• State Not Answered
  • Replies 9 replies
  • Subscribers 68 subscribers
  • Views 225 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 335205
Options

Updating\removing BLE related libraries in SDK

EyalR

Hi,

I'm using nRF52832 with SDK 17.0.2. We were using the Snyk Vulnerability Database to scan our code and found issues with the libraries mbedtls, lwip-tcpip and micro-ecc.

mbedtls and lwip-tcpip offered version upgrades to fix the issue, while the micro-ecc issue had no solution.

My questions are:

1) How would I go about and manually upgrade mbedtls and lwip-tcpip libraries in the SDK? Is it a simple matter of overwriting the new libraries on top of the old ones?

2) Since we're not using any sort of encryptions or cryptography we don't really need the micro-cc library. How could I remove it from the code without breaking the compilation of the entire solution?

Thanks,

Eyal 

Parents
  • 0

    Hi Eyal

    1. In a perfect world it should be that simple, and although I think it is, we can't guarantee that it is. Please give it a try and see if that's sufficient.

    2. To remove encryption, open you sdk_config.h file, search for any settings related to micro-ecc (NRF_CRYPTO_BACKEND_MICRO_ECC_ENABLED for example). Set all these options you might find to 0. At least the one mentioned as an example should prevent that library from being included in the build.

    Best regards,

    Simon

  • 0 in reply to Simonr

    HI,

    Thanks for the answer. I tried replacing mbedtls to version 2.28.9 since I read that versions 2.xx shouldn't break coompilations. I copied the entire library into External\mbedtls\

    When compiling I get the error "MBEDTLS_CERTS_C defined, but not all prerequisites". I've tried using the same config.h or CMakeLists.txt as the current version of mbedtls but it didn't help. Any ideas where to go from here?

Reply
  • 0 in reply to Simonr

    HI,

    Thanks for the answer. I tried replacing mbedtls to version 2.28.9 since I read that versions 2.xx shouldn't break coompilations. I copied the entire library into External\mbedtls\

    When compiling I get the error "MBEDTLS_CERTS_C defined, but not all prerequisites". I've tried using the same config.h or CMakeLists.txt as the current version of mbedtls but it didn't help. Any ideas where to go from here?

Children
No Data
Related