This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Secure version of BSD Library

Is there a version of the bsd library that was compiled and can run in a secure mode?

  • It does not seem like this is possible. As stated in the NCS documentation, the BSD library must be a part of the application. ("The BSD Socket library must be embedded in the application because BSD sockets are the primary interface to the LTE modem.").

    Also, one of the developers said the following: "the BSD Lib architecture requires a static and fixed area to operate on. And this area needs to be Non-Secure, because the BSD lib runs in the non-secure (application) domain."  (Link).

    Since the BSD library has to be a part of the application, it must run in the same domain, which is the non-secure. If you try to build any of the nrf9160 example as secure, you will get an error.

    If you look at the CONFIG_BSD_LIBRARY definition, you can see that the inclusion of the BSD library depends on the definition TRUSTED_EXECUTION_NONSECURE.

    config BSD_LIBRARY
    	bool
    	prompt "Use BSD Socket library for IP/TLS/DTLS"
    	select FLOAT
    	select FP_SHARING
    	select NET_OFFLOAD
    	select NET_SOCKETS_OFFLOAD
    	depends on TRUSTED_EXECUTION_NONSECURE
    	help
    	  Use Nordic BSD Socket library.
    
    if BSD_LIBRARY

    I am not sure why this is, but I can look into it if you would like to.

    Best regards,

    Simon

  • I understand that the distributed version of the BSD Socket Library must run on a non-secure application domain. What I am asking is, if there is a version or can we ask of a version that could run on a secure mode. 

    The intention was to locate it in the secure mode so that application can be abstracted / restricted from using it. 

  • I'll ask some of the developers, which has more knowledge about it. Will report back to you as soon as I have gotten an answer.

    Best regards,

    Simon

  • I am sorry for the delay, a huge portion of the support team are currently on vacation, and you may experience delayed answers.

    I talked to somebody in the office, who said this is not possible, but I am not able to give you an explanation why. I will try to get to the bottom of it in the start of the next week.

    Best regards,

    Simon

Related