• State Verified Answer
  • Replies 8 replies
  • Subscribers 75 subscribers
  • Views 300 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 345138
Options

Issue combining sample that uses CONFIG_NRF_SECURITY and CONFIG_MBEDTLS_BUILTIN

Oli

I have two projects, project MQTT, that was built around the Secure MQTT Sensor/Actuator sample and project CRYPTO, that was built around the Crypto AES-CCM sample. I am trying to combine both codebases into a single project. But when I append the prj.conf from project CRYPTO to project MQTT and build, there are build errors. It seems to be related to the fact that the CRYPTO project uses `CONFIG_NRF_SECURITY=y` which selects `DISABLE_MBEDTLS_BUILTIN `, whereas the MQTT sets `CONFIG_MBEDTLS_BUILTIN=y`. My code does not directly call mbedtls functions, but it uses Zephyr's MQTT library with TLS (e.g.: `client->transport.type = MQTT_TRANSPORT_SECURE;`).

Here's the combined proj.conf file:

######## MQTT PROJECT CONFIG ###########

# Enable network stack
CONFIG_NETWORKING=y
# CONFIG_NET_LOG=y

# Enable IPv4
CONFIG_NET_IPV4=y

# Enable IPv6
CONFIG_NET_IPV6=n

# Enable TCP
CONFIG_NET_TCP=y

# Enable DHCP
# CONFIG_NET_DHCPV4=y

# Enable Sockets (used by MQTT lib)
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y

# Enable MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# CONFIG_MODEM_A767X_APN="internet.ideasclaro.com.do"
CONFIG_MODEM_A767X_APN="internet"
# CONFIG_MODEM_A767X_APN="internet"
# CONFIG_NET_LOG=y
# CONFIG_NET_L2_PPP_LOG_LEVEL_DBG=y

# see if that fixes the issue with the modem
# CONFIG_NET_L2_PPP_OPTION_SERVE_DNS=n
# CONFIG_NET_L2_PPP_OPTION_SERVE_IP=n
# CONFIG_NET_L2_PPP_OPTION_MRU=n

CONFIG_MODEM_CELLULAR=n
CONFIG_NET_L2_PPP_PAP=n

# Enable Mbed TLS
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_BUILTIN=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=60000
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
CONFIG_MBEDTLS_SERVER_NAME_INDICATION=y

# Enable JSON
CONFIG_JSON_LIBRARY=y

# Enable net conn manager
CONFIG_NET_CONNECTION_MANAGER=y

# Enable device hostname
CONFIG_NET_HOSTNAME_ENABLE=y

# Enable Posix API functionality
CONFIG_POSIX_API=y

# Enable sensor API
CONFIG_SENSOR=y

# Enable LED API
CONFIG_LED=y

# Custom:
# Insecure MQTT
CONFIG_NET_SAMPLE_MQTT_BROKER_HOSTNAME="sandbox.mymqttserver.io"
# CONFIG_NET_SAMPLE_MQTT_BROKER_PORT="1883"
CONFIG_NET_SAMPLE_MQTT_BROKER_PORT="8883"
# Enable MQTT with TLS
CONFIG_MQTT_LIB_TLS=y
# Disable MQTT with TLS
# CONFIG_MQTT_LIB_TLS=n

# MQTT Authentication
CONFIG_REVVIT_MQTT_USER_NAME="myuser"
CONFIG_REVVIT_MQTT_PASSWORD="mypass"

CONFIG_NET_SAMPLE_MQTT_PUB_TOPIC="zephyr/cellular/data"
CONFIG_NET_SAMPLE_MQTT_SUB_TOPIC_CMD="zephyr/cellular/command"

CONFIG_NET_SAMPLE_MQTT_PUBLISH_INTERVAL=10

CONFIG_LOG=y

CONFIG_MODEM_LOG_LEVEL_DBG=y
CONFIG_MODEM_MODULES_LOG_LEVEL_DBG=y
CONFIG_MODEM_CMUX_LOG_LEVEL_DBG=y
CONFIG_MODEM_CMUX_WORK_BUFFER_SIZE=1500

# Increase buffers
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
CONFIG_NET_TX_STACK_SIZE=4096
CONFIG_NET_RX_STACK_SIZE=4096
CONFIG_LOG_BUFFER_SIZE=4096
CONFIG_NET_MGMT_EVENT_STACK_SIZE=4096
# Increase Rx net buffers
CONFIG_NET_BUF_RX_COUNT=100

# necessary to print floating numbers
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_FLOAT_PRINTF=y

# Enable shell
CONFIG_SHELL=y
CONFIG_SHELL_WILDCARD=n
CONFIG_MODEM_AT_SHELL=y

######## CRYPTO PROJECT CONFIG ###########

# Using hardware crypto accelerator
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

# Mbedtls configuration
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192

# Enable logging system to USB
CONFIG_LOG=y

# <BLE>
CONFIG_BT=y
CONFIG_BT_PERIPHERAL=y
CONFIG_BT_DEVICE_NAME="bale module"
# Allow multiple devices to connect at once
CONFIG_BT_MAX_CONN=6
CONFIG_BT_BUF_ACL_RX_COUNT=7

# we need min. 65 (ECDH_PUBLIC_KEY_SIZE) + 3 (ATT HEADER) = 68 bytes
# to be able to write to the pubkey characteristic
CONFIG_BT_L2CAP_TX_MTU=247
CONFIG_BT_BUF_ACL_TX_SIZE=251
CONFIG_BT_BUF_ACL_RX_SIZE=251

# CONFIG_BT_LOG_LEVEL_DBG=y
# Enable Security Management Protocol
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
# CONFIG_BT_GATT_DYNAMIC_DB=y
# </BLE>

# Needed for LEDs
CONFIG_DK_LIBRARY=y
CONFIG_BT_HCI_ERR_TO_STR=y

# <CRYPTO>
# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

CONFIG_PSA_WANT_ALG_ECDH=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT=y
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT=y
CONFIG_PSA_WANT_ECC_SECP_R1_256=y

# For key generation
CONFIG_PSA_WANT_GENERATE_RANDOM=y

# For AES-CCM
CONFIG_PSA_WANT_KEY_TYPE_AES=y
CONFIG_PSA_WANT_ALG_CCM=y

CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000
CONFIG_MBEDTLS_ENABLE_HEAP=y
# CONFIG_MBEDTLS_HEAP_SIZE=16384

CONFIG_MAIN_STACK_SIZE=8192
# CONFIG_MAIN_STACK_SIZE=4096
CONFIG_HEAP_MEM_POOL_SIZE=8192

CONFIG_BT_HCI_TX_STACK_SIZE=4096
CONFIG_BT_RX_STACK_SIZE=4096

# </CRYPTO>

Build error:

 *  Executing task: nRF Connect: Build [pristine]: myproj-firmware/build 

Building myproj-firmware
west build --build-dir /Users/redacted/code/redacted/myproj/myproj-firmware/build /Users/redacted/code/redacted/myproj/myproj-firmware --pristine --board nrf52840dk/nrf52840 --sysbuild -- -DNCS_TOOLCHAIN_VERSION=NONE -DBOARD_ROOT=/Users/redacted/code/nordic/myboards;/Users/redacted/code/redacted/myproj/myproj-firmware

-- west build: generating a build system
Loading Zephyr module(s) (Zephyr base): sysbuild_default
-- Found Python3: /opt/nordic/ncs/toolchains/b8efef2ad5/opt/[email protected]/bin/python3.12 (found suitable version "3.12.4", minimum required is "3.8") found components: Interpreter 
-- Cache files will be written to: /Users/redacted/Library/Caches/zephyr
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: nrf52840dk, qualifiers: nrf52840
Parsing /opt/nordic/ncs/v2.9.1/zephyr/share/sysbuild/Kconfig
Loaded configuration '/Users/redacted/code/redacted/myproj/myproj-firmware/build/_sysbuild/empty.conf'
Merged configuration '/Users/redacted/code/redacted/myproj/myproj-firmware/build/_sysbuild/empty.conf'
Configuration saved to '/Users/redacted/code/redacted/myproj/myproj-firmware/build/zephyr/.config'
Kconfig header saved to '/Users/redacted/code/redacted/myproj/myproj-firmware/build/_sysbuild/autoconf.h'
-- 
   *************************************
   * Running CMake for myproj-firmware *
   *************************************

Loading Zephyr default modules (Zephyr base).
-- Application: /Users/redacted/code/redacted/myproj/myproj-firmware
-- CMake version: 3.21.0
-- Found Python3: /opt/nordic/ncs/toolchains/b8efef2ad5/bin/python (found suitable version "3.12.4", minimum required is "3.8") found components: Interpreter 
-- Cache files will be written to: /Users/redacted/Library/Caches/zephyr
-- Zephyr version: 3.7.99 (/opt/nordic/ncs/v2.9.1/zephyr)
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: nrf52840dk, qualifiers: nrf52840
-- Found host-tools: zephyr 0.17.0 (/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.17.0 (/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk)
-- Found Dtc: /opt/nordic/ncs/toolchains/b8efef2ad5/bin/dtc (found suitable version "1.6.1", minimum required is "1.4.6") 
-- Found BOARD.dts: /opt/nordic/ncs/v2.9.1/zephyr/boards/nordic/nrf52840dk/nrf52840dk_nrf52840.dts
-- Found devicetree overlay: /Users/redacted/code/redacted/myproj/myproj-firmware/boards/nrf52840dk_nrf52840.overlay
-- Generated zephyr.dts: /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/zephyr.dts
-- Generated devicetree_generated.h: /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/include/generated/zephyr/devicetree_generated.h
-- Including generated dts.cmake file: /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/dts.cmake

warning: BT_HCI_TX_STACK_SIZE (defined at
/opt/nordic/ncs/v2.9.1/nrf/subsys/bluetooth/controller/Kconfig:80, subsys/bluetooth/host/Kconfig:43,
subsys/bluetooth/host/Kconfig:43) was assigned the value '4096' but got the value '1536'. See
http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_BT_HCI_TX_STACK_SIZE and/or look up
BT_HCI_TX_STACK_SIZE in the menuconfig/guiconfig interface. The Application Development Primer,
Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be
helpful too.


warning: MBEDTLS_PEM_CERTIFICATE_FORMAT (defined at modules/mbedtls/Kconfig.tls-generic:405,
modules/mbedtls/Kconfig.tls-generic:405) was assigned the value 'y' but got the value 'n'. Check
these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&
MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).
See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT and/or
look up MBEDTLS_PEM_CERTIFICATE_FORMAT in the menuconfig/guiconfig interface. The Application
Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of
the manual might be helpful too.


warning: MBEDTLS_SERVER_NAME_INDICATION (defined at modules/mbedtls/Kconfig.tls-generic:464,
modules/mbedtls/Kconfig.tls-generic:464) was assigned the value 'y' but got the value 'n'. Check
these unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" &&
MBEDTLS) || (MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n).
See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_SERVER_NAME_INDICATION and/or
look up MBEDTLS_SERVER_NAME_INDICATION in the menuconfig/guiconfig interface. The Application
Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of
the manual might be helpful too.


warning: MBEDTLS_SSL_MAX_CONTENT_LEN (defined at modules/mbedtls/Kconfig:72,
modules/hostap/Kconfig:310, modules/hostap/Kconfig:310, modules/hostap/Kconfig:310,
modules/mbedtls/Kconfig:72) was assigned the value '16384' but got the value ''. Check these
unsatisfied dependencies: ((MBEDTLS_BUILTIN && MBEDTLS) || (WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
&& WIFI_NM_WPA_SUPPLICANT) || (WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE && WIFI_NM_WPA_SUPPLICANT)
|| (WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE && WIFI_NM_WPA_SUPPLICANT && 0) || (MBEDTLS_BUILTIN &&
MBEDTLS && 0)) (=n). See
http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN and/or look up
MBEDTLS_SSL_MAX_CONTENT_LEN in the menuconfig/guiconfig interface. The Application Development
Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual
might be helpful too.


warning: The choice symbol MBEDTLS_BUILTIN (defined at modules/mbedtls/Kconfig:29,
modules/mbedtls/Kconfig:29) was selected (set =y), but MBEDTLS_LIBRARY_NRF_SECURITY (defined at
/opt/nordic/ncs/v2.9.1/nrf/subsys/nrf_security/Kconfig:249) ended up as the choice selection. See
http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_BUILTIN and/or look up
MBEDTLS_BUILTIN in the menuconfig/guiconfig interface. The Application Development Primer, Setting
Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful
too.


warning: Experimental symbol POSIX_ASYNCHRONOUS_IO is enabled.


warning: Experimental symbol POSIX_DEVICE_IO is enabled.


warning: Experimental symbol POSIX_FD_MGMT is enabled.


warning: Experimental symbol POSIX_MULTI_PROCESS is enabled.


warning: Experimental symbol POSIX_REALTIME_SIGNALS is enabled.


warning: Experimental symbol POSIX_SIGNALS is enabled.


warning: Experimental symbol BT_HCI_ERR_TO_STR is enabled.


warning: Experimental symbol MODEM_MODULES is enabled.


warning: Experimental symbol NET_SOCKETS_SERVICE is enabled.


warning: Experimental symbol NET_CONNECTION_MANAGER is enabled.

Parsing /Users/redacted/code/redacted/myproj/myproj-firmware/Kconfig
Loaded configuration '/opt/nordic/ncs/v2.9.1/zephyr/boards/nordic/nrf52840dk/nrf52840dk_nrf52840_defconfig'
Merged configuration '/Users/redacted/code/redacted/myproj/myproj-firmware/prj.conf'
Merged configuration '/Users/redacted/code/redacted/myproj/myproj-firmware/boards/nrf52840dk_nrf52840.conf'
Merged configuration '/Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/.config.sysbuild'
Configuration saved to '/Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/.config'
Kconfig header saved to '/Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/include/generated/zephyr/autoconf.h'
-- Found GnuLd: /opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/arm-zephyr-eabi/bin/ld.bfd (found version "2.38") 
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: /opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc
=========== Generating psa_crypto_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: True
Backup: CONFIG_MBEDTLS_THREADING: False
Backup: CONFIG_MBEDTLS_THREADING_ALT: True
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: True
Restore: CONFIG_MBEDTLS_THREADING: False
Restore: CONFIG_MBEDTLS_THREADING_ALT: True
=========== End psa_crypto_config ===============
=========== Generating psa_crypto_library_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_USE_PSA_CRYPTO: True
Backup: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Backup: CONFIG_MBEDTLS_THREADING: False
Backup: CONFIG_MBEDTLS_THREADING_ALT: True
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_USE_PSA_CRYPTO: True
Restore: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Restore: CONFIG_MBEDTLS_THREADING: False
Restore: CONFIG_MBEDTLS_THREADING_ALT: True
=========== End psa_crypto_library_config ===============
-- Setting build type to 'MinSizeRel' as none was specified.
-- Using ccache: /opt/nordic/ncs/toolchains/b8efef2ad5/bin/ccache
-- Configuring done
-- Generating done
-- Build files have been written to: /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware
-- Configuring done
-- Generating done
-- Build files have been written to: /Users/redacted/code/redacted/myproj/myproj-firmware/build
-- west build: building application
[1/396] Preparing syscall dependency handling

[6/396] Generating include/generated/zephyr/version.h
-- Zephyr version: 3.7.99 (/opt/nordic/ncs/v2.9.1/zephyr), build: v3.7.99-ncs2-1-1-gdd31bcfcb2d2
[247/396] Building C object zephyr/subsys/net/CMakeFiles/subsys__net.dir/lib/sockets/sockets_tls.c.obj
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c: In function 'tls_session_store':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:680:15: warning: implicit declaration of function 'mbedtls_ssl_get_session'; did you mean 'mbedtls_ssl_get_version'? [-Wimplicit-function-declaration]
  680 |         ret = mbedtls_ssl_get_session(&context->ssl, &session);
      |               ^~~~~~~~~~~~~~~~~~~~~~~
      |               mbedtls_ssl_get_version
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c: In function 'tls_session_restore':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:716:15: warning: implicit declaration of function 'mbedtls_ssl_set_session'; did you mean 'mbedtls_ssl_get_version'? [-Wimplicit-function-declaration]
  716 |         ret = mbedtls_ssl_set_session(&context->ssl, &session);
      |               ^~~~~~~~~~~~~~~~~~~~~~~
      |               mbedtls_ssl_get_version
[391/396] Linking C executable zephyr/zephyr_pre0.elf
FAILED: zephyr/zephyr_pre0.elf zephyr/zephyr_pre0.map /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/zephyr_pre0.map 
: && ccache /opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc -Os -DNDEBUG -gdwarf-4 -gdwarf-4 zephyr/CMakeFiles/zephyr_pre0.dir/misc/empty_file.c.obj -o zephyr/zephyr_pre0.elf  zephyr/CMakeFiles/offsets.dir/./arch/arm/core/offsets/offsets.c.obj  -T  zephyr/linker_zephyr_pre0.cmd  -Wl,-Map=/Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr/zephyr_pre0.map  -Wl,--whole-archive  app/libapp.a  zephyr/libzephyr.a  zephyr/arch/common/libarch__common.a  zephyr/arch/arch/arm/core/libarch__arm__core.a  zephyr/arch/arch/arm/core/cortex_m/libarch__arm__core__cortex_m.a  zephyr/arch/arch/arm/core/mpu/libarch__arm__core__mpu.a  zephyr/lib/libc/newlib/liblib__libc__newlib.a  zephyr/lib/libc/common/liblib__libc__common.a  zephyr/lib/posix/options/liblib__posix__options.a  zephyr/lib/net_buf/liblib__net_buf.a  zephyr/lib/os/zvfs/liblib__os__zvfs.a  zephyr/soc/soc/nrf52840/libsoc__nordic.a  zephyr/subsys/fs/libsubsys__fs.a  zephyr/subsys/random/libsubsys__random.a  zephyr/subsys/bluetooth/common/libsubsys__bluetooth__common.a  zephyr/subsys/bluetooth/host/libsubsys__bluetooth__host.a  zephyr/subsys/modem/libsubsys__modem.a  zephyr/subsys/modem/backends/libsubsys__modem__backends.a  zephyr/subsys/net/libsubsys__net.a  zephyr/subsys/net/l2/ppp/libsubsys__net__l2__ppp.a  zephyr/subsys/net/ip/libsubsys__net__ip.a  zephyr/subsys/net/lib/mqtt/libsubsys__net__lib__mqtt.a  zephyr/subsys/net/lib/dns/libsubsys__net__lib__dns.a  zephyr/subsys/net/conn_mgr/libsubsys__net__conn_mgr.a  zephyr/drivers/clock_control/libdrivers__clock_control.a  zephyr/drivers/console/libdrivers__console.a  zephyr/drivers/entropy/libdrivers__entropy.a  zephyr/drivers/gpio/libdrivers__gpio.a  zephyr/drivers/led/libdrivers__led.a  zephyr/drivers/modem/libdrivers__modem.a  zephyr/drivers/pinctrl/libdrivers__pinctrl.a  zephyr/drivers/serial/libdrivers__serial.a  zephyr/drivers/timer/libdrivers__timer.a  modules/nrf/lib/dk_buttons_and_leds/lib..__nrf__lib__dk_buttons_and_leds.a  modules/nrf/lib/multithreading_lock/lib..__nrf__lib__multithreading_lock.a  modules/nrf/subsys/bluetooth/controller/lib..__nrf__subsys__bluetooth__controller.a  modules/nrf/subsys/nrf_security/src/zephyr/libmbedtls_zephyr.a  modules/nrf/subsys/mpsl/init/lib..__nrf__subsys__mpsl__init.a  modules/nrf/subsys/mpsl/fem/lib..__nrf__subsys__mpsl__fem.a  modules/nrf/drivers/hw_cc3xx/lib..__nrf__drivers__hw_cc3xx.a  modules/nrf/drivers/mpsl/clock_control/lib..__nrf__drivers__mpsl__clock_control.a  modules/nrf/drivers/mpsl/temp_nrf5/lib..__nrf__drivers__mpsl__temp_nrf5.a  modules/hal_nordic/nrfx/libmodules__hal_nordic__nrfx.a  modules/segger/libmodules__segger.a  -Wl,--no-whole-archive  zephyr/kernel/libkernel.a  -L/Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr  zephyr/arch/common/libisr_tables.a  /opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_oberon/lib/cortex-m4/soft-float/liboberon_3.0.15.a  -mcpu=cortex-m4  -mthumb  -mabi=aapcs  -mfp16-format=ieee  -fuse-ld=bfd  -Wl,--gc-sections  -Wl,--build-id=none  -Wl,--sort-common=descending  -Wl,--sort-section=alignment  -Wl,-u,_OffsetAbsSyms  -Wl,-u,_ConfigAbsSyms  -nostdlib  -static  -Wl,-X  -Wl,-N  -Wl,--orphan-handling=warn  -Wl,-no-pie  -L"/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/arm-zephyr-eabi"/lib/thumb/v7e-m/nofp  -u_printf_float  -specs=nano.specs  modules/nrf/subsys/nrf_security/src/libmbedcrypto.a  modules/nrf/subsys/nrf_security/src/core/nrf_oberon/liboberon_psa_core.a  /opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_cc310_mbedcrypto/lib/cortex-m4/soft-float/no-interrupts/libnrf_cc310_psa_crypto_0.9.19.a  /opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_cc310_mbedcrypto/lib/cortex-m4/soft-float/no-interrupts/libnrf_cc310_legacy_crypto_0.9.19.a  /opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_cc310_mbedcrypto/lib/cortex-m4/soft-float/no-interrupts/libnrf_cc310_core_0.9.19.a  /opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_cc310_platform/lib/cortex-m4/soft-float/no-interrupts/libnrf_cc310_platform_0.9.19.a  modules/nrf/subsys/nrf_security/src/libmbedcrypto_base.a  -lc  modules/nrf/subsys/nrf_security/src/libnrf_security_utils.a  zephyr/kernel/libkernel.a  -lc  /opt/nordic/ncs/v2.9.1/nrfxlib/softdevice_controller/lib/nrf52/soft-float/libsoftdevice_controller_peripheral.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/common/lib/nrf52/soft-float/libmpsl_fem_common.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/nrf21540_gpio/lib/nrf52/soft-float/libmpsl_fem_nrf21540_gpio.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/nrf21540_gpio_spi/lib/nrf52/soft-float/libmpsl_fem_nrf21540_gpio_spi.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/nrf2220/lib/nrf52/soft-float/libmpsl_fem_nrf2220.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/nrf2240/lib/nrf52/soft-float/libmpsl_fem_nrf2240.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/nrf22xx/lib/nrf52/soft-float/libmpsl_fem_nrf22xx.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/fem/simple_gpio/lib/nrf52/soft-float/libmpsl_fem_simple_gpio.a  /opt/nordic/ncs/v2.9.1/nrfxlib/mpsl/lib/nrf52/soft-float/libmpsl.a -L"/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/thumb/v7e-m/nofp" -lm -lc -lgcc -lc && cd /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware/zephyr && /opt/nordic/ncs/toolchains/b8efef2ad5/Cellar/cmake/3.21.0/bin/cmake -E true
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_release':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:537: undefined reference to `mbedtls_ssl_config_free'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:538: undefined reference to `mbedtls_ssl_free'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_mbedtls_reset':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1166: undefined reference to `mbedtls_ssl_session_reset'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_poll_update_pollin':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:3141: undefined reference to `mbedtls_ssl_get_bytes_avail'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_socket_data_check':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:3088: undefined reference to `mbedtls_ssl_read'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:3131: undefined reference to `mbedtls_ssl_get_bytes_avail'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_mbedtls_init':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1299: undefined reference to `mbedtls_ssl_set_bio'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1310: undefined reference to `mbedtls_ssl_config_defaults'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1386: undefined reference to `mbedtls_ssl_conf_authmode'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1390: undefined reference to `mbedtls_ssl_conf_rng'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1402: undefined reference to `mbedtls_ssl_conf_ciphersuites'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1428: undefined reference to `mbedtls_ssl_setup'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_alloc':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:467: undefined reference to `mbedtls_ssl_init'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:468: undefined reference to `mbedtls_ssl_config_init'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_poll_prepare_pollin':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:2976: undefined reference to `mbedtls_ssl_get_bytes_avail'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:2976: undefined reference to `mbedtls_ssl_get_bytes_avail'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_mbedtls_handshake':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1199: undefined reference to `mbedtls_ssl_handshake'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `ztls_close_ctx':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:2118: undefined reference to `mbedtls_ssl_close_notify'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_restore':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:708: undefined reference to `mbedtls_ssl_session_init'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_get':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:652: undefined reference to `mbedtls_ssl_session_load'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_restore':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:722: undefined reference to `mbedtls_ssl_session_free'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_store':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:678: undefined reference to `mbedtls_ssl_session_init'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:680: undefined reference to `mbedtls_ssl_get_session'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_save':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:610: undefined reference to `mbedtls_ssl_session_save'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:618: undefined reference to `mbedtls_ssl_session_save'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_store':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:692: undefined reference to `mbedtls_ssl_session_free'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_session_restore':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:716: undefined reference to `mbedtls_ssl_set_session'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `send_tls':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:2294: undefined reference to `mbedtls_ssl_write'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `recv_tls':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:2589: undefined reference to `mbedtls_ssl_read'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_opt_ciphersuite_list_get':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1571: undefined reference to `mbedtls_ssl_list_ciphersuites'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_opt_ciphersuite_used_get':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1599: undefined reference to `mbedtls_ssl_get_ciphersuite'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: /opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1604: undefined reference to `mbedtls_ssl_get_ciphersuite_id'
/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd: zephyr/subsys/net/libsubsys__net.a(sockets_tls.c.obj): in function `tls_opt_ciphersuite_list_set':
/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/sockets/sockets_tls.c:1553: undefined reference to `mbedtls_ssl_conf_ciphersuites'
collect2: error: ld returned 1 exit status
ninja: build stopped: subcommand failed.
FAILED: _sysbuild/sysbuild/images/myproj-firmware-prefix/src/myproj-firmware-stamp/myproj-firmware-build /Users/redacted/code/redacted/myproj/myproj-firmware/build/_sysbuild/sysbuild/images/myproj-firmware-prefix/src/myproj-firmware-stamp/myproj-firmware-build 
cd /Users/redacted/code/redacted/myproj/myproj-firmware/build/myproj-firmware && /opt/nordic/ncs/toolchains/b8efef2ad5/Cellar/cmake/3.21.0/bin/cmake --build .
ninja: build stopped: subcommand failed.
FATAL ERROR: command exited with status 1: /opt/nordic/ncs/toolchains/b8efef2ad5/bin/cmake --build /Users/redacted/code/redacted/myproj/myproj-firmware/build

 *  The terminal process terminated with exit code: 1. 
 *  Terminal will be reused by tasks, press any key to close it.

Any idea how to fix this?

Parents
  • 0

    After some trial/error, I found out that  that  `CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN` is important... When I comment it out  with `CONFIG_MBEDTLS_BUILTIN=y`, I can't connect to the MQTT server same error. But when I use `CONFIG_NORDIC_SECURITY_BACKEND=y` this config value is not even used so that's probably part of the problem.

    I'm really stuck here... not even sure where to start debugging this. If someone can help or point me in the right direction, it would be greatly appreciated.

  • 0 in reply to Oli

    Hi Olivier,

    Indeed, we use nRF Security instead of Mbedtls for our crypto backend. However, keep in mind that we still use Mbedtls for TLS, so we need some mbedtls configurations, but not all.

    I recommend that you have a look at our https_client sample. This sample shows how to do TLS with nRF devices. For example, see nrf7002dk_nrf5340_cpuapp_ns.conf.
    Granted, this sample is for Wi-Fi and not Openthread, but I think a lot of the options will be relevant all the same.

    Oli said:
    I am not really sure what exactly CONFIG_NORDIC_SECURITY_BACKEND does... Does Nordic have its own implementation that is compatible with mbedtls API?

    Yes. So you have two layers here (a bit simplified):

    1. TLS layer
    2. Crypto layer

    For layer 1 (TLS), both cases use the Mbedtls TLS library
    For layer 2(Crypto), Zephyr applications use the Mbedtls Crypto library while the nRF Connect SDK uses the nRF Security Crypto backed.

Reply
  • 0 in reply to Oli

    Hi Olivier,

    Indeed, we use nRF Security instead of Mbedtls for our crypto backend. However, keep in mind that we still use Mbedtls for TLS, so we need some mbedtls configurations, but not all.

    I recommend that you have a look at our https_client sample. This sample shows how to do TLS with nRF devices. For example, see nrf7002dk_nrf5340_cpuapp_ns.conf.
    Granted, this sample is for Wi-Fi and not Openthread, but I think a lot of the options will be relevant all the same.

    Oli said:
    I am not really sure what exactly CONFIG_NORDIC_SECURITY_BACKEND does... Does Nordic have its own implementation that is compatible with mbedtls API?

    Yes. So you have two layers here (a bit simplified):

    1. TLS layer
    2. Crypto layer

    For layer 1 (TLS), both cases use the Mbedtls TLS library
    For layer 2(Crypto), Zephyr applications use the Mbedtls Crypto library while the nRF Connect SDK uses the nRF Security Crypto backed.

Children
  • 0 in reply to Sigurd Hellesvik

    I tried using those configurations, but am now getting an error at compile time:

    MBEDTLS_PK_C defined, but not all prerequisites"
    "One or more versions of the TLS protocol are enabled " "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"

    etc.

    les/nrf/subsys/nrf_security/src/CMakeFiles/mbedtls.dir/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_msg.c.obj -MF modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedtls.dir/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_msg.c.obj.d -o modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedtls.dir/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_msg.c.obj -c /opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_msg.c
In file included from /opt/nordic/ncs/v2.9.1/modules/crypto/oberon-psa-crypto/include/mbedtls/build_info.h:192,
                 from /opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/include/library/common.h:14,
                 from /opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_msg.c:13:
/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/include/mbedtls/check_config.h:446:2: error: #error "MBEDTLS_PK_C defined, but not all prerequisites"
  446 | #error "MBEDTLS_PK_C defined, but not all prerequisites"
      |  ^~~~~
/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/include/mbedtls/check_config.h:851:2: error: #error "One or more versions of the TLS protocol are enabled " "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
  851 | #error "One or more versions of the TLS protocol are enabled " \
      |  ^~~~~
/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/include/mbedtls/check_config.h:1081:2: error: #error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
 1081 | #error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
      |  ^~~~~
[20/393] Building C object modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedtls.dir/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_tls.c.obj
FAILED: modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedtls.dir/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_tls.c.obj 
ccache /opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc -DKERNEL -DK_HEAP_MEM_POOL_SIZE=1024 -DMBEDTLS_CONFIG_FILE=\"nrf-config.h\" -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\"nrf-psa-crypto-config.h\" -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE=\"nrf-psa-crypto-user-config.h\" -DNRF52840_XXAA -DUSE_PARTITION_MANAGER=1 -D_ANSI_SOURCE -D__LINUX_ERRNO_EXTENSIONS__ -D__PROGRAM_START -D__ZEPHYR__=1 -I/Users/redacted/code/company/project/project-firmware/build/project-firmware/zephyr/include/generated/zephyr -I/opt/nordic/ncs/v2.9.1/zephyr/include -I/Users/redacted/code/company/project/project-firmware/build/project-firmware/zephyr/include/generated -I/opt/nordic/ncs/v2.9.1/zephyr/soc/nordic -I/opt/nordic/ncs/v2.9.1/zephyr/lib/libc/newlib/include -I/opt/nordic/ncs/v2.9.1/zephyr/lib/libc/common/include -I/opt/nordic/ncs/v2.9.1/zephyr/include/zephyr/posix -I/opt/nordic/ncs/v2.9.1/zephyr/lib/posix/options/getopt -I/opt/nordic/ncs/v2.9.1/zephyr/soc/nordic/nrf52/. -I/opt/nordic/ncs/v2.9.1/zephyr/soc/nordic/common/. -I/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/lib/dns/. -I/opt/nordic/ncs/v2.9.1/zephyr/subsys/net/conn_mgr/. -I/opt/nordic/ncs/v2.9.1/zephyr/subsys/shell/modules/kernel_service/thread/.. -I/opt/nordic/ncs/v2.9.1/nrf/include -I/opt/nordic/ncs/v2.9.1/nrf/tests/include -I/opt/nordic/ncs/v2.9.1/modules/hal/cmsis/CMSIS/Core/Include -I/opt/nordic/ncs/v2.9.1/zephyr/modules/cmsis/. -I/opt/nordic/ncs/v2.9.1/modules/hal/nordic/nrfx -I/opt/nordic/ncs/v2.9.1/modules/hal/nordic/nrfx/drivers/include -I/opt/nordic/ncs/v2.9.1/modules/hal/nordic/nrfx/mdk -I/opt/nordic/ncs/v2.9.1/zephyr/modules/hal_nordic/nrfx/. -I/opt/nordic/ncs/v2.9.1/modules/debug/segger/SEGGER -I/opt/nordic/ncs/v2.9.1/modules/debug/segger/Config -I/Users/redacted/code/company/project/project-firmware/src/tls_config -I/opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_cc310_platform/include -I/Users/redacted/code/company/project/project-firmware/build/project-firmware/generated/library_nrf_security_psa -I/opt/nordic/ncs/v2.9.1/nrf/subsys/nrf_security/include -I/opt/nordic/ncs/v2.9.1/nrf/subsys/nrf_security/src/threading/include -I/opt/nordic/ncs/v2.9.1/nrf/subsys/nrf_security/src/utils -I/opt/nordic/ncs/v2.9.1/modules/crypto/oberon-psa-crypto/oberon/drivers -I/opt/nordic/ncs/v2.9.1/modules/crypto/oberon-psa-crypto/include -I/opt/nordic/ncs/v2.9.1/modules/crypto/oberon-psa-crypto/library -I/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library -I/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/include -I/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/include/library -I/opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_oberon/include -I/opt/nordic/ncs/v2.9.1/nrfxlib/crypto/nrf_oberon/include/mbedtls -Os -DNDEBUG -fno-strict-aliasing -Os -imacros /Users/redacted/code/company/project/project-firmware/build/project-firmware/zephyr/include/generated/zephyr/autoconf.h -fno-common -g -gdwarf-4 -fdiagnostics-color=always -mcpu=cortex-m4 -mthumb -mabi=aapcs -mfp16-format=ieee --sysroot=/opt/nordic/ncs/toolchains/b8efef2ad5/opt/zephyr-sdk/arm-zephyr-eabi/arm-zephyr-eabi -imacros /opt/nordic/ncs/v2.9.1/zephyr/include/zephyr/toolchain/zephyr_stdint.h -Wall -Wformat -Wformat-security -Wno-format-zero-length -Wdouble-promotion -Wno-pointer-sign -Wpointer-arith -Wexpansion-to-defined -Wno-unused-but-set-variable -Werror=implicit-int -fno-pic -fno-pie -fno-asynchronous-unwind-tables -fno-reorder-functions --param=min-pagesize=0 -fno-defer-pop -fmacro-prefix-map=/Users/redacted/code/company/project/project-firmware=CMAKE_SOURCE_DIR -fmacro-prefix-map=/opt/nordic/ncs/v2.9.1/zephyr=ZEPHYR_BASE -fmacro-prefix-map=/opt/nordic/ncs/v2.9.1=WEST_TOPDIR -ffunction-sections -fdata-sections -specs=nano.specs -D_POSIX_THREADS -std=c99 -MD -MT modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedtls.dir/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_tls.c.obj -MF modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedtls.dir/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_tls.c.obj.d -o modules/nrf/subsys/nrf_security/src/CMakeFiles/mbedtls.dir/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_tls.c.obj -c /opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_tls.c
In file included from /opt/nordic/ncs/v2.9.1/modules/crypto/oberon-psa-crypto/include/mbedtls/build_info.h:192,
                 from /opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/include/library/common.h:14,
                 from /opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/library/ssl_tls.c:12:
/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/include/mbedtls/check_config.h:446:2: error: #error "MBEDTLS_PK_C defined, but not all prerequisites"
  446 | #error "MBEDTLS_PK_C defined, but not all prerequisites"
      |  ^~~~~
/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/include/mbedtls/check_config.h:851:2: error: #error "One or more versions of the TLS protocol are enabled " "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
  851 | #error "One or more versions of the TLS protocol are enabled " \
      |  ^~~~~
/opt/nordic/ncs/v2.9.1/modules/crypto/mbedtls/include/mbedtls/check_config.h:1081:2: error: #error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
 1081 | #error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
      |  ^~~~~
ninja: build stopped: subcommand failed.
FAILED: _sysbuild/sysbuild/images/project-firmware-prefix/src/project-firmware-stamp/project-firmware-build /Users/redacted/code/company/project/project-firmware/build/_sysbuild/sysbuild/images/project-firmware-prefix/src/project-firmware-stamp/project-firmware-build 
cd /Users/redacted/code/company/project/project-firmware/build/project-firmware && /opt/nordic/ncs/toolchains/b8efef2ad5/Cellar/cmake/3.21.0/bin/cmake --build .
ninja: build stopped: subcommand failed.
FATAL ERROR: command exited with status 1: /opt/nordic/ncs/toolchains/b8efef2ad5/bin/cmake --build /Users/redacted/code/company/project/project-firmware/build

 *  The terminal process terminated with exit code: 1. 
 *  Terminal will be reused by tasks, press any key to close it.

    Note that I'm using nrf52840 with an external modem because NB-iot/LTE-M are not available in my region.

  • 0 in reply to Sigurd Hellesvik

    I managed to get it to compile by adding "CONFIG_NORDIC_SECURITY_BACKEND=y" but there's now a runtime bug (can't connect to the MQTT server, -22 error). Firmware logs:

    [00:01:30.294,036] <err> app_mqtt: MQTT Connect failed [-22]
    [00:01:31.448,455] <err> app_mqtt: MQTT Connect failed [-22]
    [00:01:32.577,087] <err> app_mqtt: MQTT Connect failed [-22]
    [00:01:33.725,738] <err> app_mqtt: MQTT Connect failed [-22]
    [00:01:34.864,746] <err> app_mqtt: MQTT Connect failed [-22]

    Server logs:

    1747267341: Client connection from 190.80.164.156 failed: error:0A000126:SSL routines::unexpected eof while reading.
    1747267342: Client connection from 190.80.164.156 failed: error:0A000126:SSL routines::unexpected eof while reading.
    1747267343: Client connection from 190.80.164.156 failed: error:0A000126:SSL routines::unexpected eof while reading.
    1747267345: New connection from 190.80.164.156:58322 on port 8883.
    1747267345: OpenSSL Error[0]: error:0A000126:SSL routines::unexpected eof while reading
    1747267345: Client <unknown> disconnected: Protocol error.
    1747267346: Client connection from 190.80.164.156 failed: error:0A000126:SSL routines::unexpected eof while reading.
    1747267347: New connection from 190.80.164.156:4126 on port 8883.
    1747267347: OpenSSL Error[0]: error:0A000126:SSL routines::unexpected eof while reading
    1747267347: Client <unknown> disconnected: Protocol error.
    1747267348: New connection from 190.80.164.156:3462 on port 8883.
    1747267348: OpenSSL Error[0]: error:0A000126:SSL routines::unexpected eof while reading
    1747267348: Client <unknown> disconnected: Protocol error.

    I published the repo on GitHub: https://github.com/olalonde/mqtt-tls-sample/

    I'm using a simcom a7672sa modem but it shouldn't be too hard to replicate using one of the officially supported modems.

  • 0 in reply to Oli

    In my experience, -22 is failed authentication.
    Can you try the certificate and webpage from another HTTPS client, to verify that they work?

    If they work, then it can (more likely) be that the algorithms that is required for this certificate is not enabled in configuration.

  • 0 in reply to Sigurd Hellesvik

    I opened a new thread and ended up solving the issue. It was a mix of that and also using a 4096 bit cert instead of a 2048 one.

Related
Terms of service