Connectivity AND security with limited RAM

I'm currently developping an application based on the Zephyr OS with its BLE protocol stack using the nRF52805 SoC.
Due to security specifications, some cryptographical features of the built-in mbedTLS library shall be used.
Since the nRF52805 does only have 24 kB of RAM, I'm currently not able to fit the build into the available memory, even after a lot of optimizations via prj.conf.
Is the nRF52805 as a promoted IoT Soc actually intended to be able to run Zephyr applications including mbedTLS or is it only useful for simple beaconing without any cryptographical support?

Top Replies

Manuel over 4 years ago in reply to Sigurd Hellesvik +1

Thank you very much, the manually added entry in CMakeLists.txt did the trick! Now it's working with the following added terms: prj.conf CONFIG_NRF_OBERON=y CMakeLists.txt zephyr_link_libraries(nrfxlib_crypto…

Parents

0 Kenneth over 4 years ago

From my understanding the mbedtls is the largest crypto library, maybe you can look into using the oberon or tinycrypt instead?
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/crypto/tinycrypt.html
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrfxlib/crypto/doc/nrf_oberon.html
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Manuel over 4 years ago in reply to Kenneth
I now managed to implement the required cryptographical operations using the oberon library and it seems to work with a high enough stack size.

However, I was not able to use relative paths to the library files, since they were not found within the project / environment. Instead I had to use absolute include paths e.g.:
#include "C:\work\tools\ncs\v1.7.0\nrfxlib\crypto\nrf_oberon\include\ocrypto_ecdsa_p256.h"

Am I missing something?
How must I configure the toolchain, the project or its CMakeLists.txt to have these include paths available?
Any other ideas, what the reason for this could be?

Thank you
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Sigurd Hellesvik over 4 years ago in reply to Manuel

Hi Manuel,

I will continue handle your case.

My first guess is that you are missing some Kconfig configurations.
Have you configured CONFIG_OBERON_BACKEND?
Could you post the contents of your prj.conf file?

Regards,
Sigurd Hellesvik
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Manuel over 4 years ago in reply to Manuel
Hello Sigurd

Thank you for your reply.
I made the following configurations in prj.conf which are related to oberon:

CONFIG_NORDIC_SECURITY_BACKEND=y CONFIG_OBERON_BACKEND=y CONFIG_NRF_OBERON=y

The include as stated below does still not work:

#include <ocrypto_sha256.h>
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Manuel over 4 years ago in reply to Manuel
Hello Sigurd

Thank you for your reply.
I made the following configurations in prj.conf which are related to oberon:

CONFIG_NORDIC_SECURITY_BACKEND=y CONFIG_OBERON_BACKEND=y CONFIG_NRF_OBERON=y

The include as stated below does still not work:

#include <ocrypto_sha256.h>
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Sigurd Hellesvik over 4 years ago in reply to Manuel
Hi

Try to add the following to CMakeLists.txt:
zephyr_link_libraries(nrfxlib_crypto)

Although, I think this should be done by the configuration somewhere.
I will ask our developers about this and return if I find a better solution. (EDIT: They agree that this is a sufficient way to include the ocrypto files at the moment)

After some reading into this I suggest that you do not CONFIG_NORDIC_SECURITY_BACKEND or CONFIG_OBERON_BACKEND(Which just chooses the backend for Nordic Security backend) , as these will select mbedtls, which makes your application take more space:

CONFIG_NRF_OBERON should be enough I think.

Regards,
Sigurd Hellesvik
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Manuel over 4 years ago in reply to Sigurd Hellesvik
Thank you very much, the manually added entry in CMakeLists.txt did the trick!

Now it's working with the following added terms:

prj.conf
CONFIG_NRF_OBERON=y

CMakeLists.txt
zephyr_link_libraries(nrfxlib_crypto)

C-code:
#include <ocrypto_sha256.h>

Best regards
Manuel
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel