• State Not Answered
  • Replies 8 replies
  • Subscribers 65 subscribers
  • Views 1366 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 306216
Options

Zephyr bus fault when using PSA crypto with CC310 and Openthread L2 layer

nealjack

Hello,

I am migrating an application based on the old Nordic SDK16 to the NCS Zephyr SDK.

My workspace is using Zephyr commit f8f11338, nrfconnect/mbedtls commit de1b3f57, and nrfconnect/sdk-nrf commit f06fb7d3.

My application utilizes openthread and also requires the use of ECDSA key management and signing.

To use these features, I use the following configuration options to enable the Openthread L2 layer and the PSA crypto library. These options were adapted from zephyr openthread samples and psa crypto ncs sample configurations.


# The Zephyr CMSIS emulation assumes that ticks are ms, currently
CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000

CONFIG_MAIN_STACK_SIZE=4096
CONFIG_HEAP_MEM_POOL_SIZE=4096

# Enable loging using RTT and UART
CONFIG_CONSOLE=y
CONFIG_LOG=y
CONFIG_USE_SEGGER_RTT=y
CONFIG_LOG_BACKEND_RTT=y
CONFIG_LOG_BACKEND_UART=y
CONFIG_LOG_BUFFER_SIZE=15360
CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360

# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

# Enable persistent storage APIs
CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C=y
CONFIG_PSA_NATIVE_ITS=y

CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

# Generic networking options
CONFIG_NETWORKING=y
CONFIG_NET_UDP=y
CONFIG_NET_TCP=n
CONFIG_NET_IPV6=y
CONFIG_NET_IPV4=n
CONFIG_NET_DHCPV4=n
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_SOCKETS_POLL_MAX=4
CONFIG_NET_SOCKETS_ENABLE_DTLS=y
CONFIG_NET_CONNECTION_MANAGER=y

CONFIG_NET_MGMT=y
CONFIG_NET_MGMT_EVENT=y

# Openthread config
CONFIG_NET_L2_OPENTHREAD=y

CONFIG_OPENTHREAD_MANUAL_START=n
CONFIG_OPENTHREAD_DEBUG=y
CONFIG_OPENTHREAD_L2_DEBUG=y
CONFIG_OPENTHREAD_L2_LOG_LEVEL_INF=y

CONFIG_OPENTHREAD_CHANNEL=26
CONFIG_OPENTHREAD_NETWORKKEY="00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff"

CONFIG_OPENTHREAD_DHCP6_CLIENT=y
CONFIG_OPENTHREAD_SLAAC=y
CONFIG_OPENTHREAD_MTD=y
CONFIG_OPENTHREAD_MTD_SED=y
CONFIG_OPENTHREAD_POLL_PERIOD=1000

With this configuration, I find that my application encounters a bus fault during initialization:

[00:00:00.002,197] <inf> ieee802154_nrf5: nRF5 802154 radio initialized
[00:00:00.002,777] <err> os: ***** BUS FAULT *****
[00:00:00.002,807] <err> os:   Imprecise data bus error
[00:00:00.002,807] <err> os: r0/a1:  0x20001700  r1/a2:  0x00000000  r2/a3:  0x200ff8bd
[00:00:00.002,838] <err> os: r3/a4:  0x200ff8bd r12/ip:  0x000001d1 r14/lr:  0x0001a1ad
[00:00:00.002,838] <err> os:  xpsr:  0x61000000
[00:00:00.002,868] <err> os: s[ 0]:  0x00000000  s[ 1]:  0x00000000  s[ 2]:  0x00000000  s[ 3]:  0x00000000
[00:00:00.002,868] <err> os: s[ 4]:  0x00000000  s[ 5]:  0x00000000  s[ 6]:  0x00000000  s[ 7]:  0x00000000
[00:00:00.002,899] <err> os: s[ 8]:  0x00000000  s[ 9]:  0x00000000  s[10]:  0x00000000  s[11]:  0x00000000
[00:00:00.002,899] <err> os: s[12]:  0x00000000  s[13]:  0x00000000  s[14]:  0x00000000  s[15]:  0x00000000
[00:00:00.002,929] <err> os: fpscr:  0x2000c734
[00:00:00.002,929] <err> os: Faulting instruction address (r15/pc): 0x00031692
[00:00:00.002,960] <err> os: >>> ZEPHYR FATAL ERROR 0: CPU exception on CPU 0
[00:00:00.002,990] <err> os: Current thread: 0x20006310 (unknown)
[00:00:00.435,333] <err> fatal_error: Resetting system



Independently, samples that use openthread or PSA features work successfully, including the persistent_key_usage and the ecdsa samples.
I find that enabling the openthread l2 layer in these examples with the config options mentioned above results in the same bus fault that I am experiencing when running my application. I am convinced this is due to a conflict with the usage of the CC310 accelerator between the PSA library and the Openthread stack.

I have tried to use the oberon stack instead of the CC3XX and while the application no longer experiences a bus fault, psa_generate_key always returns (-134). I tracked this down via gdb to key attribute validation in psa_validate_key_attributes(), specifically psa_validate_key_location().

These issues can be replicated with the existing NCS crypto examples and are not unique to my application.


Is there a preferred way to integrate a crypto library and the openthread stack within an NCS Zephyr application that I missed the documentation for? If not, how can I resolve this configuration conflict between openthread and the PSA libraries?

Thanks,
Neal

Parents Reply
  • 0 in reply to Amanda Hsieh

    This issue is still present on 2.4.0. Does Nordic have any plans or ideas on how to resolve this? Our development is stalled as we require cryptographic operations in tandem with Openthread networking.

    This problem can be replicated with the nrf/crypto/ecdsa sample with this configuration:

    # The Zephyr CMSIS emulation assumes that ticks are ms, currently
CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000

CONFIG_MAIN_STACK_SIZE=8192
CONFIG_HEAP_MEM_POOL_SIZE=8192

# Enable logging
CONFIG_CONSOLE=y
CONFIG_LOG=y

# Enable nordic security backend and PSA APIs
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192

CONFIG_NETWORKING=y
CONFIG_NET_L2_OPENTHREAD=y

CONFIG_CC3XX_BACKEND=y
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

Children
Related