• State Not Answered
  • Replies 17 replies
  • Subscribers 63 subscribers
  • Views 3136 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 275684
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Unaligned memory access Fault using mbedTLS on nrf5340 cpuapp

persimmon

I took the RSA example in /nrf/samples/crypto/rsa and added a function foo() to it. I am using nrf5340DK with nrfConnect v1.6.1 and build for cpuapp. 

my function foo() uses mbedtls functions heavily and makes a call to mbedtls_entropy_init(entropy

 I get the following exception when the mbedtls_entropy_init(entropy)  function is called from foo().

os: ***** USAGE FAULT ***** 
os:   Unaligned memory access 
r0/a1:  0x00000000  r1/a2:  0x00000000  r2/a3:  0x200331d4 
r3/a4:  0x00022845 r12/ip:  0x00000000 r14/lr:  0x00004621 
os:  xpsr:  0x69000000 
os: Faulting instruction address (r15/pc): 0x00023be8 
os: >>> ZEPHYR FATAL ERROR 0: CPU exception on CPU 0 
os: Current thread: 0x200003c8 (unknown) 
fatal_error: Resetting system 

here is the stack call.
mbedtls_entropy_init( &drbg->entropy );
mbedtls_mutex_init( &ctx->mutex ); 
mutex_init_platform(){   
...   
     p_mutex = (struct k_mutex *)mutex->mutex;  //p_mutex is NOT aligned 0x00022875
     k_mutex_init(p_mutex);
...
}
k_mutex_init(p_mutex) --> z_impl_k_mutex_init()
mutex->owner = NULL; <<----- exception happens here.
The rsa program itself makes a call to mutex_init_platform() as well. I checked all the values of p_mutex and all of them are aligned by 8 bytes. However my mbedtls calls leads to unaligned p_mutex values.

I appreciate if you could help me resolve this issue.




Parents Reply Children
  • 0 in reply to persimmon

    Hi,

    I am a bit confused. Why are you using mbedTLS here and how do you intend it to work? Taking the last question first, this will not work with non-secure (ns) without using the PSA APIs and TF-M. That is because the CryptoCell peripheral used for HW acceleration only works in secure mode. 

    You can use this example (without your modifications) in non-secure as well, using TF-M. That way, the TF-M implementation provide the PSA API to the non-secure code.

    Note that PSA just like mbedTLS is maintained by ARM, and you can think of PSA as a standardized crypto API that sits on top on several implementations.

    So in short I think you need to revise your approach, as it cannot work the way you intend. Probably what you want to do is skip all teh mbed TLS API calls and replace them with PSA calls, which can then also be used in non-secure.

  • 0 in reply to persimmon

    Hello There, 

    Thank you for your response. 

    >>Why are you using mbedTLS here and how do you intend it to work? 

    The code I provided is an example to show the problem, not the actual project. We cannot not use PSA in our project, we can only use mbedTLS. Therefore, please take this problem as making calls to the mbedTLS library. 


    >>So in short I think you need to revise your approach, as it cannot work the way you intend. 

    The problem is not me changing my approach. The problem is that you cannot make certain mbedTLS calls in the secure world of your platform.

    I think we agree that mbedTLS should work in both secure and in non-secure worlds correctly. As I mentioned it currently creates unaligned error, when accessing mutex. If you define corresponding variable as static, error is not generated. This essentially shows that the compiler creates aligned data in data-segment, but not the stack of my code.

    The RSA part that uses PSA, makes call to the same mutex, but you don't see that problem. 


    PS: Apart from above, it seems to me there is a problem with SECP256K1. I investigate and get back to you.

    Regards,
    P.

  • 0 in reply to persimmon

    Hi,

    persimmon said:
    The code I provided is an example to show the problem, not the actual project.

    I see. The actual issue you are seeing her is what is described in this thread.

    The fix is to add this line before your call to mbedtls_entropy_init():

        memset(&ec->entropy, 0, sizeof(ec->entropy));

    persimmon said:
    We cannot not use PSA in our project, we can only use mbedTLS.

    May I ask why that is?

    persimmon said:
    I think we agree that mbedTLS should work in both secure and in non-secure worlds correctly.

    Yes and no. Purely as a SW library, yes. But the only entropy source available to the application core is within CryptoCell, and that is only accessible from secure domain. So you cannot use this code in non-secure. The only solution to that that is provided by the nRF Connect SDK is using PSA TF-M. That way, TF-M will provide crypto operations as secure services to the non-secure code, using PSA APIs.

  • 0 in reply to Einar Thorsrud

    I appreciate the fix. I try and let you know.


    >>May I ask why that is?

    We are performing very customized crypto operations (we are cryptographers) and PSA is too high-level for us. Even mbedTLS is too high-level. We would like to use CryptoCell directly, but we don't exactly know NRF software architecture. I noticed that mbedTLS in secure-world calls to CryptoCell library and I was wondering how we can do  that. I even modified some of your mbedTLS functions in secure-world, but apparently they are not build during the SW build.

    Any help would be really appreciated. We are capable of modifying mbedTLS library and/or add our own functions. But we don't know how to build it and with our software. 

    >>Yes and no. Purely as a SW library....

    Agreed.  noticed that your build pulls in the TF-M automatically, when you use PSA and build for NS. And makes call to the secure part under the hood. It is a very interesting SW work. I have worked with similar chips, but their build is way more complicated. 

    We run our code in secure-world. We need quick access to CryptoCell.

    Another question, if I may. Is the random number generate in the code I send  is correctly constructed and uses the hardware-random-number generator, or we need to add that HW-RNG explicitly as entropy source?

    Reagards,
    P.

  • 0 in reply to persimmon

    Hi,

    persimmon said:
    I noticed that mbedTLS in secure-world calls to CryptoCell library and I was wondering how we can do  that.

    There are quite a few libraries crypto libraries in nRF Connect SDK. These are managed by the Nordic Security Module, so I suggest you start looking at that. That is relevant both if you want to use it, of if you want to see how various modules (like the CryptoCell runtime library, Mbed TLS, etc) are integrated. The Cryptography tests are a good example to look at to see this in practice. It configurations for various scenarios, like using mbed TLS with CryptoCell as a crypto accelerator, and using CryptoCell only for entropy, etc.

    persimmon said:
    Is the random number generate in the code I send  is correctly constructed and uses the hardware-random-number generator, or we need to add that HW-RNG explicitly as entropy source?

    You use the CrytoCell RNG in this project.

Related