psa_generate_key failed! with Error: -134

RE: psa_generate_key failed! with Error: -134

vipin das — Thu, 04 May 2023 14:36:11 GMT

Thanks Einar for your support.

Right now I am not closing this topic, as I would be waiting for the proper fix for compatibility issue with wpa_supplicant with the PSA crypto libraries.

Hope you will update me with any news on the fix.

Thanks once again.

Regards

Vipin Das

RE: psa_generate_key failed! with Error: -134

Einar Thorsrud — Thu, 04 May 2023 13:52:53 GMT

Hi,

I don't have a good solution at this point as that needs more work, but you should be able to use the Legacy crypto support. One example of that with KMU is the Random hardware unique key sample. This is not what I would recommend long term, but if you need something right now, it is a possibility.

RE: psa_generate_key failed! with Error: -134

vipin das — Tue, 02 May 2023 08:57:02 GMT

Hi Einar,

So it is not at all possible to have wifi connection without wpa_supplicant right.

In that case is there any other crypto api options I can use to generate key pairs other than psa_generate_key() and store the private key securely in KMU. But those api shouldn't fail with wpa_supplicant. If you have any suggestions please share the information.

Regards

Vipin Das

RE: psa_generate_key failed! with Error: -134

Einar Thorsrud — Fri, 28 Apr 2023 12:57:53 GMT

Hi Vipin,

The Wi-Fi stack depends on wpa_supplicant for other tasks as well (see Supplicant), so I think it will be difficult to do much useful - even with open networks - without wpa_supplicant. (You can do some things without it though, like scanning).

RE: psa_generate_key failed! with Error: -134

vipin das — Fri, 28 Apr 2023 10:31:16 GMT

Thanks for the detailed information. I completely got your point and agree with you.

We are focussing on developing secure product. But right now, we wanted to utilise the key derivation and management feature and try to communicate securely with remote server/devices.

As I mentioned, we already have our crypto portion working and wifi portion working. Only the wpa_supplicant one is making the psa key derivation to fail.

Let me ask you one thing, is there any way I can connect to wifi with disabling wpa_supplicant?. I mean wifi connect using part terminal etc. That is also fine for time being to progress my further development.

Thanks

Vipin Das

RE: psa_generate_key failed! with Error: -134

Einar Thorsrud — Fri, 28 Apr 2023 09:30:11 GMT

Hi Vipin,

You don't need TF-M for using CryptoCell if you whole application runs in secure mode. That mean you are not utilizing security by separation, though. So if you are making a product where security is important I would try to avoid skipping that. Regarding SPM that is legacy as you write, and no longer present in nRF Connect SDK 2.3.0. It also supported a very limited feature set.

However, the real issue with combinding wpa_supplicant with the PSA crypto libraries is incompatible APIs, and this remains the same regardless if you use TF-M or not.

As the one of the main problems is combining the use of PSA Crypto and wpa_supplicatant and you will need both (unless you want to put together you own custom thing based partially on legacy APIs), I would try to keep the cryoto work or wifi_work in a separate project for now and combine later. If not, I suspect you will essentially be doing a similar work as we are currently doing in parallel, which doesn't seem efficient.

I will try to update you whenever we have something usable in a PR.

(Here is another thread with a similar issue where we gave essentially the same advice.)

RE: psa_generate_key failed! with Error: -134

vipin das — Thu, 27 Apr 2023 13:01:21 GMT

Hi Einar,

Is there any other option, I can try to proceed with my current development. I have nrf5340dk and nrf7002dk with me. My final goal is to key derivation and management for message signing/verification operation and transmit the signed message to remote network.

Is it possible to proceed without TF-M? Without TF-M is there any other option to derive key and store the generated key in crypto cell?

What about using Legacy Nordic solution SPM? Can I use it in my current integration?

Regards

Vipin Das

RE: psa_generate_key failed! with Error: -134

Einar Thorsrud — Thu, 27 Apr 2023 12:48:14 GMT

Hi Vipin,

You need to use wpa_supplicant to use encrypted Wi-Fi networks, and currently that is not compatible with using TF-M. These are both critical features though and we are actively working on this now, so while I do not have any solution at the moment, this will come soon.

RE: psa_generate_key failed! with Error: -134

vipin das — Thu, 27 Apr 2023 09:15:15 GMT

Hi Kenneth,

Thanks for the reply and providing me with a glimpse of useful information.

first and foremost let me clarify your confusion on the environment, for my current usecase we really need key management and derivation feature. But I am not sure which one we should use for that, Trustzone with the legacy Nordic solution(SPM) or TF-M. But I feel TF-M could be a good option. So. stick with TF-M.

After your reply, I played around with the configurations to break down which config causes the issue. Finally I could figure it out and it is "CONFIG_WPA_SUPP".

My prj.conf after clean-up:

#
#   Application project specific configuration
#
CONFIG_SOC_SERIES_NRF53X=y
CONFIG_SOC_NRF5340_CPUAPP_QKAA=y

# General
CONFIG_POSIX_CLOCK=y
CONFIG_POSIX_MAX_FDS=8
CONFIG_HW_STACK_PROTECTION=y
CONFIG_PM=y

# Target memory specific options
CONFIG_HW_UNIQUE_KEY=y
CONFIG_HW_UNIQUE_KEY_RANDOM=y
CONFIG_PM_SINGLE_IMAGE=y
CONFIG_MPU_ALLOW_FLASH_WRITE=y
CONFIG_RESET_ON_FATAL_ERROR=y
CONFIG_REBOOT=y
CONFIG_FPU=y
CONFIG_FP_HARDABI=y
CONFIG_KERNEL_MEM_POOL=y
CONFIG_INIT_STACKS=y
CONFIG_FLASH=y
CONFIG_FLASH_PAGE_LAYOUT=y
CONFIG_FLASH_MAP=y
CONFIG_NVS=y
CONFIG_SETTINGS=y
CONFIG_SETTINGS_NVS=y

# System settings
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_NANO=n

# Device security specific configs
CONFIG_NRF_SECURITY=y
CONFIG_BUILD_WITH_TFM=y

# For hardware crypto accelerator
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

# Enable nordic security backend and PSA APIs
CONFIG_MBEDTLS_PSA_CRYPTO_C=y

# Memories
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
CONFIG_LOG_BUFFER_SIZE=4096
# Below section is the primary contributor to SRAM and is currently
# tuned for performance, but this will be revisited in the future.
CONFIG_HEAP_MEM_POOL_SIZE=153600
CONFIG_MBEDTLS_HEAP_SIZE=120000

# Logging
CONFIG_LOG=y
CONFIG_CONSOLE=y
CONFIG_LOG_BACKEND_UART=y
CONFIG_NET_TCP_LOG_LEVEL_DBG=n
CONFIG_NET_SOCKETS_LOG_LEVEL_DBG=n
CONFIG_NET_CONN_LOG_LEVEL_DBG=n
CONFIG_NET_CONTEXT_LOG_LEVEL_DBG=n
CONFIG_NET_HTTP_LOG_LEVEL_DBG=n
CONFIG_WIFI_LOG_LEVEL_ERR=n
CONFIG_WPA_SUPP_LOG_LEVEL_ERR=n

# NET sockets
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_SOCKETS_POLL_MAX=8
CONFIG_NET_L2_ETHERNET=y
CONFIG_NET_IPV4=y
CONFIG_NET_TCP=y
CONFIG_NET_SOCKETS_OFFLOAD=n
CONFIG_NET_NATIVE=y
CONFIG_NET_DHCPV4=y
CONFIG_NET_CONTEXT_SNDTIMEO=y
CONFIG_NET_TCP_ISN_RFC6528=n
CONFIG_NET_MGMT_EVENT_INFO=y
CONFIG_NET_IF_UNICAST_IPV4_ADDR_COUNT=1
CONFIG_NET_MAX_CONTEXTS=5
CONFIG_NET_CONTEXT_SYNC_RECV=y

# Network address config
CONFIG_NET_CONFIG_SETTINGS=y
CONFIG_NET_CONFIG_NEED_IPV4=y
CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.168.1.99"
CONFIG_NET_CONFIG_MY_IPV4_NETMASK="255.255.255.0"
CONFIG_NET_CONFIG_MY_IPV4_GW="192.168.1.1"

# Server IPV4/IPV6 address config
#Mainnet.Incubed
CONFIG_NET_CONFIG_PEER_IPV4_ADDR="167.86.94.248"

# HTTP
CONFIG_HTTP_CLIENT=y

# WiFi driver 
CONFIG_WIFI=y
CONFIG_WIFI_NRF700X=y

# Enable Secure socket option
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_MAC_SHA256_ENABLED=y
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=8192
CONFIG_MBEDTLS_TLS_LIBRARY=y

# WPA supplicant
CONFIG_WPA_SUPP=y

My application output with above config. Here psa_generate_key failed but message send success.

*** Booting Zephyr OS build v3.2.99-ncs1-1547-ge2bec540218d ***
[00:00:01.251,159] <inf> cryptocell: Writing random keys to KMU
[00:00:01.313,690] <inf> cryptocell: Success!
[00:00:01.313,964] <dbg> in3_https: in3_register_https_client: in3 register https
[00:00:01.375,976] <inf> cryptocell: psa_generate_key failed! Error: -134
[00:00:01.376,129] <inf> wpa_supp: start_wpa_supplicant: 192 Starting wpa_supplicant thread with debug level: 3

[00:00:01.376,342] <inf> wpa_supp: Successfully initialized wpa_supplicant
[00:00:01.376,434] <inf> wpa_supp: iface_cb: iface wlan0 ifindex 1 f4:ce:36:00:1a:ee
[00:00:01.376,495] <inf> wpa_supp: Using interface wlan0

[00:00:01.376,525] <inf> wpa_supp: Initializing interface 0: wlan0

[00:00:02.379,760] <inf> wpa_supp: l2_packet_init: iface wlan0 ifindex 1
[00:00:03.311,889] <inf> wifi_handler: Connection requested
[00:00:03.611,999] <inf> wifi_handler: State: SCANNING
[00:00:03.912,139] <inf> wifi_handler: State: SCANNING
[00:00:04.212,280] <inf> wifi_handler: State: SCANNING
[00:00:04.512,390] <inf> wifi_handler: State: SCANNING
[00:00:04.812,500] <inf> wifi_handler: State: SCANNING
[00:00:05.112,640] <inf> wifi_handler: State: SCANNING
[00:00:05.412,750] <inf> wifi_handler: State: SCANNING
[00:00:05.712,890] <inf> wifi_handler: State: SCANNING
[00:00:06.013,000] <inf> wifi_handler: State: SCANNING
[00:00:06.313,140] <inf> wifi_handler: State: SCANNING
[00:00:06.613,250] <inf> wifi_handler: State: SCANNING
[00:00:06.913,360] <inf> wifi_handler: State: SCANNING
[00:00:07.213,470] <inf> wifi_handler: State: SCANNING
[00:00:07.513,610] <inf> wifi_handler: State: SCANNING
[00:00:07.813,751] <inf> wifi_handler: State: SCANNING
[00:00:08.113,891] <inf> wifi_handler: State: SCANNING
[00:00:08.414,001] <inf> wifi_handler: State: SCANNING
[00:00:08.651,611] <inf> wpa_supp: wlan0: SME: Trying to authenticate with ec:a8:1f:c9:bc:98 (SSID='Das' freq=2437 MHz)
[00:00:08.670,074] <inf> wifi_nrf: wifi_nrf_wpa_supp_authenticate:Authentication request sent successfully

[00:00:08.714,172] <inf> wifi_handler: State: AUTHENTICATING
[00:00:08.925,445] <inf> wpa_supp: wlan0: Trying to associate with ec:a8:1f:c9:bc:98 (SSID='Das' freq=2437 MHz)
[00:00:08.934,295] <inf> wifi_nrf: wifi_nrf_wpa_supp_associate: Association request sent successfully

[00:00:08.963,409] <inf> wpa_supp: wpa_drv_zep_get_ssid: SSID size: 3

[00:00:08.963,562] <inf> wpa_supp: wlan0: Associated with ec:a8:1f:c9:bc:98
[00:00:08.963,714] <inf> wpa_supp: wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
[00:00:08.970,062] <inf> wpa_supp: wpa_drv_zep_get_ssid: SSID size: 3

[00:00:08.992,126] <inf> wpa_supp: wlan0: WPA: Key negotiation completed with ec:a8:1f:c9:bc:98 [PTK=CCMP GTK=CCMP]
[00:00:08.992,370] <inf> wpa_supp: wlan0: CTRL-EVENT-CONNECTED - Connection to ec:a8:1f:c9:bc:98 completed [id=0 id_str=]
[00:00:08.992,431] <inf> wifi_handler: Connected
[00:00:09.020,263] <inf> wifi_handler: State: COMPLETED
9120 DEBUG request.c:210:req_new(): ::: exec eth_getBalance ["0x03cb0021808442ad5efb61197966aef72a1def96","latest"] 
9121 TRACE execute.c:763:in3_handle_rpc(): ... request to https://mainnet.incubed.net
... [{"id":"2","jsonrpc":"2.0","method":"eth_getBalance","params":["0x03cb0021808442ad5efb61197966aef72a1def96","latest"]}]
[00:00:10.281,555] <dbg> in3_https: server_response_cb: All the data received (618 bytes)
[00:00:10.281,585] <dbg> in3_https: server_response_cb: http status:OK http status code:200
[00:00:10.286,499] <dbg> in3_https: run_https_post: https POST success
10286 TRACE execute.c:777:in3_handle_rpc(): ... response(https://mainnet.incubed.net): 
... [{"jsonrpc":"2.0","id":"2","result":"0x2fe1d73e5a1d8c2d33","in3":{"lastValidatorChange":0,"lastNodeList":16168758,"execTime":153,"rpcTime":153,"rpcCount":1,"currentBlock":17136458,"version":"2.1.0"}}]
10287 DEBUG execute.c:494:find_valid_result(): accepted response for eth_getBalance from https://mainnet.incubed.net
[00:00:10.287,872] <dbg> main: main: Result: "0x2fe1d73e5a1d8c2d33"

Application output after I make CONFIG_WPA_SUPP=n, here psa_generate_key is success but wifi connectivity failed.

*** Booting Zephyr OS build v3.2.99-ncs1-1547-ge2bec540218d ***
[00:00:01.248,535] <inf> cryptocell: Writing random keys to KMU
[00:00:01.311,065] <inf> cryptocell: Success!
[00:00:01.311,340] <dbg> in3_https: in3_register_https_client: in3 register https
[00:00:01.389,038] <inf> cryptocell: Identity key stored from local memory to kmu slot 6
[00:00:01.389,221] <inf> cryptocell: Private Key loaded to local memory from kmu slot 6 
[00:00:01.389,221] <inf> cryptocell: Importing the identity key into PSA crypto.
[00:00:01.404,113] <inf> cryptocell: Exporting the public key corresponding to the identity key.
[00:00:01.419,006] <inf> cryptocell: Exported Public Key
                                     04 64 6c 38 a0 5c 5f f5  76 eb ab d0 2f d7 e7 c9 |.dl8.\_. v.../...
                                     7c 0a 41 a6 c6 46 bd f0  22 99 86 49 62 66 59 9b ||.A..F.. "..IbfY.
                                     2e 97 6b 2a 19 c9 b3 5c  ab 64 91 31 d1 ee 32 0b |..k*...\ .d.1..2.
                                     84 5f 36 ad 1a 41 ea e5  62 49 cc 89 e9 30 4f ba |._6..A.. bI...0O.
                                     23                                               |#                
[00:00:02.419,097] <err> wifi_handler: Connection request failed
[00:00:02.719,207] <inf> wifi_handler: Status request failed
[00:00:03.019,317] <inf> wifi_handler: Status request failed
[00:00:03.319,396] <inf> wifi_handler: Status request failed
[00:00:03.619,506] <inf> wifi_handler: Status request failed
[00:00:03.919,616] <inf> wifi_handler: Status request failed
[00:00:04.219,726] <inf> wifi_handler: Status request failed

Could you please take a look or ask any of your colleague about this problem. Is there any way I can connect to wifi network without wpa supplicant?

My Environment:

ZEPHYR_SDK_VERSION : 0.15.2

NCS: v2.2.99-dev3

Regards

Vipin Das

RE: psa_generate_key failed! with Error: -134

Kenneth — Wed, 26 Apr 2023 14:26:17 GMT

I got help from a collegue:

The configuration that it is proposed there uses the MBEDTLS_BUILTIN which is using the MbedTLS library from Zephyr. We would propose to disable both the CONFIG_MBEDLTS and the CONFIG_MBEDTLS_BUILTIN. TLS configurations can be changed through the Kconfig in nrf_security: https://github.com/nrfconnect/sdk-nrfxlib/blob/main/nrf_security/Kconfig

Also from the case there we are not sure what environment you are trying to run. We see that you have these three options:

CONFIG_TRUSTED_EXECUTION_SECURE=y
CONFIG_BUILD_WITH_TFM=n
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y

Which are confusing. It will be nice if you can clarify if you are trying to use Trustzone with the legacy Nordic solution called SPM and not the current solution which is TF-M.

Hope it helps,
Kenneth

RE: psa_generate_key failed! with Error: -134

vipin das — Tue, 25 Apr 2023 10:21:28 GMT

Hi Kenneth,

I looked into the threads mentioned but I don't think that the suggestions mentioned there helps to solve my issues as I don't have open thread feature in my application. I am working on integrating nrf security sub system module(crypto cell ) application and transport application(wifi, tcp/tls) to develop a new usecase application which securely communicate with remote network.

NCS Version: nrf-connect-sdk-v2.2.99-dev3

Zephyr SDK Version: 0.15.2

Please let me know if you get any clue on this issue. My prj.conf is added here.

#
#   Application project specific configuration
#
CONFIG_SOC_SERIES_NRF53X=y
CONFIG_SOC_NRF5340_CPUAPP_QKAA=y

# Target memory specific options
CONFIG_HW_UNIQUE_KEY=y
CONFIG_HW_UNIQUE_KEY_RANDOM=y
CONFIG_PM_SINGLE_IMAGE=y
CONFIG_MPU_ALLOW_FLASH_WRITE=y
CONFIG_RESET_ON_FATAL_ERROR=y
CONFIG_REBOOT=y
CONFIG_FPU=y
CONFIG_FP_HARDABI=y
CONFIG_KERNEL_MEM_POOL=y
CONFIG_INIT_STACKS=y

# System settings
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_NANO=n

# Device security specific configs
CONFIG_NRF_SECURITY=y
CONFIG_NRF_SECURITY_ADVANCED=y
CONFIG_TRUSTED_EXECUTION_SECURE=y
CONFIG_BUILD_WITH_TFM=n
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y

# For hardware crypto accelerator
CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

# Enable nordic security backend and PSA APIs
CONFIG_MBEDTLS_PSA_CRYPTO_C=y


# General
CONFIG_POSIX_CLOCK=y
CONFIG_POSIX_MAX_FDS=8
CONFIG_HW_STACK_PROTECTION=y
CONFIG_HW_ID_LIBRARY_SOURCE_NET_MAC=y
CONFIG_DK_LIBRARY=y
CONFIG_PM=y
CONFIG_FPU=y

# System settings
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_NANO=n

# Kernel options
CONFIG_ENTROPY_GENERATOR=y

# Memories
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
CONFIG_NET_TX_STACK_SIZE=4096
CONFIG_NET_RX_STACK_SIZE=4096
CONFIG_NET_TCP_WORKQ_STACK_SIZE=4096
CONFIG_NET_MGMT_EVENT_STACK_SIZE=4096
CONFIG_LOG_BUFFER_SIZE=4096
# Below section is the primary contributor to SRAM and is currently
# tuned for performance, but this will be revisited in the future.
CONFIG_HEAP_MEM_POOL_SIZE=153600
CONFIG_NET_BUF_RX_COUNT=16
CONFIG_NET_BUF_TX_COUNT=16
CONFIG_NET_BUF_DATA_SIZE=128
CONFIG_NET_TC_TX_COUNT=0
CONFIG_NET_PKT_RX_COUNT=8
CONFIG_NET_PKT_TX_COUNT=8

#Socket settings
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y

# Native network stack
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_BUILTIN=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=120000
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=y
CONFIG_MBEDTLS_MAC_SHA256_ENABLED=y

# PSA
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y

# NET sockets
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_SOCKETS_POLL_MAX=8
CONFIG_NET_L2_ETHERNET=y
CONFIG_NET_IPV4=y
CONFIG_NET_TCP=y
CONFIG_NET_SOCKETS_OFFLOAD=n
CONFIG_NET_NATIVE=y
CONFIG_NET_DHCPV4=y
CONFIG_NET_CONTEXT_SNDTIMEO=y

CONFIG_NET_TCP_ISN_RFC6528=y
CONFIG_NET_MGMT_EVENT_INFO=y
CONFIG_NET_IF_UNICAST_IPV4_ADDR_COUNT=1
CONFIG_NET_MAX_CONTEXTS=5
CONFIG_NET_CONTEXT_SYNC_RECV=y
CONFIG_INIT_STACKS=y

# DNS
CONFIG_DNS_RESOLVER=y

# Debugging
CONFIG_STACK_SENTINEL=y
CONFIG_DEBUG_COREDUMP=y
CONFIG_DEBUG_COREDUMP_BACKEND_LOGGING=y
CONFIG_DEBUG_COREDUMP_MEMORY_DUMP_MIN=y
CONFIG_SHELL_CMDS_RESIZE=n

# Logging
CONFIG_LOG=y
CONFIG_NET_LOG=y
CONFIG_NET_TCP_LOG_LEVEL_DBG=n
CONFIG_NET_SOCKETS_LOG_LEVEL_DBG=n
CONFIG_NET_CONN_LOG_LEVEL_DBG=n
CONFIG_NET_CONTEXT_LOG_LEVEL_DBG=n
CONFIG_NET_HTTP_LOG_LEVEL_DBG=n
CONFIG_WIFI_LOG_LEVEL_ERR=n
CONFIG_WPA_SUPP_LOG_LEVEL_ERR=n

# Network address config
CONFIG_NET_CONFIG_SETTINGS=y
CONFIG_NET_CONFIG_NEED_IPV4=y
CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.168.1.99"
CONFIG_NET_CONFIG_MY_IPV4_NETMASK="255.255.255.0"
CONFIG_NET_CONFIG_MY_IPV4_GW="192.168.1.1"

# Server IPV4/IPV6 address config
#Mainnet.Incubed
CONFIG_NET_CONFIG_PEER_IPV4_ADDR="167.86.94.248"

# HTTP
CONFIG_HTTP_CLIENT=y

# WiFi driver 
CONFIG_WIFI=y
CONFIG_WIFI_NRF700X=y
CONFIG_FLASH=y
CONFIG_FLASH_PAGE_LAYOUT=y
CONFIG_FLASH_MAP=y
CONFIG_NVS=y
CONFIG_SETTINGS=y
CONFIG_SETTINGS_NVS=y

# WPA supplicant
CONFIG_WPA_SUPP=y

Regards

Vipin Das

RE: psa_generate_key failed! with Error: -134

Kenneth — Mon, 24 Apr 2023 09:20:13 GMT

Hello,

-134 means PSA_ERROR_NOT_SUPPORTED.

Unfortunately, your issue is likely related to known issue:
Zephyr bus fault when using PSA crypto with CC310 and Openthread L2 layer
PSA crypto features not enabled when CONFIG_MBEDTLS_LEGACY_CRYPTO_C is enabled

You may try the patch mentioned in the thread, but I can check internally if there is any news on this.

Best regards,
Kenneth