Hello,
currently i am configuring the networking stack on my project.
The goal is to use Matter's built-in Thread connection, to establish a Secure CoAP connection.
I am trying to use PSA + Oberon to have access to hardware accelerated crypto modules.
My current configuration is compiling, but it seems so redundant to me. CHIP/Matter and OpenThread are relying on legacy MBEDTLS functions, so i have to enable legacy support in my config:
#################### ### CHIP Configurations #################### # Enable CHIP CONFIG_CHIP=y CONFIG_CHIP_PROJECT_CONFIG="include/chip_project_config.h" # 32768 == 0x8000 (example Product ID, should be changed with proper PID) CONFIG_CHIP_DEVICE_PRODUCT_ID=32774 #################### ### General Settings #################### CONFIG_STD_CPP17=y CONFIG_NEWLIB_LIBC=y # Enable Matter pairing automatically on application start CONFIG_CHIP_ENABLE_PAIRING_AUTOSTART=y # Enable Matter extended announcement and increase duration to 1 hour CONFIG_CHIP_BLE_EXT_ADVERTISING=y CONFIG_CHIP_BLE_ADVERTISING_DURATION=60 # Add support for LEDs and buttons on Nordic development kits CONFIG_DK_LIBRARY=y # Bluetooth Low Energy configuration CONFIG_BT_DEVICE_NAME="MatterTemplate" # Other settings CONFIG_THREAD_NAME=y CONFIG_MPU_STACK_GUARD=y CONFIG_RESET_ON_FATAL_ERROR=n CONFIG_CHIP_LIB_SHELL=n CONFIG_NCS_SAMPLE_MATTER_TEST_SHELL=n # Disable NFC commissioning CONFIG_CHIP_NFC_COMMISSIONING=n # Reduce application size CONFIG_USE_SEGGER_RTT=n # Enable Factory Data feature CONFIG_CHIP_FACTORY_DATA=y CONFIG_CHIP_FACTORY_DATA_BUILD=y # Enable assertions CONFIG_ASSERT=y # Enable Bootloader CONFIG_BOOTLOADER_MCUBOOT=y #################### ### Security Configurations #################### CONFIG_NRF_SECURITY=y #################### ### Crypto Configurations #################### CONFIG_NRF_SECURITY=y CONFIG_CHIP_CRYPTO_PSA=y CONFIG_MBEDTLS_SSL_PROTO_DTLS=y CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y CONFIG_OPENTHREAD_CRYPTO_PSA=y # PSA configurations for algorithms CONFIG_PSA_WANT_ALG_GCM=y CONFIG_PSA_WANT_ALG_JPAKE=y CONFIG_PSA_WANT_ALG_ECDSA=y CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY=y CONFIG_PSA_WANT_ECC_SECP_R1_256=y CONFIG_PSA_CRYPTO_DRIVER_OBERON=y # Enable mbedTLS integration with PSA CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y CONFIG_MBEDTLS_PSA_CRYPTO_C=y CONFIG_MBEDTLS_ECP_C=y CONFIG_MBEDTLS_PK_C=n CONFIG_MBEDTLS_TLS_LIBRARY=n CONFIG_MBEDTLS_X509_LIBRARY=n # Enable mbedTLS support for public key cryptography (PK) CONFIG_MBEDTLS_RSA_C=y CONFIG_MBEDTLS_ECDSA_C=y # Increase MBEDTLS heap size to enable dtls handling CONFIG_MBEDTLS_HEAP_SIZE=16384 #################### ### CoAP Configurations #################### CONFIG_COAP=y CONFIG_COAP_UTILS=y #################### ### Connectivity Configurations #################### # OpenThread configurations CONFIG_OPENTHREAD_COAPS=y CONFIG_OPENTHREAD_COAP=y CONFIG_OPENTHREAD_SOURCES=y #################### ### NFC Configurations #################### CONFIG_NFC_PLATFORM=n #################### ### OpenThread Shell Configurations #################### CONFIG_OPENTHREAD_SHELL=n # CONFIG_OPENTHREAD_MBEDTLS=n CONFIG_OPENTHREAD_CRYPTO_PSA=y CONFIG_OPENTHREAD_NRF_SECURITY_PSA_CHOICE=y CONFIG_NRF_OBERON=y # enable monitor debug mode CONFIG_CORTEX_M_DEBUG_MONITOR_HOOK=y CONFIG_SEGGER_DEBUGMON=y CONFIG_DEBUG_THREAD_INFO=y CONFIG_MBEDTLS_DEBUG_C=y CONFIG_MBEDTLS_DEBUG_LEVEL=4 CONFIG_OPENTHREAD_MBEDTLS_DEBUG=y # Attempt to use RTT logging. Currently not feasible. # CONFIG_USE_SEGGER_RTT=y # CONFIG_RTT_CONSOLE=y # CONFIG_UART_CONSOLE=n # CONFIG_LOG_MODE_MINIMAL=n # CONFIG_LOG_BACKEND_RTT=y
Is there another way of configuring the project to use PSA and not legacy MBEDTLS? This configuration uses 99% of my flash. Additionally i am not sure if PSA is used after all when enabling legacy mbedtls?
Also i have one more question regarding logging:
I see CHIP logs and my user LOG_INF in the serial console, but i cant get MBEDTLS logging to work. I want to debug my DTLS CoAP handshake on the Openthread network stack. Is there more needed than configuring:
CONFIG_MBEDTLS_DEBUG_C=y CONFIG_MBEDTLS_DEBUG_LEVEL=4 CONFIG_OPENTHREAD_MBEDTLS_DEBUG=y
Thanks for your help!
Best Jonas