• State Not Answered
  • Replies 3 replies
  • Subscribers 74 subscribers
  • Views 61 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 345138
Options

Issue combining sample that uses CONFIG_NRF_SECURITY and CONFIG_MBEDTLS_BUILTIN

Oli

I have two projects, project MQTT, that was built around the Secure MQTT Sensor/Actuator sample and project CRYPTO, that was built around the Crypto AES-CCM sample. I am trying to combine both codebases into a single project. But when I append the prj.conf from project CRYPTO to project MQTT and build, there are build errors. It seems to be related to the fact that the CRYPTO project uses `CONFIG_NRF_SECURITY=y` which selects `DISABLE_MBEDTLS_BUILTIN `, whereas the MQTT sets `CONFIG_MBEDTLS_BUILTIN=y`. My code does not directly call mbedtls functions, but it uses Zephyr's MQTT library with TLS (e.g.: `client->transport.type = MQTT_TRANSPORT_SECURE;`).

Here's the combined proj.conf file:

######## MQTT PROJECT CONFIG ###########

# Enable network stack
CONFIG_NETWORKING=y
# CONFIG_NET_LOG=y

# Enable IPv4
CONFIG_NET_IPV4=y

# Enable IPv6
CONFIG_NET_IPV6=n

# Enable TCP
CONFIG_NET_TCP=y

# Enable DHCP
# CONFIG_NET_DHCPV4=y

# Enable Sockets (used by MQTT lib)
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y

# Enable MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# CONFIG_MODEM_A767X_APN="internet.ideasclaro.com.do"
CONFIG_MODEM_A767X_APN="internet"
# CONFIG_MODEM_A767X_APN="internet"
# CONFIG_NET_LOG=y
# CONFIG_NET_L2_PPP_LOG_LEVEL_DBG=y

# see if that fixes the issue with the modem
# CONFIG_NET_L2_PPP_OPTION_SERVE_DNS=n
# CONFIG_NET_L2_PPP_OPTION_SERVE_IP=n
# CONFIG_NET_L2_PPP_OPTION_MRU=n

CONFIG_MODEM_CELLULAR=n
CONFIG_NET_L2_PPP_PAP=n

# Enable Mbed TLS
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_BUILTIN=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=60000
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
CONFIG_MBEDTLS_SERVER_NAME_INDICATION=y

# Enable JSON
CONFIG_JSON_LIBRARY=y

# Enable net conn manager
CONFIG_NET_CONNECTION_MANAGER=y

# Enable device hostname
CONFIG_NET_HOSTNAME_ENABLE=y

# Enable Posix API functionality
CONFIG_POSIX_API=y

# Enable sensor API
CONFIG_SENSOR=y

# Enable LED API
CONFIG_LED=y

# Custom:
# Insecure MQTT
CONFIG_NET_SAMPLE_MQTT_BROKER_HOSTNAME="sandbox.mymqttserver.io"
# CONFIG_NET_SAMPLE_MQTT_BROKER_PORT="1883"
CONFIG_NET_SAMPLE_MQTT_BROKER_PORT="8883"
# Enable MQTT with TLS
CONFIG_MQTT_LIB_TLS=y
# Disable MQTT with TLS
# CONFIG_MQTT_LIB_TLS=n

# MQTT Authentication
CONFIG_REVVIT_MQTT_USER_NAME="myuser"
CONFIG_REVVIT_MQTT_PASSWORD="mypass"

CONFIG_NET_SAMPLE_MQTT_PUB_TOPIC="zephyr/cellular/data"
CONFIG_NET_SAMPLE_MQTT_SUB_TOPIC_CMD="zephyr/cellular/command"

CONFIG_NET_SAMPLE_MQTT_PUBLISH_INTERVAL=10

CONFIG_LOG=y

CONFIG_MODEM_LOG_LEVEL_DBG=y
CONFIG_MODEM_MODULES_LOG_LEVEL_DBG=y
CONFIG_MODEM_CMUX_LOG_LEVEL_DBG=y
CONFIG_MODEM_CMUX_WORK_BUFFER_SIZE=1500

# Increase buffers
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
CONFIG_NET_TX_STACK_SIZE=4096
CONFIG_NET_RX_STACK_SIZE=4096
CONFIG_LOG_BUFFER_SIZE=4096
CONFIG_NET_MGMT_EVENT_STACK_SIZE=4096
# Increase Rx net buffers
CONFIG_NET_BUF_RX_COUNT=100

# necessary to print floating numbers
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_FLOAT_PRINTF=y

# Enable shell
CONFIG_SHELL=y
CONFIG_SHELL_WILDCARD=n
CONFIG_MODEM_AT_SHELL=y

######## CRYPTO PROJECT CONFIG ###########

# Using hardware crypto accelerator
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

# Mbedtls configuration
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192

# Enable logging system to USB
CONFIG_LOG=y

# <BLE>
CONFIG_BT=y
CONFIG_BT_PERIPHERAL=y
CONFIG_BT_DEVICE_NAME="bale module"
# Allow multiple devices to connect at once
CONFIG_BT_MAX_CONN=6
CONFIG_BT_BUF_ACL_RX_COUNT=7

# we need min. 65 (ECDH_PUBLIC_KEY_SIZE) + 3 (ATT HEADER) = 68 bytes
# to be able to write to the pubkey characteristic
CONFIG_BT_L2CAP_TX_MTU=247
CONFIG_BT_BUF_ACL_TX_SIZE=251
CONFIG_BT_BUF_ACL_RX_SIZE=251

# CONFIG_BT_LOG_LEVEL_DBG=y
# Enable Security Management Protocol
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
# CONFIG_BT_GATT_DYNAMIC_DB=y
# </BLE>

# Needed for LEDs
CONFIG_DK_LIBRARY=y
CONFIG_BT_HCI_ERR_TO_STR=y

# <CRYPTO>
# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

CONFIG_PSA_WANT_ALG_ECDH=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT=y
CONFIG_PSA_WANT_ECC_SECP_R1_256=y

# For key generation
CONFIG_PSA_WANT_GENERATE_RANDOM=y

# For AES-CCM
CONFIG_PSA_WANT_KEY_TYPE_AES=y
CONFIG_PSA_WANT_ALG_CCM=y

CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000
CONFIG_MBEDTLS_ENABLE_HEAP=y
# CONFIG_MBEDTLS_HEAP_SIZE=16384

CONFIG_MAIN_STACK_SIZE=8192
# CONFIG_MAIN_STACK_SIZE=4096
CONFIG_HEAP_MEM_POOL_SIZE=8192

CONFIG_BT_HCI_TX_STACK_SIZE=4096
CONFIG_BT_RX_STACK_SIZE=4096

# </CRYPTO>

Build error:

 *  Executing task: nRF Connect: Build [pristine]: myproj-firmware/build 

Building myproj-firmware
west build --build-dir /Users/redacted/code/redacted/myproj/myproj-firmware/build /Users/redacted/code/redacted/myproj/myproj-firmware --pristine --board nrf52840dk/nrf52840 --sysbuild -- -DNCS_TOOLCHAIN_VERSION=NONE -DBOARD_ROOT=/Users/redacted/code/nordic/myboards;/Users/redacted/code/redacted/myproj/myproj-firmware

-- west build: generating a build system
Loading Zephyr module(s) (Zephyr base): sysbuild_default
-- Found Python3: /opt/nordic/ncs/toolchains/b8efef2ad5/opt/[email protected]/bin/python3.12 (found suitable version "3.12.4", minimum required is "3.8") found components: Interpreter 
-- Cache files will be written to: /Users/redacted/Library/Caches/zephyr
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: nrf52840dk, qualifiers: nrf52840
Parsing /opt/nordic/ncs/v2.9.1/zephyr/share/sysbuild/Kconfig
Loaded configuration '/Users/redacted/code/redacted/myproj/myproj-firmware/build/_sysbuild/empty.conf'
Merged configuration '/Users/redacted/code/redacted/myproj/myproj-firmware/build/_sysbuild/empty.conf'
Configuration saved to '/Users/redacted/code/redacted/myproj/myproj-firmware/build/zephyr/.config'
Kconfig header saved to '/Users/redacted/code/redacted/myproj/myproj-firmware/build/_sysbuild/autoconf.h'
-- 
   *************************************
   * Running CMake for myproj-firmware *
   *************************************

Loading Zephyr default modules (Zephyr base).
-- Application: /Users/redacted/code/redacted/myproj/myproj-firmware
-- CMake version: 3.21.0
-- Found Python3: /opt/nordic/ncs/toolchains/b8efef2ad5/bin/python (found suitable version "3.12.4", minimum required is "3.8") found components: Interpreter 
-- Cache files will be written to: /Users/redacted/Library/Caches/zephyr
-- Zephyr version: 3.7.99 (/opt/nordic/ncs/v2.9.1/zephyr)
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: nrf52840dk, qualifiers: nrf52840
-- Found host-tools: zephyr 0.17.0 (/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.17.0 (/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk)
-- Found Dtc: /opt/nordic/ncs/toolchains/b8efef2ad5/bin/dtc (found suitable version "1.6.1", minimum required is "1.4.6") 
-- Found BOARD.dts: /opt/nordic/ncs/v2.9.1/zephyr/boards/nordic/nrf52840dk/nrf52840dk_nrf52840.dts
-- Found devicetree overlay: /Users/redacted/code/redacted/myproj/myproj-firmware/boards/nrf52840dk_nrf52840.overlay
-- Generated zephyr.dts: /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/zephyr.dts
-- Generated devicetree_generated.h: /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/include/generated/zephyr/devicetree_generated.h
-- Including generated dts.cmake file: /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/dts.cmake

warning: BT_HCI_TX_STACK_SIZE (defined at
/opt/nordic/ncs/v2.9.1/nrf/subsys/bluetooth/controller/Kconfig:80, subsys/bluetooth/host/Kconfig:43,
subsys/bluetooth/host/Kconfig:43) was assigned the value '4096' but got the value '1536'. See
http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_BT_HCI_TX_STACK_SIZE and/or look up
BT_HCI_TX_STACK_SIZE in the menuconfig/guiconfig interface. The Application Development Primer,
Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be
helpful too.


warning: MBEDTLS_PEM_CERTIFICATE_FORMAT (defined at modules/mbedtls/Kconfig.tls-generic:405,
modules/mbedtls/Kconfig.tls-generic:405) was assigned the value 'y' but got the value 'n'. Check
these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&
MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).
See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT and/or
look up MBEDTLS_PEM_CERTIFICATE_FORMAT in the menuconfig/guiconfig interface. The Application
Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of
the manual might be helpful too.


warning: MBEDTLS_SERVER_NAME_INDICATION (defined at modules/mbedtls/Kconfig.tls-generic:464,
modules/mbedtls/Kconfig.tls-generic:464) was assigned the value 'y' but got the value 'n'. Check
these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&
MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).
See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_SERVER_NAME_INDICATION and/or
look up MBEDTLS_SERVER_NAME_INDICATION in the menuconfig/guiconfig interface. The Application
Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of
the manual might be helpful too.


warning: MBEDTLS_SSL_MAX_CONTENT_LEN (defined at modules/mbedtls/Kconfig:72,
modules/hostap/Kconfig:310, modules/hostap/Kconfig:310, modules/hostap/Kconfig:310,
modules/mbedtls/Kconfig:72) was assigned the value '16384' but got the value ''. Check these
unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS) || (WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
&& WIFI_NM_WPA_SUPPLICANT) || (WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE && WIFI_NM_WPA_SUPPLICANT)
|| (WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE && WIFI_NM_WPA_SUPPLICANT && 0) || (MBEDTLS_BUILTIN &&
MBEDTLS && 0)) (=n). See
http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN and/or look up
MBEDTLS_SSL_MAX_CONTENT_LEN in the menuconfig/guiconfig interface. The Application Development
Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual
might be helpful too.


warning: The choice symbol MBEDTLS_BUILTIN (defined at modules/mbedtls/Kconfig:29,
modules/mbedtls/Kconfig:29) was selected (set =y), but MBEDTLS_LIBRARY_NRF_SECURITY (defined at
/opt/nordic/ncs/v2.9.1/nrf/subsys/nrf_security/Kconfig:249) ended up as the choice selection. See
http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_BUILTIN and/or look up
MBEDTLS_BUILTIN in the menuconfig/guiconfig interface. The Application Development Primer, Setting
Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful
too.


warning: Experimental symbol POSIX_ASYNCHRONOUS_IO is enabled.


warning: Experimental symbol POSIX_DEVICE_IO is enabled.


warning: Experimental symbol POSIX_FD_MGMT is enabled.


warning: Experimental symbol POSIX_MULTI_PROCESS is enabled.


warning: Experimental symbol POSIX_REALTIME_SIGNALS is enabled.


warning: Experimental symbol POSIX_SIGNALS is enabled.


warning: Experimental symbol BT_HCI_ERR_TO_STR is enabled.


warning: Experimental symbol MODEM_MODULES is enabled.


warning: Experimental symbol NET_SOCKETS_SERVICE is enabled.


warning: Experimental symbol NET_CONNECTION_MANAGER is enabled.

Parsing /Users/redacted/code/redacted/myproj/myproj-firmware/Kconfig
Loaded configuration '/opt/nordic/ncs/v2.9.1/zephyr/boards/nordic/nrf52840dk/nrf52840dk_nrf52840_defconfig'
Merged configuration '/Users/redacted/code/redacted/myproj/myproj-firmware/prj.conf'
Merged configuration '/Users/redacted/code/redacted/myproj/myproj-firmware/boards/nrf52840dk_nrf52840.conf'
Merged configuration '/Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/.config.sysbuild'
Configuration saved to '/Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/.config'
Kconfig header saved to '/Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/include/generated/zephyr/autoconf.h'
-- Found GnuLd: /opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/arm-zephyr-eabi/bin/ld.bfd (found version "2.38") 
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: /opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc
=========== Generating psa_crypto_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: True
Backup: CONFIG_MBEDTLS_THREADING: False
Backup: CONFIG_MBEDTLS_THREADING_ALT: True
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: True
Restore: CONFIG_MBEDTLS_THREADING: False
Restore: CONFIG_MBEDTLS_THREADING_ALT: True
=========== End psa_crypto_config ===============
=========== Generating psa_crypto_library_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_USE_PSA_CRYPTO: True
Backup: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Backup: CONFIG_MBEDTLS_THREADING: False
Backup: CONFIG_MBEDTLS_THREADING_ALT: True
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_USE_PSA_CRYPTO: True
Restore: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Restore: CONFIG_MBEDTLS_THREADING: False
Restore: CONFIG_MBEDTLS_THREADING_ALT: True
=========== End psa_crypto_library_config ===============
-- Setting build type to 'MinSizeRel' as none was specified.
-- Using ccache: /opt/nordic/ncs/toolchains/b8efef2ad5/bin/ccache
-- Configuring done
-- Generating done
-- Build files have been written to: /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware
-- Configuring done
-- Generating done
-- Build files have been written to: /Users/redacted/code/redacted/myproj/myproj-firmware/build
-- west build: building application
[1/396] Preparing syscall dependency handling

[6/396] Generating include/generated/zephyr/version.h
-- Zephyr version: 3.7.99 (/opt/nordic/ncs/v2.9.1/zephyr), build: v3.7.99-ncs2-1-1-gdd31bcfcb2d2
[247/396] Building C object zephyr/subsys/net/CMakeFiles/subsys__net.dir/lib/sockets/sockets_tls.c.obj
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c: In function 'tls_session_store':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:680:15: warning: implicit declaration of function 'mbedtls_ssl_get_session'; did you mean 'mbedtls_ssl_get_version'? [-Wimplicit-function-declaration]
  680 |         ret = mbedtls_ssl_get_session(&context->ssl, &session);
      |               ^~~~~~~~~~~~~~~~~~~~~~~
      |               mbedtls_ssl_get_version
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c: In function 'tls_session_restore':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:716:15: warning: implicit declaration of function 'mbedtls_ssl_set_session'; did you mean 'mbedtls_ssl_get_version'? [-Wimplicit-function-declaration]
  716 |         ret = mbedtls_ssl_set_session(&context->ssl, &session);
      |               ^~~~~~~~~~~~~~~~~~~~~~~
      |               mbedtls_ssl_get_version
[391/396] Linking C executable zephyr/zephyr_pre0.elf
FAILED: zephyr/zephyr_pre0.elf zephyr/zephyr_pre0.map /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/zephyr_pre0.map 
: && ccache /opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc -Os -DNDEBUG -gdwarf-4 -gdwarf-4 zephyr/CMakeFiles/zephyr_pre0.dir/misc/empty_file.c.obj -o zephyr/zephyr_pre0.elf  zephyr/CMakeFiles/offsets.dir/./arch/arm/core/offsets/offsets.c.obj  -T  zephyr/linker_zephyr_pre0.cmd  -Wl,-Map=/Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/zephyr_pre0.map  -Wl,--whole-archive  app/libapp.a  zephyr/libzephyr.a  zephyr/arch/common/libarch__common.a  zephyr/arch/arch/arm/core/libarch__arm__core.a  zephyr/arch/arch/arm/core/cortex_m/libarch__arm__core__cortex_m.a  zephyr/arch/arch/arm/core/mpu/libarch__arm__core__mpu.a  zephyr/lib/libc/newlib/liblib__libc__newlib.a  zephyr/lib/libc/common/liblib__libc__common.a  zephyr/lib/posix/options/liblib__posix__options.a  zephyr/lib/net_buf/liblib__net_buf.a  zephyr/lib/os/zvfs/liblib__os__zvfs.a  zephyr/soc/soc/nrf52840/libsoc__nordic.a  zephyr/subsys/fs/libsubsys__fs.a  zephyr/subsys/random/libsubsys__random.a  zephyr/subsys/bluetooth/common/libsubsys__bluetooth__common.a  zephyr/subsys/bluetooth/host/libsubsys__bluetooth__host.a  zephyr/subsys/modem/libsubsys__modem.a  zephyr/subsys/modem/backends/libsubsys__modem__backends.a  zephyr/subsys/net/libsubsys__net.a  zephyr/subsys/net/l2/ppp/libsubsys__net__l2__ppp.a  zephyr/subsys/net/ip/libsubsys__net__ip.a  zephyr/subsys/net/lib/mqtt/libsubsys__net__lib__mqtt.a  zephyr/subsys/net/lib/dns/libsubsys__net__lib__dns.a  zephyr/subsys/net/conn_mgr/libsubsys__net__conn_mgr.a  zephyr/drivers/clock_control/libdrivers__clock_control.a  zephyr/drivers/console/libdrivers__console.a  zephyr/drivers/entropy/libdrivers__entropy.a  zephyr/drivers/gpio/libdrivers__gpio.a  zephyr/drivers/led/libdrivers__led.a  zephyr/drivers/modem/libdrivers__modem.a  zephyr/drivers/pinctrl/libdrivers__pinctrl.a  zephyr/drivers/serial/libdrivers__serial.a  zephyr/drivers/timer/libdrivers__timer.a  modules/nrf/lib/dk_buttons_and_leds/lib..__nrf__lib__dk_buttons_and_leds.a  modules/nrf/lib/multithreading_lock/lib..__nrf__lib__multithreading_lock.a  modules/nrf/subsys/bluetooth/controller/lib..__nrf__subsys__bluetooth__controller.a  modules/nrf/subsys/nrf_security/src/zephyr/libmbedtls_zephyr.a  modules/nrf/subsys/mpsl/init/lib..__nrf__subsys__mpsl__init.a  modules/nrf/subsys/mpsl/fem/lib..__nrf__subsys__mpsl__fem.a  modules/nrf/drivers/hw_cc3xx/lib..__nrf__drivers__hw_cc3xx.a  modules/nrf/drivers/mpsl/clock_control/lib..__nrf__drivers__mpsl__clock_control.a  modules/nrf/drivers/mpsl/temp_nrf5/lib..__nrf__drivers__mpsl__temp_nrf5.a  modules/hal_nordic/nrfx/libmodules__hal_nordic__nrfx.a  modules/segger/libmodules__segger.a  -Wl,--no-whole-archive  zephyr/kernel/libkernel.a  -L/Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr  zephyr/arch/common/libisr_tables.a  /opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_oberon/lib/cortex-m4/soft-float/liboberon_3.0.15.a  -mcpu=cortex-m4  -mthumb  -mabi=aapcs  -mfp16-format=ieee  -fuse-ld=bfd  -Wl,--gc-sections  -Wl,--build-id=none  -Wl,--sort-common=descending  -Wl,--sort-section=alignment  -Wl,-u,_OffsetAbsSyms  -Wl,-u,_ConfigAbsSyms  -nostdlib  -static  -Wl,-X  -Wl,-N  -Wl,--orphan-handling=warn  -Wl,-no-pie  -L"/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/arm-zephyr-eabi"/lib/thumb/v7e-m/nofp  -u_printf_float  -specs=nano.specs  modules/nrf/subsys/nrf_security/src/libmbedcrypto.a  modules/nrf/subsys/nrf_security/src/core/nrf_oberon/liboberon_psa_core.a  /opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_cc310_mbedcrypto/lib/cortex-m4/soft-float/no-interrupts/libnrf_cc310_psa_crypto_0.9.19.a  /opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_cc310_mbedcrypto/lib/cortex-m4/soft-float/no-interrupts/libnrf_cc310_legacy_crypto_0.9.19.a  /opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_cc310_mbedcrypto/lib/cortex-m4/soft-float/no-interrupts/libnrf_cc310_core_0.9.19.a  /opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_cc310_platform/lib/cortex-m4/soft-float/no-interrupts/libnrf_cc310_platform_0.9.19.a  modules/nrf/subsys/nrf_security/src/libmbedcrypto_base.a  -lc  modules/nrf/subsys/nrf_security/src/libnrf_security_utils.a  zephyr/kernel/libkernel.a  -lc  /opt/nordic/ncs/v2.9.1/nrfxlib/softdevice_controller/lib/nrf52/soft-float/libsoftdevice_controller_peripheral.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/common/lib/nrf52/soft-float/libmpsl_fem_common.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/nrf21540_gpio/lib/nrf52/soft-float/libmpsl_fem_nrf21540_gpio.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/nrf21540_gpio_spi/lib/nrf52/soft-float/libmpsl_fem_nrf21540_gpio_spi.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/nrf2220/lib/nrf52/soft-float/libmpsl_fem_nrf2220.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/nrf2240/lib/nrf52/soft-float/libmpsl_fem_nrf2240.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/nrf22xx/lib/nrf52/soft-float/libmpsl_fem_nrf22xx.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/simple_gpio/lib/nrf52/soft-float/libmpsl_fem_simple_gpio.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/lib/nrf52/soft-float/libmpsl.a -L"/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/thumb/v7e-m/nofp" -lm -lc -lgcc -lc && cd /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr && /opt/nordic/ncs/toolchains/b8efef2ad5/Cellar/cmake/3.21.0/bin/cmake -E true
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_release':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:537: undefined reference to `mbedtls_ssl_config_free'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:538: undefined reference to `mbedtls_ssl_free'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_mbedtls_reset':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1166: undefined reference to `mbedtls_ssl_session_reset'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_poll_update_pollin':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:3141: undefined reference to `mbedtls_ssl_get_bytes_avail'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_socket_data_check':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:3088: undefined reference to `mbedtls_ssl_read'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:3131: undefined reference to `mbedtls_ssl_get_bytes_avail'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_mbedtls_init':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1299: undefined reference to `mbedtls_ssl_set_bio'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1310: undefined reference to `mbedtls_ssl_config_defaults'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1386: undefined reference to `mbedtls_ssl_conf_authmode'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1390: undefined reference to `mbedtls_ssl_conf_rng'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1402: undefined reference to `mbedtls_ssl_conf_ciphersuites'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1428: undefined reference to `mbedtls_ssl_setup'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_alloc':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:467: undefined reference to `mbedtls_ssl_init'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:468: undefined reference to `mbedtls_ssl_config_init'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_poll_prepare_pollin':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:2976: undefined reference to `mbedtls_ssl_get_bytes_avail'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:2976: undefined reference to `mbedtls_ssl_get_bytes_avail'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_mbedtls_handshake':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1199: undefined reference to `mbedtls_ssl_handshake'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_close_ctx':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:2118: undefined reference to `mbedtls_ssl_close_notify'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_restore':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:708: undefined reference to `mbedtls_ssl_session_init'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_get':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:652: undefined reference to `mbedtls_ssl_session_load'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_restore':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:722: undefined reference to `mbedtls_ssl_session_free'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_store':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:678: undefined reference to `mbedtls_ssl_session_init'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:680: undefined reference to `mbedtls_ssl_get_session'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_save':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:610: undefined reference to `mbedtls_ssl_session_save'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:618: undefined reference to `mbedtls_ssl_session_save'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_store':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:692: undefined reference to `mbedtls_ssl_session_free'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_restore':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:716: undefined reference to `mbedtls_ssl_set_session'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `send_tls':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:2294: undefined reference to `mbedtls_ssl_write'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `recv_tls':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:2589: undefined reference to `mbedtls_ssl_read'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_opt_ciphersuite_list_get':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1571: undefined reference to `mbedtls_ssl_list_ciphersuites'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_opt_ciphersuite_used_get':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1599: undefined reference to `mbedtls_ssl_get_ciphersuite'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1604: undefined reference to `mbedtls_ssl_get_ciphersuite_id'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_opt_ciphersuite_list_set':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1553: undefined reference to `mbedtls_ssl_conf_ciphersuites'
collect2: error: ld returned 1 exit status
ninja: build stopped: subcommand failed.
FAILED: _sysbuild/sysbuild/images/myproj-firmware-prefix/src/myproj-firmware-stamp/myproj-firmware-build /Users/redacted/code/redacted/myproj/myproj-firmware/build/_sysbuild/sysbuild/images/myproj-firmware-prefix/src/myproj-firmware-stamp/myproj-firmware-build 
cd /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware && /opt/nordic/ncs/toolchains/b8efef2ad5/Cellar/cmake/3.21.0/bin/cmake --build .
ninja: build stopped: subcommand failed.
FATAL ERROR: command exited with status 1: /opt/nordic/ncs/toolchains/b8efef2ad5/bin/cmake --build /Users/redacted/code/redacted/myproj/myproj-firmware/build

 *  The terminal process terminated with exit code: 1. 
 *  Terminal will be reused by tasks, press any key to close it.

Any idea how to fix this?

Parents
  • 0

    It seems that setting `CONFIG_NORDIC_SECURITY_BACKEND=y` fixed the build error but now my MQTT sample can't connect to the server anymore. It fails with this message:

     <err> app_mqtt: MQTT Connect failed [-22]

    On my server mosquitto logs I'm seeing:

    1746745615: New connection from 200.88.239.106:56149 on port 8883.
    1746745615: OpenSSL Error[0]: error:0A000126:SSL routines::unexpected eof while reading
    1746745615: Client <unknown> disconnected: Protocol error.
    1746745616: Client connection from 200.88.239.106 failed: error:0A000126:SSL routines::unexpected eof while reading.
    1746745617: Client connection from 200.88.239.106 failed: error:0A000126:SSL routines::unexpected eof while reading.
    1746745618: Client connection from 200.88.239.106 failed: error:0A000126:SSL routines::unexpected eof while reading.
    1746745620: New connection from 200.88.239.106:49703 on port 8883.
    1746745620: OpenSSL Error[0]: error:0A000126:SSL routines::unexpected eof while reading
    1746745620: Client <unknown> disconnected: Protocol error.
    1746745621: New connection from 200.88.239.106:23860 on port 8883.
    1746745621: OpenSSL Error[0]: error:0A000126:SSL routines::unexpected eof while reading
    1746745621: Client <unknown> disconnected: Protocol error.

    etc.

    Updated prj.conf:

    # Enable network stack
CONFIG_NETWORKING=y
# CONFIG_NET_LOG=y

# Enable IPv4
CONFIG_NET_IPV4=y

# Enable IPv6
CONFIG_NET_IPV6=n

# Enable TCP
CONFIG_NET_TCP=y

# Enable DHCP
# CONFIG_NET_DHCPV4=y

# Enable Sockets (used by MQTT lib)
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y

# Enable MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# CONFIG_MODEM_A767X_APN="internet.ideasclaro.com.do"
CONFIG_MODEM_A767X_APN="internet"
# CONFIG_MODEM_A767X_APN="internet"
# CONFIG_NET_LOG=y
# CONFIG_NET_L2_PPP_LOG_LEVEL_DBG=y

# see if that fixes the issue with the modem
# CONFIG_NET_L2_PPP_OPTION_SERVE_DNS=n
# CONFIG_NET_L2_PPP_OPTION_SERVE_IP=n
# CONFIG_NET_L2_PPP_OPTION_MRU=n

CONFIG_MODEM_CELLULAR=n
CONFIG_NET_L2_PPP_PAP=n

# Enable Mbed TLS
CONFIG_MBEDTLS=y
CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_MBEDTLS_BUILTIN=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=60000
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
CONFIG_MBEDTLS_SERVER_NAME_INDICATION=y

# Enable JSON
CONFIG_JSON_LIBRARY=y

# Enable net conn manager
CONFIG_NET_CONNECTION_MANAGER=y

# Enable device hostname
CONFIG_NET_HOSTNAME_ENABLE=y

# Enable Posix API functionality
CONFIG_POSIX_API=y

# Enable sensor API
CONFIG_SENSOR=y

# Enable LED API
CONFIG_LED=y

# Custom:
# Insecure MQTT
CONFIG_NET_SAMPLE_MQTT_BROKER_HOSTNAME="sandbox.myserver.io"
# CONFIG_NET_SAMPLE_MQTT_BROKER_PORT="1883"
CONFIG_NET_SAMPLE_MQTT_BROKER_PORT="8883"

# MQTT Authentication
# CONFIG_REVVIT_MQTT_USER_NAME="user"
# CONFIG_REVVIT_MQTT_PASSWORD="pass"

CONFIG_NET_SAMPLE_MQTT_PUB_TOPIC="zephyr/cellular/data"
CONFIG_NET_SAMPLE_MQTT_SUB_TOPIC_CMD="zephyr/cellular/command"

CONFIG_NET_SAMPLE_MQTT_PUBLISH_INTERVAL=10

CONFIG_LOG=y

CONFIG_MODEM_LOG_LEVEL_DBG=y
CONFIG_MODEM_MODULES_LOG_LEVEL_DBG=y
CONFIG_MODEM_CMUX_LOG_LEVEL_DBG=y
CONFIG_MODEM_CMUX_WORK_BUFFER_SIZE=1500

# Increase buffers
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
CONFIG_NET_TX_STACK_SIZE=4096
CONFIG_NET_RX_STACK_SIZE=4096
CONFIG_LOG_BUFFER_SIZE=4096
CONFIG_NET_MGMT_EVENT_STACK_SIZE=4096
# Increase Rx net buffers
CONFIG_NET_BUF_RX_COUNT=100

# necessary to print floating numbers
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_FLOAT_PRINTF=y

# Enable shell
CONFIG_SHELL=y
CONFIG_SHELL_WILDCARD=n
CONFIG_MODEM_AT_SHELL=y

# BLE:

# Using hardware crypto accelerator
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

# Mbedtls configuration
# CONFIG_MBEDTLS_ENABLE_HEAP=y
# CONFIG_MBEDTLS_HEAP_SIZE=8192

# <BLE>
CONFIG_BT=y
CONFIG_BT_PERIPHERAL=y
CONFIG_BT_DEVICE_NAME="bale module"
# Allow multiple devices to connect at once
CONFIG_BT_MAX_CONN=6
CONFIG_BT_BUF_ACL_RX_COUNT=7

# we need min. 65 (ECDH_PUBLIC_KEY_SIZE) + 3 (ATT HEADER) = 68 bytes
# to be able to write to the pubkey characteristic
CONFIG_BT_L2CAP_TX_MTU=247
CONFIG_BT_BUF_ACL_TX_SIZE=251
CONFIG_BT_BUF_ACL_RX_SIZE=251

# CONFIG_BT_LOG_LEVEL_DBG=y
# Enable Security Management Protocol
# CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
# CONFIG_BT_GATT_DYNAMIC_DB=y
# </BLE>

# Needed for LEDs
CONFIG_DK_LIBRARY=y
CONFIG_BT_HCI_ERR_TO_STR=y

# <CRYPTO>
# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

CONFIG_PSA_WANT_ALG_ECDH=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT=y
CONFIG_PSA_WANT_ECC_SECP_R1_256=y

# For key generation
CONFIG_PSA_WANT_GENERATE_RANDOM=y

# For AES-CCM
CONFIG_PSA_WANT_KEY_TYPE_AES=y
CONFIG_PSA_WANT_ALG_CCM=y

CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000
CONFIG_MBEDTLS_ENABLE_HEAP=y
# CONFIG_MBEDTLS_HEAP_SIZE=16384

# CONFIG_MAIN_STACK_SIZE=8192
# CONFIG_MAIN_STACK_SIZE=4096
# CONFIG_HEAP_MEM_POOL_SIZE=8192

# CONFIG_BT_HCI_TX_STACK_SIZE=4096
# CONFIG_BT_RX_STACK_SIZE=4096

# </CRYPTO>

Reply
  • 0

    It seems that setting `CONFIG_NORDIC_SECURITY_BACKEND=y` fixed the build error but now my MQTT sample can't connect to the server anymore. It fails with this message:

     <err> app_mqtt: MQTT Connect failed [-22]

    On my server mosquitto logs I'm seeing:

    1746745615: New connection from 200.88.239.106:56149 on port 8883.
    1746745615: OpenSSL Error[0]: error:0A000126:SSL routines::unexpected eof while reading
    1746745615: Client <unknown> disconnected: Protocol error.
    1746745616: Client connection from 200.88.239.106 failed: error:0A000126:SSL routines::unexpected eof while reading.
    1746745617: Client connection from 200.88.239.106 failed: error:0A000126:SSL routines::unexpected eof while reading.
    1746745618: Client connection from 200.88.239.106 failed: error:0A000126:SSL routines::unexpected eof while reading.
    1746745620: New connection from 200.88.239.106:49703 on port 8883.
    1746745620: OpenSSL Error[0]: error:0A000126:SSL routines::unexpected eof while reading
    1746745620: Client <unknown> disconnected: Protocol error.
    1746745621: New connection from 200.88.239.106:23860 on port 8883.
    1746745621: OpenSSL Error[0]: error:0A000126:SSL routines::unexpected eof while reading
    1746745621: Client <unknown> disconnected: Protocol error.

    etc.

    Updated prj.conf:

    # Enable network stack
CONFIG_NETWORKING=y
# CONFIG_NET_LOG=y

# Enable IPv4
CONFIG_NET_IPV4=y

# Enable IPv6
CONFIG_NET_IPV6=n

# Enable TCP
CONFIG_NET_TCP=y

# Enable DHCP
# CONFIG_NET_DHCPV4=y

# Enable Sockets (used by MQTT lib)
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y

# Enable MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# CONFIG_MODEM_A767X_APN="internet.ideasclaro.com.do"
CONFIG_MODEM_A767X_APN="internet"
# CONFIG_MODEM_A767X_APN="internet"
# CONFIG_NET_LOG=y
# CONFIG_NET_L2_PPP_LOG_LEVEL_DBG=y

# see if that fixes the issue with the modem
# CONFIG_NET_L2_PPP_OPTION_SERVE_DNS=n
# CONFIG_NET_L2_PPP_OPTION_SERVE_IP=n
# CONFIG_NET_L2_PPP_OPTION_MRU=n

CONFIG_MODEM_CELLULAR=n
CONFIG_NET_L2_PPP_PAP=n

# Enable Mbed TLS
CONFIG_MBEDTLS=y
CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_MBEDTLS_BUILTIN=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=60000
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
CONFIG_MBEDTLS_SERVER_NAME_INDICATION=y

# Enable JSON
CONFIG_JSON_LIBRARY=y

# Enable net conn manager
CONFIG_NET_CONNECTION_MANAGER=y

# Enable device hostname
CONFIG_NET_HOSTNAME_ENABLE=y

# Enable Posix API functionality
CONFIG_POSIX_API=y

# Enable sensor API
CONFIG_SENSOR=y

# Enable LED API
CONFIG_LED=y

# Custom:
# Insecure MQTT
CONFIG_NET_SAMPLE_MQTT_BROKER_HOSTNAME="sandbox.myserver.io"
# CONFIG_NET_SAMPLE_MQTT_BROKER_PORT="1883"
CONFIG_NET_SAMPLE_MQTT_BROKER_PORT="8883"

# MQTT Authentication
# CONFIG_REVVIT_MQTT_USER_NAME="user"
# CONFIG_REVVIT_MQTT_PASSWORD="pass"

CONFIG_NET_SAMPLE_MQTT_PUB_TOPIC="zephyr/cellular/data"
CONFIG_NET_SAMPLE_MQTT_SUB_TOPIC_CMD="zephyr/cellular/command"

CONFIG_NET_SAMPLE_MQTT_PUBLISH_INTERVAL=10

CONFIG_LOG=y

CONFIG_MODEM_LOG_LEVEL_DBG=y
CONFIG_MODEM_MODULES_LOG_LEVEL_DBG=y
CONFIG_MODEM_CMUX_LOG_LEVEL_DBG=y
CONFIG_MODEM_CMUX_WORK_BUFFER_SIZE=1500

# Increase buffers
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
CONFIG_NET_TX_STACK_SIZE=4096
CONFIG_NET_RX_STACK_SIZE=4096
CONFIG_LOG_BUFFER_SIZE=4096
CONFIG_NET_MGMT_EVENT_STACK_SIZE=4096
# Increase Rx net buffers
CONFIG_NET_BUF_RX_COUNT=100

# necessary to print floating numbers
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_FLOAT_PRINTF=y

# Enable shell
CONFIG_SHELL=y
CONFIG_SHELL_WILDCARD=n
CONFIG_MODEM_AT_SHELL=y

# BLE:

# Using hardware crypto accelerator
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

# Mbedtls configuration
# CONFIG_MBEDTLS_ENABLE_HEAP=y
# CONFIG_MBEDTLS_HEAP_SIZE=8192

# <BLE>
CONFIG_BT=y
CONFIG_BT_PERIPHERAL=y
CONFIG_BT_DEVICE_NAME="bale module"
# Allow multiple devices to connect at once
CONFIG_BT_MAX_CONN=6
CONFIG_BT_BUF_ACL_RX_COUNT=7

# we need min. 65 (ECDH_PUBLIC_KEY_SIZE) + 3 (ATT HEADER) = 68 bytes
# to be able to write to the pubkey characteristic
CONFIG_BT_L2CAP_TX_MTU=247
CONFIG_BT_BUF_ACL_TX_SIZE=251
CONFIG_BT_BUF_ACL_RX_SIZE=251

# CONFIG_BT_LOG_LEVEL_DBG=y
# Enable Security Management Protocol
# CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
# CONFIG_BT_GATT_DYNAMIC_DB=y
# </BLE>

# Needed for LEDs
CONFIG_DK_LIBRARY=y
CONFIG_BT_HCI_ERR_TO_STR=y

# <CRYPTO>
# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

CONFIG_PSA_WANT_ALG_ECDH=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT=y
CONFIG_PSA_WANT_ECC_SECP_R1_256=y

# For key generation
CONFIG_PSA_WANT_GENERATE_RANDOM=y

# For AES-CCM
CONFIG_PSA_WANT_KEY_TYPE_AES=y
CONFIG_PSA_WANT_ALG_CCM=y

CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000
CONFIG_MBEDTLS_ENABLE_HEAP=y
# CONFIG_MBEDTLS_HEAP_SIZE=16384

# CONFIG_MAIN_STACK_SIZE=8192
# CONFIG_MAIN_STACK_SIZE=4096
# CONFIG_HEAP_MEM_POOL_SIZE=8192

# CONFIG_BT_HCI_TX_STACK_SIZE=4096
# CONFIG_BT_RX_STACK_SIZE=4096

# </CRYPTO>

Children
  • 0 in reply to Oli

    I've confirmed that it connects fine with `CONFIG_MBEDTLS_BUILTIN=y` but not with `CONFIG_NORDIC_SECURITY_BACKEND=y`. I am not really sure what exactly CONFIG_NORDIC_SECURITY_BACKEND does... Does Nordic have its own implementation that is compatible with mbedtls API? If so, maybe it doesn't respect some config values that I had to set in the secure MQTT sample?


    CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
    CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
    CONFIG_MBEDTLS_SERVER_NAME_INDICATION=y

    I'm a bit stuck here... if there is a sample that uses both TLS (e.g. secure MQTT) and CONFIG_NORDIC_SECURITY_BACKEND that would help a lot to help me figure out how to configure everything. Any help appreciated.

Related
Terms of service