Latest example failed to run on K64F

[jamesbeyond]

Description

The latest example build successfullyon K64F, but failed to run. Throw errors:

warning (-133) - this attempt at entropy injection failed
        assertion failed at .\main.cpp:375 - actual:-148expected:0

This was found by the new example smoke tests

Issue request type

[ ] Question
[ ] Enhancement
[x] Bug

[k-stachowiak]

@jamesbeyond Thanks for raising this. Can you give more details about the failure conditions? In which branch was this observed? Was it mbed-os-5.12?

[k-stachowiak]

Never mind, I have reproduced it on master

[ciarmcom]

Internal Jira reference: https://jira.arm.com/browse/IOTCRYPT-785

[jamesbeyond]

This issue might be same cause for attestation example ARMmbed/mbed-os-example-attestation#13

[adbridge]

@k-stachowiak any news on this? OOB starts tomorrow and it would be nice to have both this and the attestation bugs fixed beforehand ?

[k-stachowiak]

@adbridge I am working on it right now. We have established that there is an issue regarding gathering entropy from the device, however the root cause has not yet been found. It is difficult to predict, if I can make it today, but there are no clear signs of this being a big issue yet.

[adbridge]

@k-stachowiak is it the same issue on both examples ?

[k-stachowiak]

It most likely is. It's the same function (psa_crypto_init()) failing with the same error code.

[k-stachowiak]

@adbridge The root cause has been found and a PR raised here: https://github.com/ARMmbed/mbed-crypto/pull/138 Unfortunately, we didn't find a way of fixing it cleanly on the examples' side, so the fix must be made to the Mbed Crypto feature.

[0xc0170]

How to get this fix to MBed OS? Does this mean crypto will be updated for 5.13 release candidate?

[k-stachowiak]

It would probably be best for @Patater to comment on that, but it looks to me like that may be necessary the way we're fixing it now.

[adbridge]

@k-stachowiak so that would effectively mean a new TLS/Crypto release to Mbed OS ? How long is that likely to take ?

[Patater]

@adbridge PR to Mbed OS will be up by the end of the day today.

[evedon]

I ran mbed-os-example-mbed-crypto on K64F using GCC_ARM with mbed-os-5.13.0-rc3 and I still get a warning. No assert though.

warning (-133) - this attempt at entropy injection failed
cipher encrypt/decrypt AES CBC no padding:
        success!
cipher encrypt/decrypt AES CBC PKCS7 multipart:
        success!
cipher encrypt/decrypt AES CTR multipart:
        success!

@Patater is that expected? If so, we should probably document it somewhere.

[Patater]

@evedon Yes, the warning is OK. You'll get it if you already have entropy injected, which happens if you run twice with the same SD card installed (and the SD card is used for KvStore). I'll add this to the README

[evedon]

I don't have a SD card though.

[Patater]

K64F can use internal flash for KvStore as well, and if anyone ever has injected entropy at least once, your K64F will always display this until KvStore is erased.