nRF54L15 + SRAM + Crypto questions

RE: nRF54L15 + SRAM + Crypto questions

Amanda Hsieh — Tue, 14 Jan 2025 17:17:34 GMT

Hi,

[quote user="SubuMuthu"]1. Do you have an example for storing a key in KMU, then retrieving it after reboot and using it?[/quote]

Unfortunately, no, but you can refer to the following files

[quote user="SubuMuthu"]can you please help me to correct the below code? It is not working. The key is not set and error is generated.[/quote]

I use the following code and CONFIG_PSA_WANT_ALG_ECB_NO_PADDING=y with nrf\samples\crypto\aes_gcm to generate the key without issue. Please be aware that aes_gcm sample doesn't support encrypt/decrypt with PSA_ALG_ECB_NO_PADDING.

int generate_key(void)
{
	psa_status_t status;

	LOG_INF("Generating random AES key...");

	/* Configure the key attributes */
	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;

	psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
	//psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
	psa_set_key_algorithm(&key_attributes, PSA_ALG_ECB_NO_PADDING);
	psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
	psa_set_key_bits(&key_attributes, 128);

	psa_set_key_lifetime(&key_attributes,
				 PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
					 PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_CRACEN_KMU));
	psa_set_key_id(&key_attributes,
		PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, KMU_SLOT_NUM));	

	/* Generate a random key. The key is not exposed to the application,
	 * we can use it to encrypt/decrypt using the key handle
	 */
	status = psa_generate_key(&key_attributes, &key_id);
	if (status != PSA_SUCCESS) {
		LOG_INF("psa_generate_key failed! (Error: %d)", status);
		return APP_ERROR;
	}

	/* After the key handle is acquired the attributes are not needed */
	psa_reset_key_attributes(&key_attributes);

	LOG_INF("AES key generated successfully!");

	return 0;
}

[quote user="SubuMuthu"]3. How do I use this key after power cycle or reboot? [/quote]

See Using KMU keys doc.

[quote user="SubuMuthu"]4. I picked slot #50 (randomly) for testing purpose but would like to know which KMU slot is occupied or available. Is there an API?[/quote]

Currently, there is no such API as your requirement to check slot availability, but you can refer to the KMU slots section.

-Amanda H.

RE: nRF54L15 + SRAM + Crypto questions

SubuMuthu — Sun, 12 Jan 2025 17:00:02 GMT

Hi, can you please review and let me know? we are in development and have a release deadline.. Thanks for your understanding and support.

RE: nRF54L15 + SRAM + Crypto questions

SubuMuthu — Thu, 09 Jan 2025 23:56:14 GMT

Hi Amanda, Thank for the explanation.

Regarding Q4:

1. Do you have an example for storing a key in KMU, then retrieving it after reboot and using it?

2. If not, can you please help me to correct the below code? It is not working. The key is not set and error is generated.

Primarily I have a AES key and I want to store in KMU.

    psa_status_t ret;

#define AES_KEY_KMU_SLOT_ID 50

    psa_key_id_t mDACPrivKeyId;
    psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;

//    psa_reset_key_attributes(&key_attributes);
    psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
    psa_set_key_bits(&key_attributes, 128);
    psa_set_key_algorithm(&key_attributes, PSA_ALG_ECB_NO_PADDING);
    psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);

    mDACPrivKeyId = PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, AES_KEY_KMU_SLOT_ID);
    psa_set_key_id(&key_attributes, mDACPrivKeyId);

    psa_set_key_lifetime(
        &key_attributes,
        PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_CRACEN_KMU));

    // ret = psa_import_key(&key_attributes, mobile_public_key, 65, &mDACPrivKeyId);
    // when tried importing, the Error = -135 or -133
    //    ret = psa_copy_key(mobile_encryption_key_id, &key_attributes, &mDACPrivKeyId);
    // when tried copying, the error wass -133
    
    ret = psa_generate_key(&key_attributes, &mDACPrivKeyId); // does not generate key, no error

3. How do I use this key after power cycle or reboot?

4. I picked slot #50 (randomly) for testing purpose but would like to know which KMU slot is occupied or available. Is there an API?

Thanks

Subu

RE: nRF54L15 + SRAM + Crypto questions

Amanda Hsieh — Wed, 08 Jan 2025 20:15:31 GMT

Hi,

[quote user=""]Setting bonding will eliminate this but Matter standard does not allow bonding.[/quote]

Using CONFIG_BT_PRIVACY makes it non-compliant with the Matter specification, as it will make the device support Random Private Address. The Matter spec requires using static random address for the Matter BLE service advertising purpose and Random Private Address cannot be used. The address has to be rotated on every reboot.

However, this requirement is only for Matter BLE service purposes, so one workaround is to introduce a second Bluetooth identity for the non-Matter services. One of our developers has implemented this in the following commit: https://github.com/nrfconnect/sdk-connectedhomeip/commit/5ae63841a525579afce2c6bb7abcf33692b07a4a.

These changes make the BLEManager work in the following way:

If bonding is not enabled, a single Bluetooth ID will be used, and it will initialize a static random address before enabling the Bluetooth stack. If this is not initialized before the stack is enabled, it will configure Bluetooth ID itself and assign the default configuration to it, which we need to avoid,
If bonding is enabled, two Bluetooth IDs will be used. One is used for bonding and the other for Matter. We first have to initialize the Bluetooth stack to recover the persisted bonding configuration (encryption keys, etc.), and then we initialize a static address for the second Bluetooth ID.

You can see the changes that are required in the application here: https://github.com/nrfconnect/sdk-nrf/commit/f84125d62d76fe3dba9b5ae019eb1e66956f6160. To summarize, this Matter implementation allows to enable bonding, and it is necessary to set CONFIG_BT_ID_MAX=2 and enable CONFIG_BT_EXT_ADV on both the application and network cores.

[quote user=""]Question #1: is there a solution that will allow us to use encryption that comes with BLE stack than we writing the custom encryption (we would prefer BT_SECURITY_L4) but without the iPhone and Android pairing request notifications?I do not believe one exists but we want to ask Nordic to rule this option out.[/quote]

Unfortunately, there is no standard BLE security solution that provides encryption without triggering pairing notifications on iOS/Android. Nordic does not offer a built-in solution to avoid the pairing prompts while using BT_SECURITY_L4.

[quote user=""]Q2: When we look look at the ram_report, the SRAM needed for our Crypto application is very small - it is the space needed for variables. It looks like MBEDtls library did not take additional space. Does it look alright? From our reading, the MBEDtls should be a memory hog and should consume large memory while we are not seeing an increase in SRAM usage.. This is the reason for asking this question.[/quote]

The small SRAM usage you're seeing for crypto operations is expected when using PSA Crypto APIs. PSA Crypto leverages hardware acceleration provided by the CryptoCell on Nordic devices, which offloads much of the cryptographic processing from the main CPU. This results in lower SRAM usage compared to a pure software implementation like mbedTLS. Your observation is correct and not a cause for concern.

Please be aware that Mbed TLS legacy crypto toolbox APIs are marked as deprecated in the nRF Connect SDK version 2.8.0, and will be removed in a future version. See the Legacy crypto support.

[quote user=""]Q3. We tried TF-M (/ns builds), however, we are running out of SRAM. Without TF-M, the SRM usage comes to 220KB. When we try to build with /ns, the build complains that region `RAM' overflowed by 4076 bytes. [/quote]

I think you adapted from pm_static_nrf54l15dk_nrf54l15_cpuapp_ns.yml, then the SRAM layout would show like this

There seems to be insufficient space for your application. You can also look at the suggestions under Memory footprint optimization or Check if you can reduce the secure partition size (tfm_sram) without compromising the security features you need.

[quote user=""]Q4. We would like to store the resulting AES-128 bit asymmetric key in the KMU. It is little bit confusing from the readings if it will be possible to store the key in the KMU without TF-M as the documentation is sparse. Assuming that we won't be able to do TF-M, please provide an example, or provide the necessary guidelines for storing the keys and also the certificate in the KMU.[/quote]

See nRF54L Series cryptography.

Regards,
Amanda H.