Open geonnave opened 7 months ago
Oh, I was too happy when the local tests passed, but the actual compilation for the embedded target failed. Seems to be an issue with building mbedtls.
Good news -- I was able to compile and run on the nRF52840.
Bad news -- mbedtls
still requires a patch to build correctly in the way we want to use it:
diff --git a/scripts/config.py b/scripts/config.py
index 6d5edc7c0..36312df04 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -241,6 +241,7 @@ def full_adapter(name, active, section):
# need to be repeated here.
EXCLUDE_FROM_BAREMETAL = frozenset([
#pylint: disable=line-too-long
+ 'MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS',
'MBEDTLS_ENTROPY_NV_SEED', # requires a filesystem and FS_IO or alternate NV seed hooks
'MBEDTLS_FS_IO', # requires a filesystem
'MBEDTLS_HAVE_TIME', # requires a clock
@@ -270,6 +271,20 @@ def baremetal_adapter(name, active, section):
if name == 'MBEDTLS_NO_PLATFORM_ENTROPY':
# No OS-provided entropy source
return True
+ if name == 'MBEDTLS_ENTROPY_HARDWARE_ALT':
+ # Custom entropy source provided
+ return True
+ if name == 'MBEDTLS_ENTROPY_FORCE_SHA256':
+ # Force SHA-256 accumulator
+ return True
+ if name == 'MBEDTLS_MEMORY_BUFFER_ALLOC_C':
+ return True
+ if name == 'MBEDTLS_PLATFORM_C':
+ return True
+ if name == 'MBEDTLS_PLATFORM_MEMORY':
+ return True
+ if name == 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS':
+ return True
return include_in_full(name) and keep_in_baremetal(name)
def include_in_crypto(name):
The approach is twofold:
no-std
andbaremetal
features (no patches at thembedtls
level). I hope to be able to merge that upstream, so that we can use the vanilla psa wrapper.Reasoning behind this PR:
extract
andexpand
, and manually decompressing public keys using a third party library.rustcrypto
seems to depend on RIOT for the RNG).Edit: possible upstream
no-std
feature forcrypto-psa
tracked here.