Closed mniestroj closed 2 years ago
Visit the preview URL for this PR (updated for commit 443f305):
https://golioth-zephyr-sdk-doxygen-dev--pr295-bump-ncs-q8ikvjt2.web.app
(expires Thu, 06 Oct 2022 15:25:59 GMT)
🔥 via Firebase Hosting GitHub Action 🌎
10kB (in prj.conf) to 48kB
That's a big jump, but I suppose there's not much we can do it about it right now.
Not even able to easily measure peak consumption, as mbedtls
shell command that I developed (and upstreamed to Zephyr) for that purpose works only with MBEDTLS_BUILTIN (Zephyr fork). Hence I only tried 32 (with failure) and then 48 (with success). So here it is. At least there is stil plenty of RAM (total of 200kB) to be utilized, so we are still far from the limit.
NRF_SECURITY module in NCS is enabled by default and we probably want to keep it enabled, so that existing NCS users are not restricted by Golioth SDK (e.g. by forcing NRF_SECURITY to be disabled). This module seems to dropped old/legacy SPM module and now uses something new, which pulls in NCS fork of mbedTLS as a dependency. This is expressed by 'select DISABLE_MBEDTLS_BUILTIN if MBEDTLS' in both NRF_SECURITY and NRF_SECURITY_BACKEND Kconfig options.
Using NCS fork of mbedTLS means selecting CONFIG_MBEDTLS_TLS_LIBRARY (CONFIG_MBEDTLS_TLS_LIBRARY is NCS fork, CONFIG_MBEDTLS_BUILTIN is Zephyr fork of mbedTLS).
NCS fork (as compared to Zephyr fork) of mbedTLS has set of Kconfig options that are named differently (like CONFIG_MBEDTLS_SSL_PROTO_DTLS in NCS vs CONFIG_MBEDTLS_DTLS in Zephyr), while other options are named the same. As a result we are selecting CONFIG_MBEDTLS_SSL_PROTO_DTLS and CONFIG_MBEDTLS_GCM_C to match what net/golioth/Kconfig file is selecting automatically for the user.
Disable unused CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED and CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED. Those are enabled by default in NCS, by questionable 'default y if !NET_L2_OPENTHREAD'. Leaving them in default state (y) breaks the build because of unmet dependencies (other mbedTLS configuration options).
Increase mbedTLS heap size from 10kB (in prj.conf) to 48kB in order to make it run. 32kB was still not enough in case of samples/hello/, so 48kB was chosen to give enough room for future.
Tested with
lightdb
,lightdb_stream
,logging
anddfu
samples.