I'm encountering issues while building my project with custom boards. Each board has a corresponding *_defconfig file with specific configuration options, and I also have a prj.conf file in the project directory. Currently, I want to enable crypto operations and Mbed TLS with CryptoCell support on a custom board based on the nRF52840. Here’s the setup I’m using: In prj.conf : CONFIG_MBEDTLS_PSA_CRYPTO_C=y CONFIG_MBEDTLS_ENABLE_HEAP=y CONFIG_MBEDTLS_HEAP_SIZE=8192 CONFIG_PSA_WANT_GENERATE_RANDOM=y CONFIG_PSA_WANT_KEY_TYPE_AES=y CONFIG_PSA_WANT_ALG_CBC_NO_PADDING=y CONFIG_PSA_WANT_ALG_ECB_NO_PADDING=y In the board’s defconfig file : CONFIG_PSA_CRYPTO_DRIVER_OBERON=n CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y CONFIG_NRF_SECURITY=y Issues Encountered: Compilation Errors : When CONFIG_NRF_SECURITY=y is in the defconfig file, the project fails to compile. The following error appears: ncs/v2.7.0/modules/crypto/mbedtls/library/pk_internal.h:29:67: error: 'psa_to_pk_rsa_errors' undeclared (first use in this function); did you mean 'psa_to_ssl_errors'? 29 | psa_to_pk_rsa_errors However, if I move CONFIG_NRF_SECURITY=y to prj.conf , the project compiles, but with a warning: warning: PSA_CRYPTO_DRIVER_CC3XX (defined at /root/ncs/v2.7.0/nrf/subsys/nrf_security/src/drivers/Kconfig:17) was assigned the value 'y' but got the value 'n'. Check these unsatisfied dependencies: MBEDTLS_PSA_CRYPTO_C (=n), NRF_SECURITY (=n). Configuration Validation : Despite the warnings, when I check autoconf.h and .config files, PSA_CRYPTO_DRIVER_CC3XX appears to be set up correctly. Dependency Warnings : When I move these configurations: CONFIG_PSA_CRYPTO_DRIVER_OBERON=n CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y to prj.conf , everything compiles without any warnings. However, I'd like to keep these board-dependent settings in the defconfig file rather than prj.conf . Additional Configuration Conflict : Similarly, when I set: In defconfig : CONFIG_ENTROPY_NRF5_BIAS_CORRECTION=y CONFIG_ENTROPY_NRF5_RNG=y In prj.conf : CONFIG_ENTROPY_GENERATOR=y I get warnings that CONFIG_ENTROPY_NRF5_BIAS_CORRECTION and CONFIG_ENTROPY_NRF5_RNG require CONFIG_ENTROPY_GENERATOR . Question I assumed defconfig , prj.conf , and the CONFIG_ values from CMake would merge together. Are there specific dependencies or order constraints that prevent these configurations from working as expected? Or might I be misunderstanding the configuration merge process?

Problem with Kconfig configuration

I'm encountering issues while building my project with custom boards. Each board has a corresponding *_defconfig file with specific configuration options, and I also have a prj.conf file in the project directory. Currently, I want to enable crypto operations and Mbed TLS with CryptoCell support on a custom board based on the nRF52840.

Here’s the setup I’m using:

In prj.conf:

CONFIG_MBEDTLS_PSA_CRYPTO_C=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192
CONFIG_PSA_WANT_GENERATE_RANDOM=y
CONFIG_PSA_WANT_KEY_TYPE_AES=y
CONFIG_PSA_WANT_ALG_CBC_NO_PADDING=y
CONFIG_PSA_WANT_ALG_ECB_NO_PADDING=y

In the board’s defconfig file:

CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y
CONFIG_NRF_SECURITY=y

Issues Encountered:

Compilation Errors: When CONFIG_NRF_SECURITY=y is in the defconfig file, the project fails to compile. The following error appears:

ncs/v2.7.0/modules/crypto/mbedtls/library/pk_internal.h:29:67: error: 'psa_to_pk_rsa_errors' undeclared (first use in this function); did you mean 'psa_to_ssl_errors'? 29 | psa_to_pk_rsa_errors

However, if I move CONFIG_NRF_SECURITY=y to prj.conf, the project compiles, but with a warning:

warning: PSA_CRYPTO_DRIVER_CC3XX (defined at /root/ncs/v2.7.0/nrf/subsys/nrf_security/src/drivers/Kconfig:17) was assigned the value 'y' but got the value 'n'. Check these unsatisfied dependencies: MBEDTLS_PSA_CRYPTO_C (=n), NRF_SECURITY (=n).
Configuration Validation: Despite the warnings, when I check autoconf.h and .config files, PSA_CRYPTO_DRIVER_CC3XX appears to be set up correctly.
Dependency Warnings: When I move these configurations:

CONFIG_PSA_CRYPTO_DRIVER_OBERON=n CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

to prj.conf, everything compiles without any warnings. However, I'd like to keep these board-dependent settings in the defconfig file rather than prj.conf.
Additional Configuration Conflict: Similarly, when I set:
- In defconfig:
  
  CONFIG_ENTROPY_NRF5_BIAS_CORRECTION=y CONFIG_ENTROPY_NRF5_RNG=y
- In prj.conf:
  
  CONFIG_ENTROPY_GENERATOR=y
I get warnings that CONFIG_ENTROPY_NRF5_BIAS_CORRECTION and CONFIG_ENTROPY_NRF5_RNG require CONFIG_ENTROPY_GENERATOR.

Question

I assumed defconfig, prj.conf, and the CONFIG_ values from CMake would merge together. Are there specific dependencies or order constraints that prevent these configurations from working as expected? Or might I be misunderstanding the configuration merge process?

Parents

0 Hieu over 1 year ago

Are you building just one application for the nRF52840, or do you also have a bootloader or some other multi-image setup?

Most of the symptoms you described suggest maybe your _defconfig file wasn't picked up in the build. Have you checked the log to see if it's included? You can run a --pristine --cmake-only build to check.

Hieu
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Bartosz22 over 1 year ago in reply to Hieu

I'm using mcuboot, I have child and parent image which I see is deprecated and will be removed in NCS 2.9 but I don't is it a case. The board _defconfig file is included properly.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Hieu over 1 year ago in reply to Bartosz22

If you are building multi-image, you need to look closely at which build had the error you observed. Perhaps some configurations are not compatible with mcuboot.

If you add the configs to _defconfig, it will be added to both mcuboot, application, and any other images. You will also want to check if this result makes sense.

If you want to add the default config to _defconfig file, but only for the application, you can add a Kconfig file to conditionally override the default value based on which board is being built. Refer:
https://github.com/nrfconnect/sdk-zephyr/blob/v3.7.99-ncs1-rc1/boards/nordic/thingy53/Kconfig#L12-L27
https://github.com/nrfconnect/sdk-zephyr/blob/v3.7.99-ncs1-rc1/boards/nordic/thingy53/Kconfig.thingy53#L6-L9
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Hieu over 1 year ago in reply to Bartosz22

If you are building multi-image, you need to look closely at which build had the error you observed. Perhaps some configurations are not compatible with mcuboot.

If you add the configs to _defconfig, it will be added to both mcuboot, application, and any other images. You will also want to check if this result makes sense.

If you want to add the default config to _defconfig file, but only for the application, you can add a Kconfig file to conditionally override the default value based on which board is being built. Refer:
https://github.com/nrfconnect/sdk-zephyr/blob/v3.7.99-ncs1-rc1/boards/nordic/thingy53/Kconfig#L12-L27
https://github.com/nrfconnect/sdk-zephyr/blob/v3.7.99-ncs1-rc1/boards/nordic/thingy53/Kconfig.thingy53#L6-L9
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data