Is there a version of the bsd library that was compiled and can run in a secure mode?
Is there a version of the bsd library that was compiled and can run in a secure mode?
It does not seem like this is possible. As stated in the NCS documentation, the BSD library must be a part of the application. ("The BSD Socket library must be embedded in the application because BSD sockets are the primary interface to the LTE modem.").
Also, one of the developers said the following: "the BSD Lib architecture requires a static and fixed area to operate on. And this area needs to be Non-Secure, because the BSD lib runs in the non-secure (application) domain." (Link).
Since the BSD library has to be a part of the application, it must run in the same domain, which is the non-secure. If you try to build any of the nrf9160 example as secure, you will get an error.
If you look at the CONFIG_BSD_LIBRARY definition, you can see that the inclusion of the BSD library depends on the definition TRUSTED_EXECUTION_NONSECURE.
config BSD_LIBRARY bool prompt "Use BSD Socket library for IP/TLS/DTLS" select FLOAT select FP_SHARING select NET_OFFLOAD select NET_SOCKETS_OFFLOAD depends on TRUSTED_EXECUTION_NONSECURE help Use Nordic BSD Socket library. if BSD_LIBRARY
I am not sure why this is, but I can look into it if you would like to.
Best regards,
Simon
It does not seem like this is possible. As stated in the NCS documentation, the BSD library must be a part of the application. ("The BSD Socket library must be embedded in the application because BSD sockets are the primary interface to the LTE modem.").
Also, one of the developers said the following: "the BSD Lib architecture requires a static and fixed area to operate on. And this area needs to be Non-Secure, because the BSD lib runs in the non-secure (application) domain." (Link).
Since the BSD library has to be a part of the application, it must run in the same domain, which is the non-secure. If you try to build any of the nrf9160 example as secure, you will get an error.
If you look at the CONFIG_BSD_LIBRARY definition, you can see that the inclusion of the BSD library depends on the definition TRUSTED_EXECUTION_NONSECURE.
config BSD_LIBRARY bool prompt "Use BSD Socket library for IP/TLS/DTLS" select FLOAT select FP_SHARING select NET_OFFLOAD select NET_SOCKETS_OFFLOAD depends on TRUSTED_EXECUTION_NONSECURE help Use Nordic BSD Socket library. if BSD_LIBRARY
I am not sure why this is, but I can look into it if you would like to.
Best regards,
Simon
I understand that the distributed version of the BSD Socket Library must run on a non-secure application domain. What I am asking is, if there is a version or can we ask of a version that could run on a secure mode.
The intention was to locate it in the secure mode so that application can be abstracted / restricted from using it.
I'll ask some of the developers, which has more knowledge about it. Will report back to you as soon as I have gotten an answer.
Best regards,
Simon
Any update on this request?
I am sorry for the delay, a huge portion of the support team are currently on vacation, and you may experience delayed answers.
I talked to somebody in the office, who said this is not possible, but I am not able to give you an explanation why. I will try to get to the bottom of it in the start of the next week.
Best regards,
Simon
Hello,
The modem is always a NS domain and can thus only operate in NS context. That means the BSD sockets have to run from NS context as well.
Best regards,
Simon
