• State Not Answered
  • Replies 0 replies
  • Subscribers 68 subscribers
  • Views 23 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 334140
Options

sysbuild NCS 2.7 #error "One crypto backend must be defined: either MBED_TLS or TINYCRYPT"

JMA

Hi there, I-m trying to compile a hello world sample with an encrypted bootloader

# Sysbuild configuration file.
#see C:\D\dev\nordicsemi\v2.7.0\nrf\doc\nrf\releases_and_maturity\migration\migration_sysbuild.rst    
#inmutable secure bootloader
SB_CONFIG_SECURE_BOOT_APPCORE=y

#inmutable secure bootloader for netcore
#SB_CONFIG_SECURE_BOOT_NETCORE=y

# Enable MCUboot per default for this sample.
SB_CONFIG_BOOTLOADER_MCUBOOT=y

#signing images
SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE="../key15_2_ecdsa-p256.pem"

#first key is automatically added, adding future ones
SB_CONFIG_SECURE_BOOT_PUBLIC_KEY_FILES="../key15_3_pub_ecdsa-p256.pem,../key15_4_pub_ecdsa-p256.pem"

#signature & encryption keys for images
SB_CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y
SB_CONFIG_BOOT_SIGNATURE_KEY_FILE="../NCS27_ecdsa-p256.pem"
#enable encryption
SB_CONFIG_BOOT_ENCRYPTION=y
SB_CONFIG_BOOT_ENCRYPTION_KEY_FILE="../NCS27_1_SK_ecdsa-p256.pem"
SB_CONFIG_MCUBOOT_MODE_SINGLE_APP=n
SB_CONFIG_MCUBOOT_MODE_SWAP_SCRATCH=y
SB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=n
SB_CONFIG_MCUBOOT_MODE_DIRECT_XIP=n
SB_CONFIG_MCUBOOT_HARDWARE_DOWNGRADE_PREVENTION=y

#allow netcore HCI
SB_CONFIG_NETCORE_HCI_IPC=y



System build: Use sysbuild

I'm getting these errors:

In file included from C:/D/dev/nordicsemi/v2.7.0/bootloader/mcuboot/boot/bootutil/include/bootutil/enc_key.h:33,
                 from C:/D/dev/nordicsemi/v2.7.0/bootloader/mcuboot/boot/bootutil/src/image_validate.c:44:
C:/D/dev/nordicsemi/v2.7.0/bootloader/mcuboot/boot/bootutil/include/bootutil/crypto/aes_ctr.h:19:6: error: #error "One crypto backend must be defined: either MBED_TLS or TINYCRYPT"
   19 |     #error "One crypto backend must be defined: either MBED_TLS or TINYCRYPT"

C:/D/dev/nordicsemi/v2.7.0/bootloader/mcuboot/boot/bootutil/include/bootutil/enc_key.h:45:5: error: unknown type name 'bootutil_aes_ctr_context'
   45 |     bootutil_aes_ctr_context aes_ctr;

and

C:/D/dev/nordicsemi/v2.7.0/bootloader/mcuboot/ext/tinycrypt/lib/source/hmac.c:33:10: fatal error: tinycrypt/hmac.h: No such file or directory
   33 | #include <tinycrypt/hmac.h>

I also tried all these settings  in sysbuild/mcuboot.conf without success:

# Example of sample specific Kconfig changes when building sample with MCUboot
# when using sysbuild.
#CONFIG_MCUBOOT_LOG_LEVEL_WRN=y
#CONFIG_BOOT_UPGRADE_ONLY=n
#CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y
#CONFIG_BOOT_ENCRYPT_IMAGE=y
#CONFIG_SINGLE_APPLICATION_SLOT=n
#CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y
#CONFIG_BOOT_ECDSA_TINYCRYPT=y

edit: I've got autogen-enckey.c & autogen-pubkey.c at build/mcuboot/zephyr

I also have zephyr.bin, zephyr.signed.bin & zephyr.signed.encrypted.bin at build/myapp/zephyr

I have not more configutration except for custom board, can you help?, thanks in advance.

Running nrf connect SDK 2.7.0 and toolchain 2.7.0, VSC 1.93.1, nRF Connect for VS Code v2024.9.87,nRF Connect for VS Code Extension Pack v2024.9.5

Related