• State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 75 subscribers
  • Views 3116 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 282035
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

nRF9160 - Using ECC accelerator from user application?

Achim Kraus

I want to use a nRF9160 to send data over UDP/NB-IoT.

For encryption I want to use eclipse/tinydtls in order to have support for RFC7250 and (upcoming) RFC9146. That works with software ecc (so far). However the software ecc-functions takes a couple of seconds (more or less expected). Therefore, I would like to try to use the ecc-hw-accelerator.

As far as i understand 1.6 Secure vs. nonsecure ,

"However, this feature is more critical when building applications for the nRF9160, since cellular IoT applications has to be build as non-secure in order to communicate with the modem."

it seems to be not possible to access the ecc-hw from such an cellular IoT application, because that must be on non-secure and there the hw-ecc is not available (right?).

It is somehow hard to understand, why cellular IoT applications has to be build as non-secure. Is there a more detailed explanation about that as "in order to communicate with the modem"?

I read also, that maybe mbedtls could use the ecc-hw for crypto functions. But it leaves it unclear to me, if this is then also limited to the "secure mode" and so also not usable in a iot-application itself.

Parents
  • 0

    Hi,

    It is not possible to communicate with the modem from secure mode, so implementing the application (at least the parts of it that communicate with the modem) is a hard requirement. This cannot be changed. Also, as you noted, the CryptoCell (crypto accelerator) can only be used from secure mode. There has been support for using the RNG from CryptoCell from SPM, but support for other features including ECC is not implemented there. For that, you should look at TF-M, which is intended to replace SPM and also provide extended functionality. TF-M is currently experimental, but is the only solution Nordic provide for this. You can see how it is used by referring to the Crypto examples. If you build for non-secure, TF-M is automatically included.

  • 0 in reply to Einar Thorsrud

    I tried "ncs-1.8.0/nrf/samples/crypto/ecdh". I get a build failure:

    Building 'zephyr/zephyr_prebuilt.elf' from solution 'build' in configuration 'Common'
    2> Compiling 'empty_file.c'
    1> Linking 'zephyr_prebuilt.elf'
    1> /opt/gcc-arm-none-eabi-9-2019-q4-major/bin/../lib/gcc/arm-none-eabi/9.2.1/../../../../arm-none-eabi/bin/ld.bfd: modules/nrfxlib/nrfxlib/nrf_security/src/libmbedcrypto.a(bignum.c.obj): in function `mbedtls_mpi_read_binary_le':
    1> /home/achim/repos/ncs-1.8.0/mbedtls/library/bignum.c:845: multiple definition of `mbedtls_mpi_read_binary_le'; modules/nrfxlib/nrfxlib/nrf_security/src/libmbedcrypto.a(ecp_oberon.c.obj):/home/achim/repos/ncs-1.8.0/nrfxlib/nrf_security/src/mbedtls/oberon/ecp_oberon.c:91: first defined here
    1> /opt/gcc-arm-none-eabi-9-2019-q4-major/bin/../lib/gcc/arm-none-eabi/9.2.1/../../../../arm-none-eabi/bin/ld.bfd: modules/nrfxlib/nrfxlib/nrf_security/src/libmbedcrypto.a(bignum.c.obj): in function `mbedtls_mpi_write_binary_le':
    1> /home/achim/repos/ncs-1.8.0/mbedtls/library/bignum.c:920: multiple definition of `mbedtls_mpi_write_binary_le'; modules/nrfxlib/nrfxlib/nrf_security/src/libmbedcrypto.a(ecp_oberon.c.obj):/home/achim/repos/ncs-1.8.0/nrfxlib/nrf_security/src/mbedtls/oberon/ecp_oberon.c:124: first defined here
    1> collect2: error: ld returned 1 exit status
    Build failed

    Any ideas?

Reply
  • 0 in reply to Einar Thorsrud

    I tried "ncs-1.8.0/nrf/samples/crypto/ecdh". I get a build failure:

    Building 'zephyr/zephyr_prebuilt.elf' from solution 'build' in configuration 'Common'
    2> Compiling 'empty_file.c'
    1> Linking 'zephyr_prebuilt.elf'
    1> /opt/gcc-arm-none-eabi-9-2019-q4-major/bin/../lib/gcc/arm-none-eabi/9.2.1/../../../../arm-none-eabi/bin/ld.bfd: modules/nrfxlib/nrfxlib/nrf_security/src/libmbedcrypto.a(bignum.c.obj): in function `mbedtls_mpi_read_binary_le':
    1> /home/achim/repos/ncs-1.8.0/mbedtls/library/bignum.c:845: multiple definition of `mbedtls_mpi_read_binary_le'; modules/nrfxlib/nrfxlib/nrf_security/src/libmbedcrypto.a(ecp_oberon.c.obj):/home/achim/repos/ncs-1.8.0/nrfxlib/nrf_security/src/mbedtls/oberon/ecp_oberon.c:91: first defined here
    1> /opt/gcc-arm-none-eabi-9-2019-q4-major/bin/../lib/gcc/arm-none-eabi/9.2.1/../../../../arm-none-eabi/bin/ld.bfd: modules/nrfxlib/nrfxlib/nrf_security/src/libmbedcrypto.a(bignum.c.obj): in function `mbedtls_mpi_write_binary_le':
    1> /home/achim/repos/ncs-1.8.0/mbedtls/library/bignum.c:920: multiple definition of `mbedtls_mpi_write_binary_le'; modules/nrfxlib/nrfxlib/nrf_security/src/libmbedcrypto.a(ecp_oberon.c.obj):/home/achim/repos/ncs-1.8.0/nrfxlib/nrf_security/src/mbedtls/oberon/ecp_oberon.c:124: first defined here
    1> collect2: error: ld returned 1 exit status
    Build failed

    Any ideas?

Children
No Data
Related
Terms of service