I am currently working with nRF52810 using nRF Connect SDK v3.2.1, and I am trying to run the AES CCM PSA Crypto sample.
However, when running the unmodified sample, it fails during key generation with the following log output:
*** Booting nRF Connect SDK v3.2.1-d8887f6f32df *** *** Using Zephyr OS v4.2.99-ec78104f1569 *** [00:00:00.344,055] <inf> aes_ccm: Starting AES CCM example... [00:00:00.344,085] <inf> aes_ccm: Generating random AES key... [00:01:13.555,847] <inf> aes_ccm: psa_generate_key failed! (Error: -141) [00:01:13.555,877] <inf> aes_ccm: Example exited with error!
The error code -141 corresponds to PSA_ERROR_INSUFFICIENT_MEMORY.
I investigated the issue using GDB and found that the failure occurs during memory allocation inside the PSA crypto layer.
Specifically, mbedtls_calloc() always returns NULL. Tracing the call stack shows that it ends up calling platform_calloc_uninit(), which unconditionally returns NULL.
Relevant debugging steps:
Breakpoint 1, psa_allocate_buffer_to_slot (slot=0x200009b8 <global_data>,
buffer_length=16)
at .../psa_crypto.c:295
slot->key.data = mbedtls_calloc(1, buffer_length);
Step into mbedtls_calloc():
mbedtls_calloc (nmemb=1, size=16)
at .../platform.c:49
return (*mbedtls_calloc_func)(nmemb, size);
Which then resolves to:
platform_calloc_uninit (n=1, size=16)
at .../platform.c:29
return NULL;
Because slot->key.data is NULL, key creation fails and eventually results in:
psa_generate_key failed! (Error: -141)
From my understanding, this indicates that the mbedTLS platform memory allocator is never initialized, causing all dynamic allocations in PSA Crypto to fail.
- Is this a known limitation or configuration requirement when using PSA Crypto on nRF52810?
- Am I missing any required Kconfig options (e.g. related to heap, or PSA initialization)?
- Is there a recommended configuration for enabling PSA Crypto + AES-CCM on memory-constrained devices like nRF52810?
Any guidance on the correct configuration or expected limitations would be greatly appreciated.
Thank you in advance.
