y' but got the value 'n'. Check these unsatisfied dependencies: ((!(OBERON_BACKEND ||
CC3XX_BACKEND) && MBEDTLS_CIPHER_MODE_CBC && MBEDTLS_AES_C && MBEDTLS_LEGACY_CRYPTO_C &&
NRF_SECURITY) || (MBEDTLS_CIPHER_AES_ENABLED && !(NRF_SECURITY || NORDIC_SECURITY_BACKEND) &&
MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS) ||
(MBEDTLS_CIPHER_AES_ENABLED && !(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN &&
MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n). See
http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_AES_ROM_TABLES and/or look up
MBEDTLS_AES_ROM_TABLES in the menuconfig/guiconfig interface. The Application Development Primer,
Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be
helpful too.


warning: MBEDTLS_SSL_ALPN (defined at modules/mbedtls/Kconfig.tls-generic:44,
modules/mbedtls/Kconfig.tls-generic:44) was assigned the value 'y' but got the value 'n'. Check
these unsatisfied dependencies: (((MBEDTLS_TLS_VERSION_1_0 || MBEDTLS_TLS_VERSION_1_1 ||
MBEDTLS_TLS_VERSION_1_2) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS)
|| ((MBEDTLS_TLS_VERSION_1_0 || MBEDTLS_TLS_VERSION_1_1 || MBEDTLS_TLS_VERSION_1_2) &&
MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n). See
http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_SSL_ALPN and/or look up
MBEDTLS_SSL_ALPN in the menuconfig/guiconfig interface. The Application Development Primer, Setting
Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful
too.


warning: MBEDTLS_PEM_CERTIFICATE_FORMAT (defined at modules/mbedtls/Kconfig.tls-generic:401,
modules/mbedtls/Kconfig.tls-generic:401) was assigned the value 'y' but got the value 'n'. Check
these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&
MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).
See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT and/or
look up MBEDTLS_PEM_CERTIFICATE_FORMAT in the menuconfig/guiconfig interface. The Application
Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of
the manual might be helpful too.


warning: MBEDTLS_SERVER_NAME_INDICATION (defined at modules/mbedtls/Kconfig.tls-generic:446,
modules/mbedtls/Kconfig.tls-generic:446) was assigned the value 'y' but got the value 'n'. Check
these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&
MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).
See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_SERVER_NAME_INDICATION and/or
look up MBEDTLS_SERVER_NAME_INDICATION in the menuconfig/guiconfig interface. The Application
Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of
the manual might be helpful too.


warning: MBEDTLS_HAVE_TIME_DATE (defined at modules/mbedtls/Kconfig.tls-generic:458,
modules/mbedtls/Kconfig.tls-generic:458) was assigned the value 'y' but got the value 'n'. Check
these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&
MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).
See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_HAVE_TIME_DATE and/or look up
MBEDTLS_HAVE_TIME_DATE in the menuconfig/guiconfig interface. The Application Development Primer,
Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be
helpful too.


warning: MBEDTLS_SSL_MAX_CONTENT_LEN (defined at modules/mbedtls/Kconfig:73,
modules/mbedtls/Kconfig:73) was assigned the value '16384' but got the value ''. Check these
unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS && 0)) (=n).
See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN and/or look
up MBEDTLS_SSL_MAX_CONTENT_LEN in the menuconfig/guiconfig interface. The Application Development
Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual
might be helpful too.


warning: The choice symbol MBEDTLS_BUILTIN (defined at modules/mbedtls/Kconfig:30,
modules/mbedtls/Kconfig:30) was selected (set =y), but MBEDTLS_LIBRARY_NRF_SECURITY (defined at
/home/vscode/workspaces/external_dependencies/nrf/subsys/nrf_security/Kconfig:293) ended up as the
choice selection. See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_BUILTIN
and/or look up MBEDTLS_BUILTIN in the menuconfig/guiconfig interface. The Application Development
Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual
might be helpful too.

    In the warning we can clearly see that MBEDTLS_HAVE_TIME_DATE is not being used.

  • 0 in reply to Ligo George

    Hi,

    PSA Crypto does not support TIME_DATE. For now, legacy option must be used.

    Best regards,
    Dejan

  • 0 in reply to dejans

    Does it mean that it is not possible to check expiry of certificates ? 

  • 0 in reply to Ligo George

    Hi,

    Could you provide information on how your project acquires time and how time is kept synchronized?

    Best regards,
    Dejan

Reply Children
Related