Bootloader build with ECDSA256 (nRF52832, SDK 16.0.0, S132 v7.0.1)

Hi RMV,

The first issue I ran into was that I need to set up a 'frontend' and a 'backend'.

The nrf_crypto library provide a unified API for a number of different crypto libraries. If you use an SDK example you generally have all libraries included in the project and just need to select the desired backend in sdk_config.h See Configuring nrf_crypto frontend and backends.

1. In this regard I am not sure what role is played by the external uECC library that I built with GCC ARM.

micro-ecc is one of the supported backend for nrf_crypto. If you enable the micro-ecc backend for the specific algorithm you use, then this backend will be used for that algorithm.

2.I was able to recreate the build used by the secure_bootloader example but over time I am beginning to get the feeling that the configuration out of the box does not support ECDSA-256 (?)

Why do you get that feeling? The SDK bootloader support using ECDSA_P256_SHA256 boot validation of the application out of the box as explained in this thread.

3. I found out, after navigating through many web pages and spending quite a few hours, that the 310 backend is NOT supported on the nRF52832. Now I don't know what is ACTUALLY supported on the nRF52832 -- should Iuse uECC or should I use OBERON or 'nrf sw implementation/?

CC310 / CryptoCell is a HW peripheral in the nRF52840. It is not available in any other nRF52 series devices. However, all the other nrf_crypto backends are SW libraries that can be used on any nRF52 device. In the bootloader it makes most sense to use micro-ecc as it seems you are allready doing, as that has a small footprint.

An example is when I tried to enable the OBERON backend --
  If I enable all the same flags in the basic crypto example I get this warning (even though the build succeeds)
        #warning "NRF_CRYPTO_CURVE25519_BIG_ENDIAN_ENABLED not defined. Please define it to choose the endianness of Curve25519 parameters."

Have you migrated from an earlier SDK version, or is there another reason your sdk_config.h is not valid out of the box? In any case, you can fix this by defining NRF_CRYPTO_CURVE25519_BIG_ENDIAN_ENABLED to 0 or 1 as you can see done in many example sdk_config.h files in the SDK. Note that it will not have any practical implications though, unless you actually use that curve (though I fully agree that you should make your code build without any warnings).

If I do not define the Curve25519 specific parameters then I get this warning:
        #warning NRF_CRYPTO_BACKEND_CC310_BL_HASH_SHA256_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?)

Again, I suspect you have a problem with your sdk_config.h. You should copy the whole nrf_crypto section of a valid sdk_config.h and adapt to your needs. That means not deleting anything, but just toggling features off or on by settings the definitions to 0 or 1 as explained here. That way you should not get any of these warnings.

Hi RMV,

The first issue I ran into was that I need to set up a 'frontend' and a 'backend'.

The nrf_crypto library provide a unified API for a number of different crypto libraries. If you use an SDK example you generally have all libraries included in the project and just need to select the desired backend in sdk_config.h See Configuring nrf_crypto frontend and backends.

1. In this regard I am not sure what role is played by the external uECC library that I built with GCC ARM.

micro-ecc is one of the supported backend for nrf_crypto. If you enable the micro-ecc backend for the specific algorithm you use, then this backend will be used for that algorithm.

2.I was able to recreate the build used by the secure_bootloader example but over time I am beginning to get the feeling that the configuration out of the box does not support ECDSA-256 (?)

Why do you get that feeling? The SDK bootloader support using ECDSA_P256_SHA256 boot validation of the application out of the box as explained in this thread.

3. I found out, after navigating through many web pages and spending quite a few hours, that the 310 backend is NOT supported on the nRF52832. Now I don't know what is ACTUALLY supported on the nRF52832 -- should Iuse uECC or should I use OBERON or 'nrf sw implementation/?

CC310 / CryptoCell is a HW peripheral in the nRF52840. It is not available in any other nRF52 series devices. However, all the other nrf_crypto backends are SW libraries that can be used on any nRF52 device. In the bootloader it makes most sense to use micro-ecc as it seems you are allready doing, as that has a small footprint.

An example is when I tried to enable the OBERON backend --
  If I enable all the same flags in the basic crypto example I get this warning (even though the build succeeds)
        #warning "NRF_CRYPTO_CURVE25519_BIG_ENDIAN_ENABLED not defined. Please define it to choose the endianness of Curve25519 parameters."

Have you migrated from an earlier SDK version, or is there another reason your sdk_config.h is not valid out of the box? In any case, you can fix this by defining NRF_CRYPTO_CURVE25519_BIG_ENDIAN_ENABLED to 0 or 1 as you can see done in many example sdk_config.h files in the SDK. Note that it will not have any practical implications though, unless you actually use that curve (though I fully agree that you should make your code build without any warnings).

If I do not define the Curve25519 specific parameters then I get this warning:
        #warning NRF_CRYPTO_BACKEND_CC310_BL_HASH_SHA256_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?)

Again, I suspect you have a problem with your sdk_config.h. You should copy the whole nrf_crypto section of a valid sdk_config.h and adapt to your needs. That means not deleting anything, but just toggling features off or on by settings the definitions to 0 or 1 as explained here. That way you should not get any of these warnings.