• State Not Answered
  • Replies 10 replies
  • Subscribers 65 subscribers
  • Views 1369 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 290800
Options

CONFIG_NRF_SECURITY mbedtls generated config doesn't build

bdodge09

In order to use "psa_" crypto functions I use "CONFIG_NRF_SECUIRTY=y". I am also using mbedtls for TLS1.2 networking via external WiFi module

By using NRF Security, the project will no longer build

1 - The "mbedtls_ctr_drbg_*" functions are no longer configured because CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is defined which forces MBEDTLS_RNG_C to NOT be defined.  Unfortunately Zephyr build needs that since it uses ctr_drbg in random subsys.  It seems I could turn that off perhaps, but shouldn't zephyr use the external rng if defined?

2 - The "pk_wrap" file references mbedtls_pk_write_pubkey which isn't defined because PK_WRITE_C isn't defined, but adding CONFIG_MBEDTLS_PK_WRITE_C to the project config doesn't fix that since the header generation ignores that for some reason

3 - I'd also like to use MBEDTLS_DEBUG but the build forces that to 'n'

it seems CONFIG_NRF_SECURITY=y can't work out-of-the-box. ?

------ Prj 

CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS=y
#CONFIG_MBEDTLS_DEBUG=y
CONFIG_MBEDTLS_TLS_LIBRARY=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=97000
CONFIG_APP_LINK_WITH_MBEDTLS=y
CONFIG_MBEDTLS_PK_WRITE_C=y

Parents
  • 0

    Hi Brian,

    Sorry for the late reply.

    I found we actually have sample Crypto: PSA TLS — nRF Connect SDK 1.9.1 documentation (nordicsemi.com) demonstrating how to use Nordic Security Backend.

    It is enabled with the following configuration:

    # mbed TLS and security
    CONFIG_MBEDTLS_PK_C=y
    CONFIG_MBEDTLS_RSA_C=y
    CONFIG_MBEDTLS_PKCS1_V15=y
    CONFIG_MBEDTLS_ENABLE_HEAP=y
    CONFIG_MBEDTLS_HEAP_SIZE=55936
    CONFIG_MBEDTLS_TLS_LIBRARY=y
    CONFIG_MBEDTLS_X509_LIBRARY=y
    CONFIG_NRF_SECURITY_ADVANCED=y
    CONFIG_NORDIC_SECURITY_BACKEND=y
    You can enable mbed TLS debug with 
    CONFIG_MBEDTLS_DEBUG_C=y
    I have tested the original  Crypto: PSA TLS sample and hellow_world, and both of them have no errors for the build.
     

    For the Zigbee AES methods selection, I try to inquire our development team and still waiting for a reply.

    Best regards,

    Charlie 

Reply
  • 0

    Hi Brian,

    Sorry for the late reply.

    I found we actually have sample Crypto: PSA TLS — nRF Connect SDK 1.9.1 documentation (nordicsemi.com) demonstrating how to use Nordic Security Backend.

    It is enabled with the following configuration:

    # mbed TLS and security
    CONFIG_MBEDTLS_PK_C=y
    CONFIG_MBEDTLS_RSA_C=y
    CONFIG_MBEDTLS_PKCS1_V15=y
    CONFIG_MBEDTLS_ENABLE_HEAP=y
    CONFIG_MBEDTLS_HEAP_SIZE=55936
    CONFIG_MBEDTLS_TLS_LIBRARY=y
    CONFIG_MBEDTLS_X509_LIBRARY=y
    CONFIG_NRF_SECURITY_ADVANCED=y
    CONFIG_NORDIC_SECURITY_BACKEND=y
    You can enable mbed TLS debug with 
    CONFIG_MBEDTLS_DEBUG_C=y
    I have tested the original  Crypto: PSA TLS sample and hellow_world, and both of them have no errors for the build.
     

    For the Zigbee AES methods selection, I try to inquire our development team and still waiting for a reply.

    Best regards,

    Charlie 

Children
Related