• State Verified Answer
  • Replies 5 replies
  • Subscribers 72 subscribers
  • Views 1252 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 240393
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Issues in compiling BLE Secure bootloader by enable macro-ecc

beemavishnu

Hello,

Hello,

 

I am using nRF52840, SDK_16.0.0, S140 SoftDevice and Segger 4.16 for flashing the image.

 

I have issues in compiling Secure bootloader with my Public key. This is on top of my previous query

https://devzone.nordicsemi.com/support/240266

 

1) After compiling and generating “micro_ecc_lib_nrf52.a” in “\external\micro-ecc\nrf52hf_armgcc\armgcc” and included library into my Seeger project. But got below error.

                “uECC.h: No such file or directory”.

                To avoid this I added path of uECC.h as shown below.

                ../../../../../external/micro-ecc/micro-ecc

2) After that I got other error saying . To avoid this I commented NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1_ENABLED.

a) But not sure whether I need to comment NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1_ENABLED or NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256R1_ENABLED to 0 ?

https://infocenter.nordicsemi.com/index.jsp?topic=%2Fsdk_nrf5_v16.0.0%2Flib_crypto_config.html

3) After disabling NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1_ENABLED (Please correct me if I am wrong), still I am getting below error.

4) To avoid this I added files from “\components\libraries\crypto\backend\micro_ecc” and finally I am able to compile BLE secure bootloader.

5) In below what does it mean. Whether “micro-ecc” is not supported in nRF52840 ?

 https://infocenter.nordicsemi.com/index.jsp?topic=%2Fsdk_nrf5_v16.0.0%2Fnrf_crypto_default_backends.html

Whether all above procedures are correct enough. Even I have gone through below link but not much details on BLE Secure bootloader compilation.

https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/getting-started-with-nordics-secure-dfu-bootloader

 

Please check whether the steps above are correct. If any this missing please let me know.

Edit: For better clarity I am adding modified "pca10056_s140_ble" project and library generated in "\external\micro-ecc\nrf52hf_armgcc\armgcc". Please cross check sdk_config.h and above mentioned settings.

nRF5_SDK_16.0.0_98a08e2.zip

Thanks & Regards

Vishnu Beema

  • +1

    Hi.

    Steps in 1-4 look correct.

    In the image in 5, the golden tick means that this is the default configured backend, it does not mean that other backends are not supported. nRF52840 is the only nRF52 series IC that includes HW crypto acceleration through the CC310 Cryptocell. This is the recommended backend when available, while other ICs must rely on software cryptography.

    Best regards,
    Jørgen

  • 0

    Thank you for your inputs. I have further query.

    Sorry, I edited entire query. Please respond as soon as possible as I am totally struck up.

    I missed this point to mentioned above. Even I enabled NRF_CRYPTO_BACKEND_MICRO_ECC_ENABLED and NRF_CRYPTO_BACKEND_CC310_BL_ENABLED is enabled already in Secure BLE bootloader.

    With above settings I am able to compile bootloader and see "DFUCT40" in nRF Tools app. But I am not able to do DFU with my example code.

    1) I created package with below command. Is this fine.

    nrfutil pkg generate --hw-version 52 --application-version 2 --application ble_app_blinky_pca10056_s140.hex --sd-req 0xCA --key-file nRF52840_CT40_private.key ble_app_blinky_dfu_package_V2.zip

    But its nRF tools, DFU menu, I am not able to upload. Its getting disconnected.

    2) Even in ble_app_blinky do I need to enable NRF_CRYPTO_BACKEND_MICRO_ECC_ENABLED. Even after enabling and without including micro_ecc_lib_nrf52.a still I am able to compile ble_app_blinky application. Am I doing any mistake ?

    a) Do I need to include micro_ecc_lib_nrf52.a ?

    b) How about public key. Do I need to include even public_key.c file into ble_app_blinky.

    I have lot of confusions. Similar to bootloader, I am attaching my application (By removing private key). Please cross check once and suggest appropriate settings.

    ble_peripheral.zip

    Thanks & Regards

    Vishnu Beema

  • 0

    Hi Jorgen,

    Any updates on this issue. Though I am able to do DFU by disabling NRF_CRYPTO_BACKEND_MICRO_ECC_ENABLED. Still I am trying to understanding the reason why its failing if I enable micro-ecc macro. This will help me in further for nRF52832 where micro-ecc to be used.

    Thanks & Regards

    Vishnu Beema

  • 0
    beemavishnu said:
    Even I enabled NRF_CRYPTO_BACKEND_MICRO_ECC_ENABLED and NRF_CRYPTO_BACKEND_CC310_BL_ENABLED is enabled already in Secure BLE bootloader.

    It is possible to have both backend enabled, in case you want to use one backend for one cryptographic algorithm and another backend for a second algorithm. Not all backends support all cryptographic operations.

    beemavishnu said:
    But its nRF tools, DFU menu, I am not able to upload. Its getting disconnected.

    At what point is it getting disconnected? Have you debugged the bootloader to see if any errors are reported, causing a reset in the chip?

    beemavishnu said:
    2) Even in ble_app_blinky do I need to enable NRF_CRYPTO_BACKEND_MICRO_ECC_ENABLED. Even after enabling and without including micro_ecc_lib_nrf52.a still I am able to compile ble_app_blinky application.

    This is not enabled by default in this example, and it compiles just fine for me. What changes have you made to the example/SDK? If you are not able to compile the ble_app_blinky example, please try with a fresh copy of the SDK.

  • 0

    Hi,

    On nRF52840, I am able to do DFU by enabling  NRF_CRYPTO_BACKEND_CC310_BL_ENABLED and disabling  NRF_CRYPTO_BACKEND_MICRO_ECC_ENABLED.

    https://devzone.nordicsemi.com/support/240436

    For nRF52832, once I started if any issues I will raise a separate query.

    Thank you for your support.

    Thanks & Regards

    Vishnu Beema

Related
Terms of service