-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MBEDTLS_ECP_C not build when MBEDTLS_USE_PSA_CRYPTO #43249
Comments
The next release of TF-M enables MbedTLS 3.1.0, which provides better PSA API integration. There are still a number of issues with the 3.0.0 release used in the current TF-M version we reference in Zephyr. |
Thank you @microbuilder , I wondering if is there any release schedule in mind? |
TF-M has three releases a year, and we can only update after a TF-M release, so there should be an upmerge available in the next two months. |
They switched to 2 releases a year, next release is in May.
|
@joerchan do you know if mbedTLS 3.1.0 will fix this issue? |
@joerchan We could do an upmerge to TF-M, which would bring us up to MbedTLS 3.1 on the secure side, but I'm not sure where we are with all the cherry-picking post 1.5.0? |
They should all just be reverted, so this isn't an issue (except fro the lpcxpresso SDK).
This does not seem to be a MbedTLS issue at all. From what I can tell this is about not using the TF-M PSA headers when TF-M is enabled. |
@joerchan At some point in the near future, we really need to prioritize using TF-M as the PSA backend. I've heard from Arm that MbedTLS 3.1 should now make it possible to do TLS with the TF-M backend via the PSA APIs, but the MbedTLS management is more in @d3zd3z and @ceolin 's purview. Have you tried connecting the two in the Nordic SDK yet? I don't expect this will easily 'just work'. |
Yes, we are looking into that specific problem. From what I know MBedTLS 3.1 still needs additional changes in order to have all crypto functionality under PSA API and in the Crypto partition in TF-M. We have something that works with parts of the crypto still in the non-secure domain. PS: Somewhat confusing that the project and repository is called MbedTLS when the library for the tls stack is called mbedtls, so note the capitalization in the following explanation. The MBedTLS project exposes the three libraries:
When building with TF-M the mbedtls and mbedx509 libraries will be part of the non-secure image, while mbedcrypto will be included in the secure image TF-M, and is exported through the TF-M crypto partition. The explanation for the linker error comes from not using the correct set of PSA crypto headers. The incorrect header file included from mbedtls library
This includes a call to The correct header to include
A possibly workaround would be to make sure that the TF-M include path is first among the includes.
Not sure where exactly place this workaround, need more information on how to reproduce the error. |
As I understand, the official name of the project is "mbed TLS" (note in particular the lowercase 'm' and the space). Sometimes, when writing, they will capitalize the 'm' if it occurs in a place where a word would be capitalized in English (such as the beginning of a sentence). The docs somewhat randomly capitalize the 'm' in other contexts (the probably is a result of an uncapitalized name being unusual in English). (mbed has the same issues) The run together version 'mbedtls' is commonly used for symbols (within the library), and seems to be how the name is commonly rendered into variable names. |
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
Hi folks, Is there any update about this issue since 3.1.0 was released? |
@nandojve As far as I can see the problem is still there. Your reproduce point is a bit vague, would you be able to clarify, perhaps by providing a change to a zephyr sample that would lead to the error? |
I have been unable to build with |
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
I updated internal code to latest Zephyr version last week. I hope I can re-test soon and give a proper feedback. |
cc @mimok ... see the above comment as well. |
@microbuilder Thank you for the feedback! This is a major improvement in my opinion as i'm planning to use this feature in a commercial demo. |
It needs more testing, and I'm sure there are problems to sort out, but please raise issues (even better, PRs) in the upstream TF-M or here in Zephyr if you find any issues. Agree it's a long overdue step forward, though. |
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no> (cherry picked from commit 3398c98) Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Use TF-M PSA API headers when compiling with TF-M enabled. Fixes: zephyrproject-rtos#43249 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no> (cherry picked from commit 3398c98) Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no> (cherry picked from commit a8400a9)
Describe the bug
Currently version of TFM/PSA not build when enable
MBEDTLS_ECP_C
andMBEDTLS_USE_PSA_CRYPTO
. I've been testing usingmain
repository andmps2_an521_ns
qemu.To Reproduce
This is a proprietary implementation which get problem when combine MBEDTLS configurations at user-tls.conf.
Steps to reproduce the behavior:
With below configuration Zephyr App build and works properly, the algorithm works as expected and no issues are detected.
When PSA_CRYPTO is enabled, as below, there are buildings errors.
Expected behavior
The
MBEDTLS_ENTROPY_C
should work withPSA_CRYPTO
.Impact
Impossible to use feature.
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: