• State Not Answered
  • Replies 7 replies
  • Subscribers 89 subscribers
  • Views 1460 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 281308
Options

Connectivity AND security with limited RAM

Manuel

I'm currently developping an application based on the Zephyr OS with its BLE protocol stack using the nRF52805 SoC.
Due to security specifications, some cryptographical features of the built-in mbedTLS library shall be used.
Since the nRF52805 does only have 24 kB of RAM, I'm currently not able to fit the build into the available memory, even after a lot of optimizations via prj.conf.
Is the nRF52805 as a promoted IoT Soc actually intended to be able to run Zephyr applications including mbedTLS or is it only useful for simple beaconing without any cryptographical support?

Parents Reply Children
  • 0 in reply to Kenneth

    Thank you for your reply!

    Yes it is indeed not very ressource friendly. One main reason to go with mbedTLS as a first try is that it's already integrated into Zephyr and thus easy to embed into the project. However, I think this does not match with our device choice.
    Oberon has already been in scope but requires to make some compromises regarding our intended security concept and thus was not the first choice so far. I will check if this could actually be a viable alternative.

  • 0 in reply to Kenneth

    I now managed to implement the required cryptographical operations using the oberon library and it seems to work with a high enough stack size.

    However, I was not able to use relative paths to the library files, since they were not found within the project / environment. Instead I had to use absolute include paths e.g.:

    #include "C:\work\tools\ncs\v1.7.0\nrfxlib\crypto\nrf_oberon\include\ocrypto_ecdsa_p256.h"

    Am I missing something?
    How must I configure the toolchain, the project or its CMakeLists.txt to have these include paths available?
    Any other ideas, what the reason for this could be?

    Thank you

  • 0 in reply to Manuel

    Hi Manuel,

    I will continue handle your case.

    My first guess is that you are missing some Kconfig configurations.
    Have you configured CONFIG_OBERON_BACKEND?
    Could you post the contents of your prj.conf file?

    Regards,
    Sigurd Hellesvik

  • 0 in reply to Manuel

    Hello Sigurd

    Thank you for your reply.
    I made the following configurations in prj.conf which are related to oberon:

    CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_OBERON_BACKEND=y
CONFIG_NRF_OBERON=y

    The include as stated below does still not work:

    #include <ocrypto_sha256.h>

  • 0 in reply to Manuel

    Hi

    Try to add the following to CMakeLists.txt:

    zephyr_link_libraries(nrfxlib_crypto)

    Although, I think this should be done by the configuration somewhere.
    I will ask our developers about this and return if I find a better solution. (EDIT: They agree that this is a sufficient way to include the ocrypto files at the moment)

    After some reading into this I suggest that you do not CONFIG_NORDIC_SECURITY_BACKEND or CONFIG_OBERON_BACKEND(Which just chooses the backend for Nordic Security backend) , as these will select mbedtls, which makes your application take more space:

    CONFIG_NRF_OBERON should be enough I think.

    Regards,
    Sigurd Hellesvik

Related