How to use latest Mbed TLS (2.26.0) with nRF Connect SDK v1.5.0 on Thingy:91

Question

I would like to use the latest version of Mbed TLS (2.26.0) on the Thingy:91 and then realize a TLS connection using this version. As a first step I integrated this particular version of Mbed TLS into the at_client sample project. For this I followed the steps listed below. Good news is that it compiles and links. 
 When i compare my result with the Mbed TLS (2.16.8) integration provided by the SDK (CONFIG_MBEDTLS=y) I see that the two defines (MBEDTLS_NET_C, MBEDTLS_TIMING_C) are active in constrast to my approach. And that step 6 (check for is regular file) seems not to be necessary. 
 Therefore, I would like know how I can remove these differences? 
 Is there an easier way to reach my goal than the steps below? (Maybe via CONFIG_MBEDTLS_VANILLA_BACKEND ?) 
 Developing on Windows with SEGGER Embdedded Studio 5.34a and toolchain version 1.5.0 for target thingy91_nrf9160ns . 1. Copy include and library folder from Mbed TLS ( github.com/.../mbedtls , tag 2.26.0) to at_client root folder (C:\Users\<username>
cs\v1.5.0
rf\samples
rf9160\at_client) 
 2. Remove .gitignore, CMakeLists.txt from copied folders include and library 3. Remove Makefile from library 
 4. Edit CMakeLists.txt in at_client in order to add source and include files from Mbed TLS to the project and to define MBEDTLS_USE_PSA_CRYPTO, CONFIG_POSIX_FS. Add folder $ENV{ZEPHYR_BASE}/include/posix to provide dirent.h and sys/stat.h. CMakeLists.txt is as follows: cmake_minimum_required(VERSION 3.13.1) find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) project(NONE) # NORDIC SDK APP START file(GLOB app_sources library/*.c ) target_sources(app PRIVATE src/main.c ${app_sources}) target_compile_definitions(app PRIVATE MBEDTLS_USE_PSA_CRYPTO CONFIG_POSIX_FS) target_include_directories(app PRIVATE library include include/mbedtls include/psa $ENV{ZEPHYR_BASE}/include/posix) # NORDIC SDK APP END 
 4. Create at_client project in Segger Embedded Studio via File → Open nRF CONNECT SDK Project ... Select thingy91_nrf9160ns as platform 
 5. In at_client project open include/mbedtls/config.h via File → Open and modify defines as follows #define MBEDTLS_NO_PLATFORM_ENTROPY //#define MBEDTLS_NET_C //#define MBEDTLS_TIMING_C 
 6. In file library/x509_crt.c comment out two lines (1650,1651) // if( !S_ISREG( sb.st_mode ) ) // continue; Now the project builds (compiles and links) succesfully.

Vidar Berg · Accepted Answer

Hello, 
 Have you tried to just update the mbedtls version in the nrf manifest? NCS v.1.5.0 tag is on mbedtls version 2.24.0 as you can see form the west manifest here: https://github.com/nrfconnect/sdk-nrf/blob/8e8c60897eac40f61db9f578ce521970fff8e4d2/west.yml#L134

Vidar Berg · Answer

I'm don't see any problems with the configuration above. However, I forgot to ask what the motivation for doing this update was, so I'm not sure what the goal is. Both the Oberon and the cc3xx backend should be better in terms of performance. 
 Nordic security module documentation for reference: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrfxlib/nrf_security/README.html

Vidar Berg · Answer

Thanks for updating the thread earlier and clarifying what the goal was. With regards to the linker error, I have seen it before, but can't remember exactly what caused it. Could you try to build with CONFIG_MBEDTLS_INSTALL_PATH="DUMMY" and see if that helps? This is the configuration used by the crypto test projects in \v1.5.0
rf	ests\crypto at least.

How to use latest Mbed TLS (2.26.0) with nRF Connect SDK v1.5.0 on Thingy:91

Top Replies