Secure version of BSD Library

RE: Secure version of BSD Library

Simon — Tue, 30 Jul 2019 14:21:01 GMT

Hello,

The modem is always a NS domain and can thus only operate in NS context. That means the BSD sockets have to run from NS context as well.

https://infocenter.nordicsemi.com/index.jsp?topic=%2Fps_nrf9160%2Fspu.html&cp=2_0_0_5_14_6&anchor=external_domain_access_control

Best regards,

Simon

RE: Secure version of BSD Library

Simon — Fri, 26 Jul 2019 20:48:52 GMT

I am sorry for the delay, a huge portion of the support team are currently on vacation, and you may experience delayed answers.

I talked to somebody in the office, who said this is not possible, but I am not able to give you an explanation why. I will try to get to the bottom of it in the start of the next week.

Best regards,

Simon

RE: Secure version of BSD Library

mcGyver — Fri, 26 Jul 2019 20:39:36 GMT

Any update on this request?

RE: Secure version of BSD Library

Simon — Wed, 24 Jul 2019 20:29:29 GMT

I'll ask some of the developers, which has more knowledge about it. Will report back to you as soon as I have gotten an answer.

Best regards,

Simon

RE: Secure version of BSD Library

mcGyver — Wed, 24 Jul 2019 19:55:32 GMT

I understand that the distributed version of the BSD Socket Library must run on a non-secure application domain. What I am asking is, if there is a version or can we ask of a version that could run on a secure mode.

The intention was to locate it in the secure mode so that application can be abstracted / restricted from using it.

RE: Secure version of BSD Library

Simon — Wed, 24 Jul 2019 19:40:00 GMT

It does not seem like this is possible. As stated in the NCS documentation, the BSD library must be a part of the application. ("The BSD Socket library must be embedded in the application because BSD sockets are the primary interface to the LTE modem.").

Also, one of the developers said the following: "the BSD Lib architecture requires a static and fixed area to operate on. And this area needs to be Non-Secure, because the BSD lib runs in the non-secure (application) domain." (Link).

Since the BSD library has to be a part of the application, it must run in the same domain, which is the non-secure. If you try to build any of the nrf9160 example as secure, you will get an error.

If you look at the CONFIG_BSD_LIBRARY definition, you can see that the inclusion of the BSD library depends on the definition TRUSTED_EXECUTION_NONSECURE.

config BSD_LIBRARY
	bool
	prompt "Use BSD Socket library for IP/TLS/DTLS"
	select FLOAT
	select FP_SHARING
	select NET_OFFLOAD
	select NET_SOCKETS_OFFLOAD
	depends on TRUSTED_EXECUTION_NONSECURE
	help
	  Use Nordic BSD Socket library.

if BSD_LIBRARY

I am not sure why this is, but I can look into it if you would like to.

Best regards,

Simon