Hello, I am developing a project that involves authentication over NFC, and need to store a private key in TrustZone. I found the psa_crypto zephyr sample in the sdk, which appears to be what I need, however Ive been having issues getting it to work.
I have:
Debian 12 as dev environment
VSCode + nRF Connect extension
nRF SDK and Toolchain both v2.9.1
nRF54L15-DK
My difficulty is in finding a correct and working prj.conf/kconfig configuration. Since the psa_crypto sample relies on legacy mbedTLS function calls such as mbedtls_x509write_csr_init or PSA_ALG_ECDSA, requiring config symbols like CONFIG_MBEDTLS_X509_CSR_WRITE_C or CONFIG_MBEDTLS_ECDSA_C, with what looks like no equivalents in PSA, I deducted that I need to:
- use the nrf54l15 cpuapp ns (non-secure) build configuration which enables BUILD_WITH_TFM and NRF_SECURITY
- add CONFIG_MBEDTLS_LEGACY_CRYPTO_C in order to be able to compile the binaries with no warnings or errors
However what happens is, after flashing the firmware to the dev kit, the TF-M secure console output ends with "Partition initialization FAILED in 0x37c9" and the non-secure image does not even execute (program never reaches main()). After debugging I discovered this happens due to CONFIG_MBEDTLS_LEGACY_CRYPTO_C. Even building the Hello World sample for nrf54l15 cpuapp ns, and then just adding CONFIG_MBEDTLS_LEGACY_CRYPTO_C in its prj.conf, results in same behavior. However I clearly need CONFIG_MBEDTLS_LEGACY_CRYPTO_C in order to be able to use those legacy mbedTLS apis, and I cannot find alternatives. What can I do here?
