Connectivity AND security with limited RAM

I'm currently developping an application based on the Zephyr OS with its BLE protocol stack using the nRF52805 SoC.
Due to security specifications, some cryptographical features of the built-in mbedTLS library shall be used.
Since the nRF52805 does only have 24 kB of RAM, I'm currently not able to fit the build into the available memory, even after a lot of optimizations via prj.conf.
Is the nRF52805 as a promoted IoT Soc actually intended to be able to run Zephyr applications including mbedTLS or is it only useful for simple beaconing without any cryptographical support?

Top Replies

Manuel over 4 years ago in reply to Sigurd Hellesvik +1

Thank you very much, the manually added entry in CMakeLists.txt did the trick! Now it's working with the following added terms: prj.conf CONFIG_NRF_OBERON=y CMakeLists.txt zephyr_link_libraries(nrfxlib_crypto…

0 Kenneth over 4 years ago

From my understanding the mbedtls is the largest crypto library, maybe you can look into using the oberon or tinycrypt instead?
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/crypto/tinycrypt.html
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrfxlib/crypto/doc/nrf_oberon.html
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Manuel over 4 years ago in reply to Kenneth

Thank you for your reply!

Yes it is indeed not very ressource friendly. One main reason to go with mbedTLS as a first try is that it's already integrated into Zephyr and thus easy to embed into the project. However, I think this does not match with our device choice.
Oberon has already been in scope but requires to make some compromises regarding our intended security concept and thus was not the first choice so far. I will check if this could actually be a viable alternative.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Manuel over 4 years ago in reply to Kenneth
I now managed to implement the required cryptographical operations using the oberon library and it seems to work with a high enough stack size.

However, I was not able to use relative paths to the library files, since they were not found within the project / environment. Instead I had to use absolute include paths e.g.:
#include "C:\work\tools\ncs\v1.7.0\nrfxlib\crypto\nrf_oberon\include\ocrypto_ecdsa_p256.h"

Am I missing something?
How must I configure the toolchain, the project or its CMakeLists.txt to have these include paths available?
Any other ideas, what the reason for this could be?

Thank you
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Sigurd Hellesvik over 4 years ago in reply to Manuel

Hi Manuel,

I will continue handle your case.

My first guess is that you are missing some Kconfig configurations.
Have you configured CONFIG_OBERON_BACKEND?
Could you post the contents of your prj.conf file?

Regards,
Sigurd Hellesvik
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Manuel over 4 years ago in reply to Manuel
Hello Sigurd

Thank you for your reply.
I made the following configurations in prj.conf which are related to oberon:

CONFIG_NORDIC_SECURITY_BACKEND=y CONFIG_OBERON_BACKEND=y CONFIG_NRF_OBERON=y

The include as stated below does still not work:

#include <ocrypto_sha256.h>
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel