I have migrated sdk 15.3.0 to 17.0.0 to my project.
I changed some sdk_config and Makefile for the migration.
after compiling and flashing my device which is nrf528040, the function of nrf_crypto_init always return "Initialization or startup of RNG failed" LOG.
This error doesn't occur in the old sdk.
My product uses crypto functions of aes cbc, ecb and rng.
I attach my codes.
in sdk_config.h
// <h> nRF_Crypto //========================================================== // <e> NRF_CRYPTO_ENABLED - nrf_crypto - Cryptography library. //========================================================== #ifndef NRF_CRYPTO_ENABLED #define NRF_CRYPTO_ENABLED 1 #endif // <o> NRF_CRYPTO_ALLOCATOR - Memory allocator // <i> Choose memory allocator used by nrf_crypto. Default is alloca if possible or nrf_malloc otherwise. If 'User macros' are selected, the user has to create 'nrf_crypto_allocator.h' file that contains NRF_CRYPTO_ALLOC, NRF_CRYPTO_FREE, and NRF_CRYPTO_ALLOC_ON_STACK. // <0=> Default // <1=> User macros // <2=> On stack (alloca) // <3=> C dynamic memory (malloc) // <4=> SDK Memory Manager (nrf_malloc) #ifndef NRF_CRYPTO_ALLOCATOR #define NRF_CRYPTO_ALLOCATOR 0 #endif // <e> NRF_CRYPTO_BACKEND_CC310_BL_ENABLED - Enable the ARM Cryptocell CC310 reduced backend. // <i> The CC310 hardware-accelerated cryptography backend with reduced functionality and footprint (only available on nRF52840). //========================================================== #ifndef NRF_CRYPTO_BACKEND_CC310_BL_ENABLED #define NRF_CRYPTO_BACKEND_CC310_BL_ENABLED 0 #endif // <q> NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1_ENABLED - Enable the secp224r1 elliptic curve support using CC310_BL. #ifndef NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP224R1_ENABLED 0 #endif // <q> NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1_ENABLED - Enable the secp256r1 elliptic curve support using CC310_BL. #ifndef NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_BL_ECC_SECP256R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_BL_HASH_SHA256_ENABLED - CC310_BL SHA-256 hash functionality. // <i> CC310_BL backend implementation for hardware-accelerated SHA-256. #ifndef NRF_CRYPTO_BACKEND_CC310_BL_HASH_SHA256_ENABLED #define NRF_CRYPTO_BACKEND_CC310_BL_HASH_SHA256_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_ENABLED - nrf_cc310_bl buffers to RAM before running hash operation // <i> Enabling this makes hashing of addresses in FLASH range possible. Size of buffer allocated for hashing is set by NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_SIZE #ifndef NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_ENABLED #define NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_ENABLED 0 #endif // <o> NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_SIZE - nrf_cc310_bl hash outputs digests in little endian // <i> Makes the nrf_cc310_bl hash functions output digests in little endian format. Only for use in nRF SDK DFU! #ifndef NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_SIZE #define NRF_CRYPTO_BACKEND_CC310_BL_HASH_AUTOMATIC_RAM_BUFFER_SIZE 4096 #endif // <q> NRF_CRYPTO_BACKEND_CC310_BL_INTERRUPTS_ENABLED - Enable Interrupts while support using CC310 bl. // <i> Select a library version compatible with the configuration. When interrupts are disable, a version named _noint must be used #ifndef NRF_CRYPTO_BACKEND_CC310_BL_INTERRUPTS_ENABLED #define NRF_CRYPTO_BACKEND_CC310_BL_INTERRUPTS_ENABLED 1 #endif // </e> // <e> NRF_CRYPTO_BACKEND_CC310_ENABLED - Enable the ARM Cryptocell CC310 backend. // <i> The CC310 hardware-accelerated cryptography backend (only available on nRF52840). //========================================================== #ifndef NRF_CRYPTO_BACKEND_CC310_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_AES_CBC_ENABLED - Enable the AES CBC mode using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_AES_CBC_ENABLED #define NRF_CRYPTO_BACKEND_CC310_AES_CBC_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_AES_CTR_ENABLED - Enable the AES CTR mode using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_AES_CTR_ENABLED #define NRF_CRYPTO_BACKEND_CC310_AES_CTR_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_AES_ECB_ENABLED - Enable the AES ECB mode using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_AES_ECB_ENABLED #define NRF_CRYPTO_BACKEND_CC310_AES_ECB_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_AES_CBC_MAC_ENABLED - Enable the AES CBC_MAC mode using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_AES_CBC_MAC_ENABLED #define NRF_CRYPTO_BACKEND_CC310_AES_CBC_MAC_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_AES_CMAC_ENABLED - Enable the AES CMAC mode using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_AES_CMAC_ENABLED #define NRF_CRYPTO_BACKEND_CC310_AES_CMAC_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_AES_CCM_ENABLED - Enable the AES CCM mode using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_AES_CCM_ENABLED #define NRF_CRYPTO_BACKEND_CC310_AES_CCM_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_AES_CCM_STAR_ENABLED - Enable the AES CCM* mode using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_AES_CCM_STAR_ENABLED #define NRF_CRYPTO_BACKEND_CC310_AES_CCM_STAR_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_CHACHA_POLY_ENABLED - Enable the CHACHA-POLY mode using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_CHACHA_POLY_ENABLED #define NRF_CRYPTO_BACKEND_CC310_CHACHA_POLY_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R1_ENABLED - Enable the secp160r1 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R2_ENABLED - Enable the secp160r2 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R2_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP160R2_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP192R1_ENABLED - Enable the secp192r1 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP192R1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP192R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP224R1_ENABLED - Enable the secp224r1 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP224R1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP224R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP256R1_ENABLED - Enable the secp256r1 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP256R1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP256R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP384R1_ENABLED - Enable the secp384r1 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP384R1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP384R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP521R1_ENABLED - Enable the secp521r1 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP521R1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP521R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP160K1_ENABLED - Enable the secp160k1 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP160K1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP160K1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP192K1_ENABLED - Enable the secp192k1 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP192K1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP192K1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP224K1_ENABLED - Enable the secp224k1 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP224K1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP224K1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_SECP256K1_ENABLED - Enable the secp256k1 elliptic curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_SECP256K1_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_SECP256K1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_CURVE25519_ENABLED - Enable the Curve25519 curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_CURVE25519_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_CURVE25519_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_ECC_ED25519_ENABLED - Enable the Ed25519 curve support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_ECC_ED25519_ENABLED #define NRF_CRYPTO_BACKEND_CC310_ECC_ED25519_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_HASH_SHA256_ENABLED - CC310 SHA-256 hash functionality. // <i> CC310 backend implementation for hardware-accelerated SHA-256. #ifndef NRF_CRYPTO_BACKEND_CC310_HASH_SHA256_ENABLED #define NRF_CRYPTO_BACKEND_CC310_HASH_SHA256_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_HASH_SHA512_ENABLED - CC310 SHA-512 hash functionality // <i> CC310 backend implementation for SHA-512 (in software). #ifndef NRF_CRYPTO_BACKEND_CC310_HASH_SHA512_ENABLED #define NRF_CRYPTO_BACKEND_CC310_HASH_SHA512_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256_ENABLED - CC310 HMAC using SHA-256 // <i> CC310 backend implementation for HMAC using hardware-accelerated SHA-256. #ifndef NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256_ENABLED #define NRF_CRYPTO_BACKEND_CC310_HMAC_SHA256_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_HMAC_SHA512_ENABLED - CC310 HMAC using SHA-512 // <i> CC310 backend implementation for HMAC using SHA-512 (in software). #ifndef NRF_CRYPTO_BACKEND_CC310_HMAC_SHA512_ENABLED #define NRF_CRYPTO_BACKEND_CC310_HMAC_SHA512_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_RNG_ENABLED - Enable RNG support using CC310. #ifndef NRF_CRYPTO_BACKEND_CC310_RNG_ENABLED #define NRF_CRYPTO_BACKEND_CC310_RNG_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_CC310_INTERRUPTS_ENABLED - Enable Interrupts while support using CC310. // <i> Select a library version compatible with the configuration. When interrupts are disable, a version named _noint must be used #ifndef NRF_CRYPTO_BACKEND_CC310_INTERRUPTS_ENABLED #define NRF_CRYPTO_BACKEND_CC310_INTERRUPTS_ENABLED 1 #endif // </e> // <e> NRF_CRYPTO_BACKEND_CIFRA_ENABLED - Enable the Cifra backend. //========================================================== #ifndef NRF_CRYPTO_BACKEND_CIFRA_ENABLED #define NRF_CRYPTO_BACKEND_CIFRA_ENABLED 0 #endif // <q> NRF_CRYPTO_BACKEND_CIFRA_AES_EAX_ENABLED - Enable the AES EAX mode using Cifra. #ifndef NRF_CRYPTO_BACKEND_CIFRA_AES_EAX_ENABLED #define NRF_CRYPTO_BACKEND_CIFRA_AES_EAX_ENABLED 1 #endif // </e> // <e> NRF_CRYPTO_BACKEND_MBEDTLS_ENABLED - Enable the mbed TLS backend. //========================================================== #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ENABLED 0 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_ENABLED - Enable the AES CBC mode mbed TLS. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR_ENABLED - Enable the AES CTR mode using mbed TLS. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_AES_CTR_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB_ENABLED - Enable the AES CFB mode using mbed TLS. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_AES_CFB_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB_ENABLED - Enable the AES ECB mode using mbed TLS. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_AES_ECB_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC_ENABLED - Enable the AES CBC MAC mode using mbed TLS. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_AES_CBC_MAC_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC_ENABLED - Enable the AES CMAC mode using mbed TLS. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_AES_CMAC_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_AES_CCM_ENABLED - Enable the AES CCM mode using mbed TLS. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_AES_CCM_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_AES_CCM_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_AES_GCM_ENABLED - Enable the AES GCM mode using mbed TLS. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_AES_GCM_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_AES_GCM_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192R1_ENABLED - Enable secp192r1 (NIST 192-bit) curve // <i> Enable this setting if you need secp192r1 (NIST 192-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192R1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224R1_ENABLED - Enable secp224r1 (NIST 224-bit) curve // <i> Enable this setting if you need secp224r1 (NIST 224-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224R1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1_ENABLED - Enable secp256r1 (NIST 256-bit) curve // <i> Enable this setting if you need secp256r1 (NIST 256-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP384R1_ENABLED - Enable secp384r1 (NIST 384-bit) curve // <i> Enable this setting if you need secp384r1 (NIST 384-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP384R1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP384R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP521R1_ENABLED - Enable secp521r1 (NIST 521-bit) curve // <i> Enable this setting if you need secp521r1 (NIST 521-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP521R1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP521R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192K1_ENABLED - Enable secp192k1 (Koblitz 192-bit) curve // <i> Enable this setting if you need secp192k1 (Koblitz 192-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192K1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP192K1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224K1_ENABLED - Enable secp224k1 (Koblitz 224-bit) curve // <i> Enable this setting if you need secp224k1 (Koblitz 224-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224K1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP224K1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256K1_ENABLED - Enable secp256k1 (Koblitz 256-bit) curve // <i> Enable this setting if you need secp256k1 (Koblitz 256-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256K1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_SECP256K1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP256R1_ENABLED - Enable bp256r1 (Brainpool 256-bit) curve // <i> Enable this setting if you need bp256r1 (Brainpool 256-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP256R1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP256R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP384R1_ENABLED - Enable bp384r1 (Brainpool 384-bit) curve // <i> Enable this setting if you need bp384r1 (Brainpool 384-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP384R1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP384R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP512R1_ENABLED - Enable bp512r1 (Brainpool 512-bit) curve // <i> Enable this setting if you need bp512r1 (Brainpool 512-bit) support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP512R1_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_BP512R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_ECC_CURVE25519_ENABLED - Enable Curve25519 curve // <i> Enable this setting if you need Curve25519 support using MBEDTLS #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_ECC_CURVE25519_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_ECC_CURVE25519_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA256_ENABLED - Enable mbed TLS SHA-256 hash functionality. // <i> mbed TLS backend implementation for SHA-256. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA256_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA256_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA512_ENABLED - Enable mbed TLS SHA-512 hash functionality. // <i> mbed TLS backend implementation for SHA-512. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA512_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_HASH_SHA512_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA256_ENABLED - Enable mbed TLS HMAC using SHA-256. // <i> mbed TLS backend implementation for HMAC using SHA-256. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA256_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA256_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA512_ENABLED - Enable mbed TLS HMAC using SHA-512. // <i> mbed TLS backend implementation for HMAC using SHA-512. #ifndef NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA512_ENABLED #define NRF_CRYPTO_BACKEND_MBEDTLS_HMAC_SHA512_ENABLED 1 #endif // </e> // <e> NRF_CRYPTO_BACKEND_MICRO_ECC_ENABLED - Enable the micro-ecc backend. //========================================================== #ifndef NRF_CRYPTO_BACKEND_MICRO_ECC_ENABLED #define NRF_CRYPTO_BACKEND_MICRO_ECC_ENABLED 0 #endif // <q> NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP192R1_ENABLED - Enable secp192r1 (NIST 192-bit) curve // <i> Enable this setting if you need secp192r1 (NIST 192-bit) support using micro-ecc #ifndef NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP192R1_ENABLED #define NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP192R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP224R1_ENABLED - Enable secp224r1 (NIST 224-bit) curve // <i> Enable this setting if you need secp224r1 (NIST 224-bit) support using micro-ecc #ifndef NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP224R1_ENABLED #define NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP224R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256R1_ENABLED - Enable secp256r1 (NIST 256-bit) curve // <i> Enable this setting if you need secp256r1 (NIST 256-bit) support using micro-ecc #ifndef NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256R1_ENABLED #define NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256K1_ENABLED - Enable secp256k1 (Koblitz 256-bit) curve // <i> Enable this setting if you need secp256k1 (Koblitz 256-bit) support using micro-ecc #ifndef NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256K1_ENABLED #define NRF_CRYPTO_BACKEND_MICRO_ECC_ECC_SECP256K1_ENABLED 1 #endif // </e> // <e> NRF_CRYPTO_BACKEND_NRF_HW_RNG_ENABLED - Enable the nRF HW RNG backend. // <i> The nRF HW backend provide access to RNG peripheral in nRF5x devices. //========================================================== #ifndef NRF_CRYPTO_BACKEND_NRF_HW_RNG_ENABLED #define NRF_CRYPTO_BACKEND_NRF_HW_RNG_ENABLED 0 #endif // <q> NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG_ENABLED - Enable mbed TLS CTR-DRBG algorithm. // <i> Enable mbed TLS CTR-DRBG standardized by NIST (NIST SP 800-90A Rev. 1). The nRF HW RNG is used as an entropy source for seeding. #ifndef NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG_ENABLED #define NRF_CRYPTO_BACKEND_NRF_HW_RNG_MBEDTLS_CTR_DRBG_ENABLED 1 #endif // </e> // <e> NRF_CRYPTO_BACKEND_NRF_SW_ENABLED - Enable the legacy nRFx sw for crypto. // <i> The nRF SW cryptography backend (only used in bootloader context). //========================================================== #ifndef NRF_CRYPTO_BACKEND_NRF_SW_ENABLED #define NRF_CRYPTO_BACKEND_NRF_SW_ENABLED 0 #endif // <q> NRF_CRYPTO_BACKEND_NRF_SW_HASH_SHA256_ENABLED - nRF SW hash backend support for SHA-256 // <i> The nRF SW backend provide access to nRF SDK legacy hash implementation of SHA-256. #ifndef NRF_CRYPTO_BACKEND_NRF_SW_HASH_SHA256_ENABLED #define NRF_CRYPTO_BACKEND_NRF_SW_HASH_SHA256_ENABLED 1 #endif // </e> // <e> NRF_CRYPTO_BACKEND_OBERON_ENABLED - Enable the Oberon backend // <i> The Oberon backend //========================================================== #ifndef NRF_CRYPTO_BACKEND_OBERON_ENABLED #define NRF_CRYPTO_BACKEND_OBERON_ENABLED 0 #endif // <q> NRF_CRYPTO_BACKEND_OBERON_CHACHA_POLY_ENABLED - Enable the CHACHA-POLY mode using Oberon. #ifndef NRF_CRYPTO_BACKEND_OBERON_CHACHA_POLY_ENABLED #define NRF_CRYPTO_BACKEND_OBERON_CHACHA_POLY_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1_ENABLED - Enable secp256r1 curve // <i> Enable this setting if you need secp256r1 curve support using Oberon library #ifndef NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1_ENABLED #define NRF_CRYPTO_BACKEND_OBERON_ECC_SECP256R1_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519_ENABLED - Enable Curve25519 ECDH // <i> Enable this setting if you need Curve25519 ECDH support using Oberon library #ifndef NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519_ENABLED #define NRF_CRYPTO_BACKEND_OBERON_ECC_CURVE25519_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519_ENABLED - Enable Ed25519 signature scheme // <i> Enable this setting if you need Ed25519 support using Oberon library #ifndef NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519_ENABLED #define NRF_CRYPTO_BACKEND_OBERON_ECC_ED25519_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_OBERON_HASH_SHA256_ENABLED - Oberon SHA-256 hash functionality // <i> Oberon backend implementation for SHA-256. #ifndef NRF_CRYPTO_BACKEND_OBERON_HASH_SHA256_ENABLED #define NRF_CRYPTO_BACKEND_OBERON_HASH_SHA256_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_OBERON_HASH_SHA512_ENABLED - Oberon SHA-512 hash functionality // <i> Oberon backend implementation for SHA-512. #ifndef NRF_CRYPTO_BACKEND_OBERON_HASH_SHA512_ENABLED #define NRF_CRYPTO_BACKEND_OBERON_HASH_SHA512_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA256_ENABLED - Oberon HMAC using SHA-256 // <i> Oberon backend implementation for HMAC using SHA-256. #ifndef NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA256_ENABLED #define NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA256_ENABLED 1 #endif // <q> NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA512_ENABLED - Oberon HMAC using SHA-512 // <i> Oberon backend implementation for HMAC using SHA-512. #ifndef NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA512_ENABLED #define NRF_CRYPTO_BACKEND_OBERON_HMAC_SHA512_ENABLED 1 #endif // </e> // <e> NRF_CRYPTO_BACKEND_OPTIGA_ENABLED - Enable the nrf_crypto Optiga Trust X backend. // <i> Enables the nrf_crypto backend for Optiga Trust X devices. //========================================================== #ifndef NRF_CRYPTO_BACKEND_OPTIGA_ENABLED #define NRF_CRYPTO_BACKEND_OPTIGA_ENABLED 0 #endif // <q> NRF_CRYPTO_BACKEND_OPTIGA_RNG_ENABLED - Optiga backend support for RNG // <i> The Optiga backend provide external chip RNG. #ifndef NRF_CRYPTO_BACKEND_OPTIGA_RNG_ENABLED #define NRF_CRYPTO_BACKEND_OPTIGA_RNG_ENABLED 0 #endif // <q> NRF_CRYPTO_BACKEND_OPTIGA_ECC_SECP256R1_ENABLED - Optiga backend support for ECC secp256r1 // <i> The Optiga backend provide external chip ECC using secp256r1. #ifndef NRF_CRYPTO_BACKEND_OPTIGA_ECC_SECP256R1_ENABLED #define NRF_CRYPTO_BACKEND_OPTIGA_ECC_SECP256R1_ENABLED 1 #endif // </e> // <q> NRF_CRYPTO_CURVE25519_BIG_ENDIAN_ENABLED - Big-endian byte order in raw Curve25519 data // <i> Enable big-endian byte order in Curve25519 API, if set to 1. Use little-endian, if set to 0. #ifndef NRF_CRYPTO_CURVE25519_BIG_ENDIAN_ENABLED #define NRF_CRYPTO_CURVE25519_BIG_ENDIAN_ENABLED 0 #endif // </e> // <h> nrf_crypto_rng - RNG Configuration //========================================================== // <q> NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED - Use static memory buffers for context and temporary init buffer. // <i> Always recommended when using the nRF HW RNG as the context and temporary buffers are small. Consider disabling if using the CC310 RNG in a RAM constrained application. In this case, memory must be provided to nrf_crypto_rng_init, or it can be allocated internally provided that NRF_CRYPTO_ALLOCATOR does not allocate memory on the stack. #ifndef NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED #define NRF_CRYPTO_RNG_STATIC_MEMORY_BUFFERS_ENABLED 1 #endif // <q> NRF_CRYPTO_RNG_AUTO_INIT_ENABLED - Initialize the RNG module automatically when nrf_crypto is initialized. // <i> Automatic initialization is only supported with static or internally allocated context and temporary memory. #ifndef NRF_CRYPTO_RNG_AUTO_INIT_ENABLED #define NRF_CRYPTO_RNG_AUTO_INIT_ENABLED 1 #endif
in Makefile
# Libraries common to all targets
LIB_FILES += \
$(SDK_ROOT)/external/nrf_cc310/lib/cortex-m4/hard-float/libnrf_cc310_0.9.13.a \
$(SDK_ROOT)/external/nrf_oberon/lib/cortex-m4/hard-float/liboberon_3.0.5.a \
EDIT:
Log Error code is "Error = 0x8570".
furthermore debugging,
CRYS_RndInit function returns CRYS_RND_INSTANTIATION_ERROR in nrf_crypto_rng_backend_init function.
in cc310_backend_rng.c
ret_code_t nrf_crypto_rng_backend_init(void * const p_context,
void * const p_temp_buffer)
{
bool mutex_locked;
CRYSError_t err_code;
ret_code_t ret_val;
CRYS_RND_WorkBuff_t * p_work_buffer = (CRYS_RND_WorkBuff_t *)p_temp_buffer;
nrf_crypto_backend_rng_context_t * p_ctx = (nrf_crypto_backend_rng_context_t *)p_context;
// Save time by not reinitializing an already valid CC310 RNG context.
// (Useful for example in case the context was stored in retained memory during system OFF.)
if (p_ctx->header.init_value == NRF_CRYPTO_RNG_CONTEXT_INIT_MAGIC_VALUE)
{
return NRF_SUCCESS;
}
mutex_locked = cc310_backend_mutex_trylock();
VERIFY_TRUE(mutex_locked, NRF_ERROR_CRYPTO_BUSY);
err_code = CRYS_RndInit(&p_ctx->crys_rnd_state, p_work_buffer);
ret_val = result_get(err_code);
cc310_backend_mutex_unlock();
return ret_val;
}
