Secure build with WiFi and PSA crypto functions fails

Hi,

a small update - if I modify modules/crypto/mbedtls/include/mbedtls/private_access.h, so the _private part gets removed - I can successfully compile, use encryption keys, and use wpa supplicant, etc, and connect to the WiFi network.

So, is that a somewhat ok workaround, or will this bite me in the ass sometimes later?

Hi,

I'm currently building a product that uses PSA crypto API to generate, and save some keys in secure storage. I also need to have a WiFi functionality (nRF7002), but, the build fails when I switch on both of these options. I'm building without TF-M because it takes too much space for the app - I won't be able to implement all of the functionalities

If you are building everything as a secure image, the "secure storage" is in the exact same context as the rest of the running firmware. Ie. there is no security split, like with secure -> non-secure.

The answer there was to build the software with TF-M, but, that's not an option - I wont have enough flash/ram for my application if I have to do that. Is there some other option available for this to function?

Could you share the full build output?

tomislav_z said:

a small update - if I modify modules/crypto/mbedtls/include/mbedtls/private_access.h, so the _private part gets removed - I can successfully compile, use encryption keys, and use wpa supplicant, etc, and connect to the WiFi network.

So, is that a somewhat ok workaround, or will this bite me in the ass sometimes later?

What did you exactly modify here?

Kind regards,

Håkon

Yeah, I know it's in the same context, but, from the documentation here, my guess was, it should be enough to store a few keys, etc? The space in RAM, and FLASH for the whole TF-M stuff is not really a viable option since the WiFi+BLE stack basically consumes everything I can offer to it...
docs.nordicsemi.com/.../trusted_storage.html

Here's the build output - note that I renamed the build folder names to /redacted_folder/, etc, to not share anything private...  Can't find attach button here or something, so I pasted this as a code, sorry... The error that breaks the build is at the end of the text - the one mentioning private_ macro.

west build -p always -b nrf7002dk/nrf5340/cpuapp app  1 ✘  zephyrproject  
-- west build: making build dir /redacted_folder_name/redacted_project_name/build pristine
-- west build: generating a build system
Loading Zephyr module(s) (Zephyr base): sysbuild_default
-- Found Python3: /home/redacted_user_name/zephyrproject/.venv/bin/python3 (found suitable version "3.13.2", minimum required is "3.8") found components: Interpreter
-- Cache files will be written to: /home/redacted_user_name/.cache/zephyr
-- Found west (found suitable version "1.3.0", minimum required is "0.14.0")
CMake Warning at /redacted_folder_name/zephyr/cmake/modules/boards.cmake:136 (message):
  BOARD_ROOT element without a 'boards' subdirectory:


  /redacted_folder_name/redacted_project_name


  Hints:

    - if your board directory is '/foo/bar/boards/my_board' then add '/foo/bar' to BOARD_ROOT, not the entire board directory
    - if in doubt, use absolute paths
Call Stack (most recent call first):
  cmake/modules/sysbuild_default.cmake:15 (include)
  /redacted_folder_name/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:75 (include)
  /redacted_folder_name/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
  /redacted_folder_name/zephyr/share/sysbuild-package/cmake/SysbuildConfig.cmake:8 (include)
  template/CMakeLists.txt:10 (find_package)


-- Board: nrf7002dk, qualifiers: nrf5340/cpuapp
Parsing /redacted_folder_name/redacted_project_name/app/Kconfig.sysbuild
Loaded configuration '/redacted_folder_name/redacted_project_name/build/_sysbuild/empty.conf'
Merged configuration '/redacted_folder_name/redacted_project_name/app/sysbuild.conf'
Configuration saved to '/redacted_folder_name/redacted_project_name/build/zephyr/.config'
Kconfig header saved to '/redacted_folder_name/redacted_project_name/build/_sysbuild/autoconf.h'
-- 
   *****************************
   * Running CMake for mcuboot *
   *****************************

Loading Zephyr default modules (Zephyr base).
-- Application: /redacted_folder_name/bootloader/mcuboot/boot/zephyr
-- CMake version: 3.31.6
-- Found Python3: /home/redacted_user_name/zephyrproject/.venv/bin/python (found suitable version "3.13.2", minimum required is "3.8") found components: Interpreter
-- Cache files will be written to: /home/redacted_user_name/.cache/zephyr
-- Zephyr version: 3.7.99 (/redacted_folder_name/zephyr)
-- Found west (found suitable version "1.3.0", minimum required is "0.14.0")
CMake Warning at /redacted_folder_name/zephyr/cmake/modules/boards.cmake:136 (message):
  BOARD_ROOT element without a 'boards' subdirectory:


  /redacted_folder_name/redacted_project_name


  Hints:

    - if your board directory is '/foo/bar/boards/my_board' then add '/foo/bar' to BOARD_ROOT, not the entire board directory
    - if in doubt, use absolute paths
Call Stack (most recent call first):
  /redacted_folder_name/zephyr/cmake/modules/zephyr_default.cmake:133 (include)
  /redacted_folder_name/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:66 (include)
  /redacted_folder_name/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
  CMakeLists.txt:12 (find_package)


-- Board: nrf7002dk, qualifiers: nrf5340/cpuapp
-- ZEPHYR_TOOLCHAIN_VARIANT not set, trying to locate Zephyr SDK
-- Found host-tools: zephyr 0.17.0 (/home/redacted_user_name/zephyr-sdk-0.17.0)
-- Found toolchain: zephyr 0.17.0 (/home/redacted_user_name/zephyr-sdk-0.17.0)
-- Found Dtc: /home/redacted_user_name/zephyr-sdk-0.17.0/sysroots/x86_64-pokysdk-linux/usr/bin/dtc (found suitable version "1.6.0", minimum required is "1.4.6")
-- Found BOARD.dts: /redacted_folder_name/zephyr/boards/nordic/nrf7002dk/nrf7002dk_nrf5340_cpuapp.dts
-- Found devicetree overlay: /redacted_folder_name/redacted_project_name/app/sysbuild/mcuboot/boards/nrf7002dk_nrf5340_cpuapp.overlay
-- Generated zephyr.dts: /redacted_folder_name/redacted_project_name/build/mcuboot/zephyr/zephyr.dts
-- Generated devicetree_generated.h: /redacted_folder_name/redacted_project_name/build/mcuboot/zephyr/include/generated/zephyr/devicetree_generated.h
-- Including generated dts.cmake file: /redacted_folder_name/redacted_project_name/build/mcuboot/zephyr/dts.cmake
Parsing /redacted_folder_name/bootloader/mcuboot/boot/zephyr/Kconfig
Loaded configuration '/redacted_folder_name/zephyr/boards/nordic/nrf7002dk/nrf7002dk_nrf5340_cpuapp_defconfig'
Merged configuration '/redacted_folder_name/redacted_project_name/app/sysbuild/mcuboot/prj.conf'
Merged configuration '/redacted_folder_name/redacted_project_name/app/sysbuild/mcuboot/boards/nrf7002dk_nrf5340_cpuapp.conf'
Merged configuration '/redacted_folder_name/nrf/subsys/partition_manager/ext_flash_mcuboot_secondary.conf'
Merged configuration '/redacted_folder_name/redacted_project_name/build/mcuboot/zephyr/.config.sysbuild'
Configuration saved to '/redacted_folder_name/redacted_project_name/build/mcuboot/zephyr/.config'
Kconfig header saved to '/redacted_folder_name/redacted_project_name/build/mcuboot/zephyr/include/generated/zephyr/autoconf.h'
-- Found GnuLd: /home/redacted_user_name/zephyr-sdk-0.17.0/arm-zephyr-eabi/arm-zephyr-eabi/bin/ld.bfd (found version "2.38")
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: /home/redacted_user_name/zephyr-sdk-0.17.0/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc
MCUBoot bootloader key file: /redacted_folder_name/redacted_project_name/app/sysbuild/mcuboot/keys/redacted_key_name.pem
-- Configuring done (4.7s)
-- Generating done (0.2s)
-- Build files have been written to: /redacted_folder_name/redacted_project_name/build/mcuboot
-- 
   *******************************
   * Running CMake for ipc_radio *
   *******************************

Loading Zephyr default modules (Zephyr base).
-- Application: /redacted_folder_name/nrf/applications/ipc_radio
-- CMake version: 3.31.6
-- Found Python3: /home/redacted_user_name/zephyrproject/.venv/bin/python (found suitable version "3.13.2", minimum required is "3.8") found components: Interpreter
-- Cache files will be written to: /home/redacted_user_name/.cache/zephyr
-- Zephyr version: 3.7.99 (/redacted_folder_name/zephyr)
-- Found west (found suitable version "1.3.0", minimum required is "0.14.0")
CMake Warning at /redacted_folder_name/zephyr/cmake/modules/boards.cmake:136 (message):
  BOARD_ROOT element without a 'boards' subdirectory:


  /redacted_folder_name/redacted_project_name


  Hints:

    - if your board directory is '/foo/bar/boards/my_board' then add '/foo/bar' to BOARD_ROOT, not the entire board directory
    - if in doubt, use absolute paths
Call Stack (most recent call first):
  /redacted_folder_name/zephyr/cmake/modules/zephyr_default.cmake:133 (include)
  /redacted_folder_name/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:66 (include)
  /redacted_folder_name/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
  CMakeLists.txt:9 (find_package)


-- Board: nrf7002dk, qualifiers: nrf5340/cpunet
-- ZEPHYR_TOOLCHAIN_VARIANT not set, trying to locate Zephyr SDK
-- Found host-tools: zephyr 0.17.0 (/home/redacted_user_name/zephyr-sdk-0.17.0)
-- Found toolchain: zephyr 0.17.0 (/home/redacted_user_name/zephyr-sdk-0.17.0)
-- Found Dtc: /home/redacted_user_name/zephyr-sdk-0.17.0/sysroots/x86_64-pokysdk-linux/usr/bin/dtc (found suitable version "1.6.0", minimum required is "1.4.6")
-- Found BOARD.dts: /redacted_folder_name/zephyr/boards/nordic/nrf7002dk/nrf7002dk_nrf5340_cpunet.dts
-- Generated zephyr.dts: /redacted_folder_name/redacted_project_name/build/ipc_radio/zephyr/zephyr.dts
-- Generated devicetree_generated.h: /redacted_folder_name/redacted_project_name/build/ipc_radio/zephyr/include/generated/zephyr/devicetree_generated.h
-- Including generated dts.cmake file: /redacted_folder_name/redacted_project_name/build/ipc_radio/zephyr/dts.cmake
Parsing /redacted_folder_name/nrf/applications/ipc_radio/Kconfig
Loaded configuration '/redacted_folder_name/zephyr/boards/nordic/nrf7002dk/nrf7002dk_nrf5340_cpunet_defconfig'
Merged configuration '/redacted_folder_name/redacted_project_name/app/sysbuild/ipc_radio/prj.conf'
Merged configuration '/redacted_folder_name/redacted_project_name/build/ipc_radio/zephyr/.config.sysbuild'
Configuration saved to '/redacted_folder_name/redacted_project_name/build/ipc_radio/zephyr/.config'
Kconfig header saved to '/redacted_folder_name/redacted_project_name/build/ipc_radio/zephyr/include/generated/zephyr/autoconf.h'
-- Found GnuLd: /home/redacted_user_name/zephyr-sdk-0.17.0/arm-zephyr-eabi/arm-zephyr-eabi/bin/ld.bfd (found version "2.38")
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: /home/redacted_user_name/zephyr-sdk-0.17.0/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc
CMake Deprecation Warning at /redacted_folder_name/modules/hal/libmetal/libmetal/CMakeLists.txt:1 (cmake_minimum_required):
  Compatibility with CMake < 3.10 will be removed from a future version of
  CMake.

  Update the VERSION argument <min> value.  Or, use the <min>...<max> syntax
  to tell CMake that the project requires at least <min> but has been updated
  to work with policies introduced by <max> or earlier.


-- libmetal version: 1.6.0 (/redacted_folder_name/nrf/applications/ipc_radio)
-- Build type:  
-- Host:    Linux/x86_64
-- Target:  Generic/arm
-- Machine: arm
-- Looking for include file stdatomic.h
-- Looking for include file stdatomic.h - found
CMake Deprecation Warning at /redacted_folder_name/modules/lib/open-amp/open-amp/CMakeLists.txt:1 (cmake_minimum_required):
  Compatibility with CMake < 3.10 will be removed from a future version of
  CMake.

  Update the VERSION argument <min> value.  Or, use the <min>...<max> syntax
  to tell CMake that the project requires at least <min> but has been updated
  to work with policies introduced by <max> or earlier.


-- open-amp version: 1.6.1 (/redacted_folder_name/modules/lib/open-amp/open-amp)
-- Host:    Linux/x86_64
-- Target:  Generic/arm
-- Machine: arm
-- C_FLAGS :  -Wall -Wextra
-- Looking for include file fcntl.h
-- Looking for include file fcntl.h - found
-- Configuring done (4.9s)
-- Generating done (0.2s)
-- Build files have been written to: /redacted_folder_name/redacted_project_name/build/ipc_radio
-- 
   *************************
   * Running CMake for app *
   *************************

Loading Zephyr default modules (Zephyr base).
-- Application: /redacted_folder_name/redacted_project_name/app
-- CMake version: 3.31.6
-- Found Python3: /home/redacted_user_name/zephyrproject/.venv/bin/python (found suitable version "3.13.2", minimum required is "3.8") found components: Interpreter
-- Cache files will be written to: /home/redacted_user_name/.cache/zephyr
-- Zephyr version: 3.7.99 (/redacted_folder_name/zephyr)
-- Found west (found suitable version "1.3.0", minimum required is "0.14.0")
CMake Warning at /redacted_folder_name/zephyr/cmake/modules/boards.cmake:136 (message):
  BOARD_ROOT element without a 'boards' subdirectory:


  /redacted_folder_name/redacted_project_name


  Hints:

    - if your board directory is '/foo/bar/boards/my_board' then add '/foo/bar' to BOARD_ROOT, not the entire board directory
    - if in doubt, use absolute paths
Call Stack (most recent call first):
  /redacted_folder_name/zephyr/cmake/modules/zephyr_default.cmake:133 (include)
  /redacted_folder_name/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:66 (include)
  /redacted_folder_name/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
  CMakeLists.txt:7 (find_package)


-- Board: nrf7002dk, qualifiers: nrf5340/cpuapp
-- ZEPHYR_TOOLCHAIN_VARIANT not set, trying to locate Zephyr SDK
-- Found host-tools: zephyr 0.17.0 (/home/redacted_user_name/zephyr-sdk-0.17.0)
-- Found toolchain: zephyr 0.17.0 (/home/redacted_user_name/zephyr-sdk-0.17.0)
-- Found Dtc: /home/redacted_user_name/zephyr-sdk-0.17.0/sysroots/x86_64-pokysdk-linux/usr/bin/dtc (found suitable version "1.6.0", minimum required is "1.4.6")
-- Found BOARD.dts: /redacted_folder_name/zephyr/boards/nordic/nrf7002dk/nrf7002dk_nrf5340_cpuapp.dts
-- Found devicetree overlay: /redacted_folder_name/redacted_project_name/app/boards/nrf7002dk_nrf5340_cpuapp.overlay
-- Generated zephyr.dts: /redacted_folder_name/redacted_project_name/build/app/zephyr/zephyr.dts
-- Generated devicetree_generated.h: /redacted_folder_name/redacted_project_name/build/app/zephyr/include/generated/zephyr/devicetree_generated.h
-- Including generated dts.cmake file: /redacted_folder_name/redacted_project_name/build/app/zephyr/dts.cmake

warning: Deprecated symbol MBEDTLS_LEGACY_CRYPTO_C is enabled.


warning: Deprecated symbol BOARD_ENABLE_CPUNET is enabled.


warning: Experimental symbol WIFI_CREDENTIALS is enabled.


warning: Experimental symbol WIFI_NM_WPA_SUPPLICANT is enabled.


warning: Experimental symbol WIFI_NM_WPA_SUPPLICANT is enabled.


warning: Experimental symbol ISR_TABLES_LOCAL_DECLARATION is enabled.


warning: Experimental symbol NRF_WIFI_RPU_RECOVERY is enabled.


warning: Experimental symbol POSIX_ASYNCHRONOUS_IO is enabled.


warning: Experimental symbol POSIX_DEVICE_IO is enabled.


warning: Experimental symbol POSIX_FD_MGMT is enabled.


warning: Experimental symbol POSIX_MULTI_PROCESS is enabled.


warning: Experimental symbol POSIX_REALTIME_SIGNALS is enabled.


warning: Experimental symbol POSIX_SIGNALS is enabled.


warning: Experimental symbol NET_BUF_VARIABLE_DATA_SIZE is enabled.


warning: Experimental symbol NET_SOCKETS_SERVICE is enabled.


warning: Experimental symbol NET_CONNECTION_MANAGER is enabled.

Parsing /redacted_folder_name/redacted_project_name/app/Kconfig
Loaded configuration '/redacted_folder_name/zephyr/boards/nordic/nrf7002dk/nrf7002dk_nrf5340_cpuapp_defconfig'
Merged configuration '/redacted_folder_name/redacted_project_name/app/prj.conf'
Merged configuration '/redacted_folder_name/redacted_project_name/app/boards/nrf7002dk_nrf5340_cpuapp.conf'
Merged configuration '/redacted_folder_name/redacted_project_name/build/app/zephyr/.config.sysbuild'
Configuration saved to '/redacted_folder_name/redacted_project_name/build/app/zephyr/.config'
Kconfig header saved to '/redacted_folder_name/redacted_project_name/build/app/zephyr/include/generated/zephyr/autoconf.h'
-- Found GnuLd: /home/redacted_user_name/zephyr-sdk-0.17.0/arm-zephyr-eabi/arm-zephyr-eabi/bin/ld.bfd (found version "2.38")
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: /home/redacted_user_name/zephyr-sdk-0.17.0/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc
=========== Generating psa_crypto_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: True
Backup: CONFIG_MBEDTLS_THREADING: False
Backup: CONFIG_MBEDTLS_THREADING_ALT: True
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: True
Restore: CONFIG_MBEDTLS_THREADING: False
Restore: CONFIG_MBEDTLS_THREADING_ALT: True
=========== End psa_crypto_config ===============
=========== Generating psa_crypto_library_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_USE_PSA_CRYPTO: False
Backup: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Backup: CONFIG_MBEDTLS_THREADING: False
Backup: CONFIG_MBEDTLS_THREADING_ALT: True
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_USE_PSA_CRYPTO: False
Restore: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Restore: CONFIG_MBEDTLS_THREADING: False
Restore: CONFIG_MBEDTLS_THREADING_ALT: True
=========== End psa_crypto_library_config ===============
CMake Deprecation Warning at /redacted_folder_name/modules/hal/libmetal/libmetal/CMakeLists.txt:1 (cmake_minimum_required):
  Compatibility with CMake < 3.10 will be removed from a future version of
  CMake.

  Update the VERSION argument <min> value.  Or, use the <min>...<max> syntax
  to tell CMake that the project requires at least <min> but has been updated
  to work with policies introduced by <max> or earlier.


-- libmetal version: 1.6.0 (/redacted_folder_name/redacted_project_name/app)
-- Build type:  
-- Host:    Linux/x86_64
-- Target:  Generic/arm
-- Machine: arm
-- Looking for include file stdatomic.h
-- Looking for include file stdatomic.h - found
CMake Deprecation Warning at /redacted_folder_name/modules/lib/open-amp/open-amp/CMakeLists.txt:1 (cmake_minimum_required):
  Compatibility with CMake < 3.10 will be removed from a future version of
  CMake.

  Update the VERSION argument <min> value.  Or, use the <min>...<max> syntax
  to tell CMake that the project requires at least <min> but has been updated
  to work with policies introduced by <max> or earlier.


-- open-amp version: 1.6.1 (/redacted_folder_name/modules/lib/open-amp/open-amp)
-- Host:    Linux/x86_64
-- Target:  Generic/arm
-- Machine: arm
-- C_FLAGS :  -Wall -Wextra
-- Looking for include file fcntl.h
-- Looking for include file fcntl.h - found
-- Including signing script: /redacted_folder_name/nrf/cmake/sysbuild/image_signing.cmake
CMake Warning at /redacted_folder_name/zephyr/CMakeLists.txt:2133 (message):
  __ASSERT() statements are globally ENABLED


-- Configuring done (5.4s)
-- Generating done (0.3s)
-- Build files have been written to: /redacted_folder_name/redacted_project_name/build/app
-- Found partition manager static configuration : /redacted_folder_name/redacted_project_name/app/pm_static_nrf7002dk_nrf5340_cpuapp.yml
Partition 'mcuboot' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_pad' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_primary_app' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_primary' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_secondary' is not included in the dynamic resolving since it is statically defined.
Partition 'rpmsg_nrf53_sram' is not included in the dynamic resolving since it is statically defined.
Dropping partition 'hw_unique_key_partition' since its size is 0.
-- Configuring done (18.6s)
-- Generating done (0.0s)
-- Build files have been written to: /redacted_folder_name/redacted_project_name/build
-- west build: building application
[13/31] Performing build step for 'mcuboot'
[1/306] Preparing syscall dependency handling

[7/306] Generating include/generated/zephyr/version.h
-- Zephyr version: 3.7.99 (/redacted_folder_name/zephyr), build: v3.7.99-ncs2-1
[306/306] Linking C executable zephyr/zephyr.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:       46888 B        64 KB     71.55%
             RAM:       21352 B       448 KB      4.65%
        IDT_LIST:          0 GB        32 KB      0.00%
Generating files from /redacted_folder_name/redacted_project_name/build/mcuboot/zephyr/zephyr.elf for board: nrf7002dk
[16/31] Performing build step for 'app'
[0/1] Re-running CMake...
Loading Zephyr default modules (Zephyr base (cached)).
-- Application: /redacted_folder_name/redacted_project_name/app
-- CMake version: 3.31.6
-- Cache files will be written to: /home/redacted_user_name/.cache/zephyr
-- Zephyr version: 3.7.99 (/redacted_folder_name/zephyr)
-- Found west (found suitable version "1.3.0", minimum required is "0.14.0")
CMake Warning at /redacted_folder_name/zephyr/cmake/modules/boards.cmake:136 (message):
  BOARD_ROOT element without a 'boards' subdirectory:


  /redacted_folder_name/redacted_project_name


  Hints:

    - if your board directory is '/foo/bar/boards/my_board' then add '/foo/bar' to BOARD_ROOT, not the entire board directory
    - if in doubt, use absolute paths
Call Stack (most recent call first):
  /redacted_folder_name/zephyr/cmake/modules/zephyr_default.cmake:133 (include)
  /redacted_folder_name/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:66 (include)
  /redacted_folder_name/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:97 (include_boilerplate)
  CMakeLists.txt:7 (find_package)


-- Board: nrf7002dk, qualifiers: nrf5340/cpuapp
-- Found host-tools: zephyr 0.17.0 (/home/redacted_user_name/zephyr-sdk-0.17.0)
-- Found toolchain: zephyr 0.17.0 (/home/redacted_user_name/zephyr-sdk-0.17.0)
-- Found BOARD.dts: /redacted_folder_name/zephyr/boards/nordic/nrf7002dk/nrf7002dk_nrf5340_cpuapp.dts
-- Found devicetree overlay: /redacted_folder_name/redacted_project_name/app/boards/nrf7002dk_nrf5340_cpuapp.overlay
-- Generated zephyr.dts: /redacted_folder_name/redacted_project_name/build/app/zephyr/zephyr.dts
-- Generated devicetree_generated.h: /redacted_folder_name/redacted_project_name/build/app/zephyr/include/generated/zephyr/devicetree_generated.h
-- Including generated dts.cmake file: /redacted_folder_name/redacted_project_name/build/app/zephyr/dts.cmake

warning: Deprecated symbol MBEDTLS_LEGACY_CRYPTO_C is enabled.


warning: Deprecated symbol BOARD_ENABLE_CPUNET is enabled.


warning: Experimental symbol WIFI_CREDENTIALS is enabled.


warning: Experimental symbol WIFI_NM_WPA_SUPPLICANT is enabled.


warning: Experimental symbol WIFI_NM_WPA_SUPPLICANT is enabled.


warning: Experimental symbol ISR_TABLES_LOCAL_DECLARATION is enabled.


warning: Experimental symbol NRF_WIFI_RPU_RECOVERY is enabled.


warning: Experimental symbol POSIX_ASYNCHRONOUS_IO is enabled.


warning: Experimental symbol POSIX_DEVICE_IO is enabled.


warning: Experimental symbol POSIX_FD_MGMT is enabled.


warning: Experimental symbol POSIX_MULTI_PROCESS is enabled.


warning: Experimental symbol POSIX_REALTIME_SIGNALS is enabled.


warning: Experimental symbol POSIX_SIGNALS is enabled.


warning: Experimental symbol NET_BUF_VARIABLE_DATA_SIZE is enabled.


warning: Experimental symbol NET_SOCKETS_SERVICE is enabled.


warning: Experimental symbol NET_CONNECTION_MANAGER is enabled.

Parsing /redacted_folder_name/redacted_project_name/app/Kconfig
Loaded configuration '/redacted_folder_name/redacted_project_name/build/app/zephyr/.config'
Merged configuration '/redacted_folder_name/redacted_project_name/build/app/zephyr/.config.sysbuild'
No change to configuration in '/redacted_folder_name/redacted_project_name/build/app/zephyr/.config'
No change to Kconfig header in '/redacted_folder_name/redacted_project_name/build/app/zephyr/include/generated/zephyr/autoconf.h'
=========== Generating psa_crypto_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: True
Backup: CONFIG_MBEDTLS_THREADING: False
Backup: CONFIG_MBEDTLS_THREADING_ALT: True
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: True
Restore: CONFIG_MBEDTLS_THREADING: False
Restore: CONFIG_MBEDTLS_THREADING_ALT: True
=========== End psa_crypto_config ===============
=========== Generating psa_crypto_library_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_USE_PSA_CRYPTO: False
Backup: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Backup: CONFIG_MBEDTLS_THREADING: False
Backup: CONFIG_MBEDTLS_THREADING_ALT: True
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_USE_PSA_CRYPTO: False
Restore: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Restore: CONFIG_MBEDTLS_THREADING: False
Restore: CONFIG_MBEDTLS_THREADING_ALT: True
=========== End psa_crypto_library_config ===============
CMake Deprecation Warning at /redacted_folder_name/modules/hal/libmetal/libmetal/CMakeLists.txt:1 (cmake_minimum_required):
  Compatibility with CMake < 3.10 will be removed from a future version of
  CMake.

  Update the VERSION argument <min> value.  Or, use the <min>...<max> syntax
  to tell CMake that the project requires at least <min> but has been updated
  to work with policies introduced by <max> or earlier.


-- libmetal version: 1.6.0 (/redacted_folder_name/redacted_project_name/app)
-- Build type:  
-- Host:    Linux/x86_64
-- Target:  Generic/arm
-- Machine: arm
CMake Deprecation Warning at /redacted_folder_name/modules/lib/open-amp/open-amp/CMakeLists.txt:1 (cmake_minimum_required):
  Compatibility with CMake < 3.10 will be removed from a future version of
  CMake.

  Update the VERSION argument <min> value.  Or, use the <min>...<max> syntax
  to tell CMake that the project requires at least <min> but has been updated
  to work with policies introduced by <max> or earlier.


-- open-amp version: 1.6.1 (/redacted_folder_name/modules/lib/open-amp/open-amp)
-- Host:    Linux/x86_64
-- Target:  Generic/arm
-- Machine: arm
-- C_FLAGS :  -Wall -Wextra
-- Including signing script: /redacted_folder_name/nrf/cmake/sysbuild/image_signing.cmake
CMake Warning at /redacted_folder_name/zephyr/CMakeLists.txt:2133 (message):
  __ASSERT() statements are globally ENABLED


-- Configuring done (4.7s)
-- Generating done (0.3s)
-- Build files have been written to: /redacted_folder_name/redacted_project_name/build/app
[1/592] Preparing syscall dependency handling

[7/592] Generating include/generated/zephyr/version.h
-- Zephyr version: 3.7.99 (/redacted_folder_name/zephyr), build: v3.7.99-ncs2-1
[193/592] Building C object zephyr/CMakeFiles/zephyr.dir/home/redacted_user_name/Projects/redacted/1...diaboard_8.2_prototype_workspace/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c.obj
FAILED: zephyr/CMakeFiles/zephyr.dir/redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c.obj 
ccache /home/redacted_user_name/zephyr-sdk-0.17.0/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_ZEPHYR -DCONFIG_ECC -DCONFIG_MBO -DCONFIG_NO_CONFIG_BLOBS -DCONFIG_NO_CONFIG_WRITE -DCONFIG_NO_RANDOM_POOL -DCONFIG_ROBUST_AV -DCONFIG_RRM -DCONFIG_SAE -DCONFIG_SHA256 -DCONFIG_SHA384 -DCONFIG_SHA512 -DCONFIG_SME -DCONFIG_SUITEB -DCONFIG_SUITEB192 -DCONFIG_WMM_AC -DCONFIG_WNM -DKERNEL -DK_HEAP_MEM_POOL_SIZE=183600 -DMBEDTLS_CONFIG_FILE=\"nrf-config.h\" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\"nrf-psa-crypto-config.h\" -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE=\"nrf-psa-crypto-user-config.h\" -DNCS_APPLICATION_BOOT_BANNER_GIT_REPO -DNRF52_ERRATA_215_ENABLE_WORKAROUND=0 -DNRF5340_XXAA_APPLICATION -DNRF53_ERRATA_159_ENABLE_WORKAROUND=0 -DNRF53_ERRATA_43_ENABLE_WORKAROUND=0 -DNRF70_ANT_GAIN_2G=0 -DNRF70_ANT_GAIN_5G_BAND1=0 -DNRF70_ANT_GAIN_5G_BAND2=0 -DNRF70_ANT_GAIN_5G_BAND3=0 -DNRF70_BAND_2G_LOWER_EDGE_BACKOFF_DSSS=0 -DNRF70_BAND_2G_LOWER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_2G_LOWER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_2G_UPPER_EDGE_BACKOFF_DSSS=0 -DNRF70_BAND_2G_UPPER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_2G_UPPER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_UNII_1_LOWER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_UNII_1_LOWER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_UNII_1_UPPER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_UNII_1_UPPER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_UNII_2A_LOWER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_UNII_2A_LOWER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_UNII_2A_UPPER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_UNII_2A_UPPER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_UNII_2C_LOWER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_UNII_2C_LOWER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_UNII_2C_UPPER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_UNII_2C_UPPER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_UNII_3_LOWER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_UNII_3_LOWER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_UNII_3_UPPER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_UNII_3_UPPER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_UNII_4_LOWER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_UNII_4_LOWER_EDGE_BACKOFF_HT=0 -DNRF70_BAND_UNII_4_UPPER_EDGE_BACKOFF_HE=0 -DNRF70_BAND_UNII_4_UPPER_EDGE_BACKOFF_HT=0 -DNRF70_DATA_TX -DNRF70_LOG_VERBOSE -DNRF70_MAX_TX_PENDING_QLEN=18 -DNRF70_MAX_TX_TOKENS=10 -DNRF70_PCB_LOSS_2G=0 -DNRF70_PCB_LOSS_5G_BAND1=0 -DNRF70_PCB_LOSS_5G_BAND2=0 -DNRF70_PCB_LOSS_5G_BAND3=0 -DNRF70_REG_DOMAIN=00 -DNRF70_RPU_PS_IDLE_TIMEOUT_MS=10 -DNRF70_RX_MAX_DATA_SIZE=1600 -DNRF70_RX_NUM_BUFS=16 -DNRF70_STA_MODE -DNRF70_SYSTEM_MODE -DNRF70_TCP_IP_CHECKSUM_OFFLOAD -DNRF_SKIP_FICR_NS_COPY_TO_RAM -DNRF_WIFI_AP_DEAD_DETECT_TIMEOUT=20 -DNRF_WIFI_IFACE_MTU=1500 -DNRF_WIFI_LOW_POWER -DNRF_WIFI_MGMT_BUFF_OFFLOAD -DNRF_WIFI_PS_INT_PS=y -DNRF_WIFI_RPU_RECOVERY -DNRF_WIFI_RPU_RECOVERY_PS_ACTIVE_TIMEOUT_MS=50000 -DPB_MAX_REQUIRED_FIELDS=64 -DPICOLIBC_LONG_LONG_PRINTF_SCANF -DTLS_DEFAULT_CIPHERS=\"\"DEFAULT:!EXP:!LOW\"\" -DUSE_PARTITION_MANAGER=1 -DZCBOR_ASSERTS -D__LINUX_ERRNO_EXTENSIONS__ -D__PROGRAM_START -D__ZEPHYR__=1 -I/redacted_folder_name/zephyr/kernel/include -I/redacted_folder_name/zephyr/arch/arm/include -I/redacted_folder_name/zephyr/modules/hostap/src -I/redacted_folder_name/modules/lib/hostap -I/redacted_folder_name/modules/lib/hostap/src/utils -I/redacted_folder_name/modules/lib/hostap/src/drivers -I/redacted_folder_name/modules/lib/hostap/src -I/redacted_folder_name/zephyr/include -I/redacted_folder_name/zephyr/include/net -I/redacted_folder_name/redacted_project_name/app -I/redacted_folder_name/redacted_project_name/build/app/zephyr/include/generated/zephyr -I/redacted_folder_name/redacted_project_name/build/app/zephyr/include/generated -I/redacted_folder_name/zephyr/soc/nordic -I/redacted_folder_name/zephyr/include/zephyr/posix -I/redacted_folder_name/zephyr/soc/nordic/nrf53/. -I/redacted_folder_name/zephyr/soc/nordic/common/. -I/redacted_folder_name/zephyr/subsys/bluetooth -I/redacted_folder_name/zephyr/subsys/net/l2 -I/redacted_folder_name/zephyr/subsys/net/lib/dns/. -I/redacted_folder_name/zephyr/subsys/net/conn_mgr/. -I/redacted_folder_name/zephyr/subsys/settings/include -I/redacted_folder_name/zephyr/drivers/wifi/nrf_wifi/inc -I/redacted_folder_name/zephyr/subsys/net/ip -I/redacted_folder_name/nrf/include -I/redacted_folder_name/nrfxlib/crypto/nrf_cc312_mbedcrypto/include -I/redacted_folder_name/nrfxlib/crypto/nrf_cc312_mbedcrypto/include/mbedtls -I/redacted_folder_name/nrf/subsys/trusted_storage/include -I/redacted_folder_name/redacted_project_name/build/app/zephyr/misc/generated -I/redacted_folder_name/modules/lib/hostap/port/mbedtls -I/redacted_folder_name/nrf/tests/include -I/redacted_folder_name/modules/lib/nanopb -I/redacted_folder_name/modules/hal/cmsis/CMSIS/Core/Include -I/redacted_folder_name/zephyr/modules/cmsis/. -I/redacted_folder_name/modules/hal/nordic/nrfx -I/redacted_folder_name/modules/hal/nordic/nrfx/drivers/include -I/redacted_folder_name/modules/hal/nordic/nrfx/mdk -I/redacted_folder_name/zephyr/modules/hal_nordic/nrfx/. -I/redacted_folder_name/modules/lib/hostap/wpa_supplicant -I/redacted_folder_name/modules/lib/hostap/src/common -I/redacted_folder_name/modules/lib/hostap/src/eap_common -I/redacted_folder_name/modules/lib/hostap/src/eap_server -I/redacted_folder_name/modules/lib/hostap/src/radius -I/redacted_folder_name/modules/lib/hostap/src/crypto -I/redacted_folder_name/modules/lib/hostap/src/ap -I/redacted_folder_name/modules/lib/hostap/src/rsn_supp -I/redacted_folder_name/redacted_project_name/build/app/modules/libmetal/libmetal/lib/include -I/redacted_folder_name/modules/lib/open-amp/open-amp/lib/include -I/redacted_folder_name/modules/crypto/tinycrypt/lib/include -I/redacted_folder_name/modules/lib/zcbor/include -I/redacted_folder_name/nrfxlib/softdevice_controller/include -I/redacted_folder_name/redacted_project_name/build/app/generated/library_nrf_security_psa -I/redacted_folder_name/nrf/subsys/nrf_security/include -I/redacted_folder_name/nrf/subsys/nrf_security/src/utils -I/redacted_folder_name/modules/crypto/oberon-psa-crypto/include -I/redacted_folder_name/modules/crypto/oberon-psa-crypto/library -I/redacted_folder_name/modules/crypto/mbedtls/library -I/redacted_folder_name/modules/crypto/mbedtls/include -I/redacted_folder_name/modules/crypto/mbedtls/include/library -I/redacted_folder_name/zephyr/modules/nrf_wifi/os -I/redacted_folder_name/zephyr/modules/nrf_wifi/os/../bus -I/redacted_folder_name/modules/lib/nrf_wifi/utils/inc -I/redacted_folder_name/modules/lib/nrf_wifi/os_if/inc -I/redacted_folder_name/modules/lib/nrf_wifi/bus_if/bus/qspi/inc -I/redacted_folder_name/modules/lib/nrf_wifi/bus_if/bal/inc -I/redacted_folder_name/modules/lib/nrf_wifi/fw_if/umac_if/inc -I/redacted_folder_name/modules/lib/nrf_wifi/fw_load/mips/fw/inc -I/redacted_folder_name/modules/lib/nrf_wifi/hw_if/hal/inc -I/redacted_folder_name/modules/lib/nrf_wifi/hw_if/hal/inc/fw -I/redacted_folder_name/modules/lib/nrf_wifi/fw_if/umac_if/inc/fw -I/redacted_folder_name/modules/lib/nrf_wifi/fw_if/umac_if/inc/default -I/redacted_folder_name/bootloader/mcuboot/boot/bootutil/zephyr/.. -I/redacted_folder_name/bootloader/mcuboot/boot/bootutil/zephyr/../include -I/redacted_folder_name/bootloader/mcuboot/boot/bootutil/zephyr/../../zephyr/include -isystem /redacted_folder_name/zephyr/lib/libc/common/include -isystem /redacted_folder_name/nrfxlib/crypto/nrf_cc312_platform/include -fno-strict-aliasing -Oz -flto -imacros /redacted_folder_name/redacted_project_name/build/app/zephyr/include/generated/zephyr/autoconf.h -fno-printf-return-value -fno-common -g -gdwarf-4 -fdiagnostics-color=always -mcpu=cortex-m33 -mthumb -mabi=aapcs -mfp16-format=ieee -mtp=soft --sysroot=/home/redacted_user_name/zephyr-sdk-0.17.0/arm-zephyr-eabi/arm-zephyr-eabi -imacros /redacted_folder_name/zephyr/include/zephyr/toolchain/zephyr_stdint.h -Wall -Wformat -Wformat-security -Wno-format-zero-length -Wdouble-promotion -Wno-pointer-sign -Wpointer-arith -Wexpansion-to-defined -Wno-unused-but-set-variable -Werror=implicit-int -fno-pic -fno-pie -fno-asynchronous-unwind-tables -ftls-model=local-exec -fno-reorder-functions --param=min-pagesize=0 -fno-defer-pop -fmacro-prefix-map=/redacted_folder_name/redacted_project_name/app=CMAKE_SOURCE_DIR -fmacro-prefix-map=/redacted_folder_name/zephyr=ZEPHYR_BASE -fmacro-prefix-map=/home/redacted_user_name/Projects/redacted/redacted_project_name_workspace=WEST_TOPDIR -ffunction-sections -fdata-sections -specs=picolibc.specs -D_POSIX_THREADS -std=c11 -MD -MT zephyr/CMakeFiles/zephyr.dir/redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c.obj -MF zephyr/CMakeFiles/zephyr.dir/redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c.obj.d -o zephyr/CMakeFiles/zephyr.dir/redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c.obj -c /redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c
/redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c: In function 'crypto_mbedtls_dh_init_public':
/redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c:1430:41: error: 'mbedtls_dhm_context' has no member named 'private_X'
 1430 |     return mbedtls_mpi_write_binary(&ctx->MBEDTLS_PRIVATE(X), privkey, prime_len) ? -1 : 0;
      |                                         ^~
/redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c: In function 'crypto_dh_derive_secret':
/redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c:1491:45: error: 'mbedtls_dhm_context' has no member named 'private_X'
 1491 |                 mbedtls_mpi_read_binary(&ctx.MBEDTLS_PRIVATE(X), privkey, privkey_len) ||
      |                                             ^
/redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c: In function 'crypto_mbedtls_dh_init_public':
/redacted_folder_name/modules/lib/hostap/src/crypto/crypto_mbedtls_alt.c:1431:1: warning: control reaches end of non-void function [-Wreturn-type]
 1431 | }
      | ^
[210/592] Building C object zephyr/CMakeFiles/zephyr.dir/drivers/wifi/nrf_wifi/src/fw_load.c.obj
ninja: build stopped: subcommand failed.
[19/31] cd /redacted_folder_name/redacted_project_name/build/_sysbuild && /usr/bin/cmake -E true
FAILED: _sysbuild/sysbuild/images/app-prefix/src/app-stamp/app-build /redacted_folder_name/redacted_project_name/build/_sysbuild/sysbuild/images/app-prefix/src/app-stamp/app-build 
cd /redacted_folder_name/redacted_project_name/build/app && /usr/bin/cmake --build .
ninja: build stopped: subcommand failed.
FATAL ERROR: command exited with status 1: /usr/bin/cmake --build /redacted_folder_name/redacted_project_name/build

The thing that I modified is the definition of private macro - not really something that looks like a "proper" solution, but it was a start to try and compile the project.

in /modules/crypto/mbedtls/include/mbedtls/private_access.h i just modified the

#define MBEDTLS_PRIVATE(member) private_##member

to

#define MBEDTLS_PRIVATE(member) member

Hi,

Thank you for your patience and detailed description of the issue! 

I will pursue this internally and report your findings to the crypto team.

tomislav_z said:

Yeah, I know it's in the same context, but, from the documentation here, my guess was, it should be enough to store a few keys, etc? The space in RAM, and FLASH for the whole TF-M stuff is not really a viable option since the WiFi+BLE stack basically consumes everything I can offer to it...
docs.nordicsemi.com/.../trusted_storage.html

Yes, your observation is correct, that this will work with a "secure only" build as well, as shown in the "usage" chapter of your provided link:

https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/libraries/security/trusted_storage.html#usage

It does seem that we have forgotten a ifdef somewhere, as the PSA API shall be accessible even if you run a secure only build.

tomislav_z said:

in /modules/crypto/mbedtls/include/mbedtls/private_access.h i just modified the

Would it be easier if you add the define to your preprocessor? This does not require a direct change to the sources, but will probably give you a few redefinition warnings.

CONFIG_COMPILER_OPT="-DMBEDTLS_ALLOW_PRIVATE_ACCESS"

Kind regards,

Håkon

Well, PSA API is accessible - trusted storage works ok, but, when wpa supplicant is added, this error occurs... Wpa supplicant also works ok by itself.

But, when you combine the two - this happens.

Yeah, I added the define to the preprocessor - I adds a few tens of warnings, but works the same, yeah

But, if you think that either adding the define to the preprocessor, or fixing the file via patch won't cause any problems, it's a solid, simple solution for now, until things are fixed properly.

Thanks for your help :)

Well, PSA API is accessible - trusted storage works ok, but, when wpa supplicant is added, this error occurs... Wpa supplicant also works ok by itself.

But, when you combine the two - this happens.

Yeah, I added the define to the preprocessor - I adds a few tens of warnings, but works the same, yeah

But, if you think that either adding the define to the preprocessor, or fixing the file via patch won't cause any problems, it's a solid, simple solution for now, until things are fixed properly.

Thanks for your help :)