Skip to content

Commit 114bfb5

Browse files
simonduqnordicjm
simonduq
authored and
nordicjm
committed
samples: nrf_cloud_multi_service: Fix MQTT with nRF7002DK
Two fixes: switch back to legacy crypto API for RSA, and switch to TFM_IPC to circumvent a bug that caused TLS handshake failuire. Signed-off-by: Simon Duquennoy <simon.duquennoy@nordicsemi.no>
1 parent 4878316 commit 114bfb5

1 file changed

Lines changed: 10 additions & 6 deletions

File tree

samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_mqtt_no_lte.conf

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -43,11 +43,11 @@ CONFIG_TFM_PARTITION_PROTECTED_STORAGE=y
4343
## Configure TFM Profile. The NOT_SET profile will enable all features.
4444
## We then reduce some settings to save flash and RAM.
4545
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
46-
## Select SFN for faster crypto
47-
CONFIG_TFM_IPC=n
48-
CONFIG_TFM_SFN=y
49-
CONFIG_TFM_CRYPTO_CONC_OPER_NUM=4
50-
CONFIG_TFM_CRYPTO_ASYM_SIGN_MODULE_ENABLED=n
46+
## Use IPC mode (default) — SFN mode has a bug that causes
47+
## psa_generate_key to fail during ECDHE key exchange.
48+
CONFIG_TFM_CRYPTO_ASYM_SIGN_MODULE_ENABLED=y
49+
## Enable MM-IOVEC to save RAM
50+
CONFIG_TFM_PSA_FRAMEWORK_HAS_MM_IOVEC=y
5151

5252
## Configure TFM partitions
5353
CONFIG_PM_PARTITION_SIZE_TFM_INTERNAL_TRUSTED_STORAGE=0x2000
@@ -140,10 +140,14 @@ CONFIG_MBEDTLS_ENABLE_HEAP=y
140140
CONFIG_MBEDTLS_RSA_C=y
141141
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
142142
CONFIG_MBEDTLS_HEAP_SIZE=80000
143+
# Legacy API is required for RSA
144+
CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y
145+
# ECDH/ECDSA are needed for TLS handshake
146+
CONFIG_PSA_WANT_ALG_ECDH=y
147+
CONFIG_PSA_WANT_ALG_ECDSA=y
143148

144149
## Disable unneeded MBEDTLS features to save flash and RAM
145150
CONFIG_MBEDTLS_CHACHA20_C=n
146-
CONFIG_MBEDTLS_CHACHA20_C=n
147151
CONFIG_MBEDTLS_CHACHAPOLY_C=n
148152
CONFIG_MBEDTLS_POLY1305_C=n
149153
CONFIG_MBEDTLS_SHA1_C=n

0 commit comments

Comments
 (0)