Bluetooth: Mesh: no more tinycrypt in ble mesh tfm images #64696
Conversation
alxelax
requested review from
jhedberg,
Vudentz,
wopu-ot,
PavelVPV,
LingaoM,
alwa-nordic and
sjanc
as code owners
zephyrbot
added
area: Bluetooth Mesh
area: Bluetooth
area: Bluetooth Host
area: Samples
zephyrbot
requested review from
akredalen,
Andrewpini,
asbjornsabo,
hermabe,
jori-nordic,
kartben,
nashif and
Thalley
alxelax
force-pushed
the
no_more_tinycrypt_in_tfm_image
branch
from
1770e69
to
3fccdca
Compare
alxelax
force-pushed
the
no_more_tinycrypt_in_tfm_image
branch
from
1020f28
to
27c1fc0
Compare
| # The option adds TinyCrypt based bt_rand. | ||
| CONFIG_BT_HOST_CRYPTO=n | ||
| # The option adds GATT caching feature that is based on TinyCrypt. | ||
| CONFIG_BT_GATT_CACHING=n |
There was a problem hiding this comment.
Should we create an issue to host to support GATT Caching without using Tinycrypt? Not sure how much customers need this feature, but if so, they will get Tinycrypt back in their firmwares if they enable this option.
There was a problem hiding this comment.
I guess this is not sufficient. Host also supports ecc, aes ccm and randomization with tinycrypt. Host requires significant refactoring to get rid of tinycrypt. This is quite huge work that we've already done for mesh.
subsys/bluetooth/host/Kconfig
Outdated
| help | ||
| The option adds the AES encryption support using TinyCrypt | ||
| library if this is not provided by the controller implementation. | ||
| The option is not required if BLE Mesh is enabled and |
There was a problem hiding this comment.
Not sure if mesh should be mentioned here. What about bt_encrypt_le and bt_encrypt_be functions? They aren't replaced when mesh is enabled with PSA support. This options still needs to be enabled if a customer wants to enable SMP (Security Manager Protocol, not SMP from MCUmgr).
There was a problem hiding this comment.
Mesh doesn't use them. Yes, if customer adds anything that uses them, tinycrypt will appear again. I guess there is no common strategy to get rid tinycrypt in Zephyr in general.
samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
Outdated
Show resolved
Hide resolved
alxelax
force-pushed
the
no_more_tinycrypt_in_tfm_image
branch
from
27c1fc0
to
18565c2
Compare
PR allows to get rid of tinycrypt objects from the final binary of the ble mesh apps based on PSA TFM crypto. Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
The current main stack size is not enough for any platform. This commit stack size was checked for nrf52840 and nrf5340. Everything works. Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
alxelax
force-pushed
the
no_more_tinycrypt_in_tfm_image
branch
from
18565c2
to
be6e063
Compare
PR allows to get rid of tinycrypt objects from the final binary of the ble mesh apps based on PSA TFM crypto. Upstream PR: zephyrproject-rtos/zephyr#64696 Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no> (cherry picked from commit c5ee143)
PR allows to get rid of tinycrypt objects from the final binary of the ble mesh apps based on PSA TFM crypto. Upstream PR: zephyrproject-rtos/zephyr#64696 Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no> (cherry picked from commit c5ee143)
PR allows to get rid of tinycrypt objects from
the final binary of the ble mesh apps based on
PSA TFM crypto.
Final size of mesh app for nrf5340dk_nrf5340_cpuapp_ns (that is build with TFM PSA crypto)
without these changes tinycrypt sneaks into it
some bsim tests fixes due to collisions after timing changes.