1 year, 3 months ago.

NRF52840 mbedtls + Cryptocell310

Hi, I am currently porting my application from an NRF52832 to NRF52840. my Problem is that the programm is crashing (looping) when I try to initialize my ctr_drbg module.

the function 'mbedtls_ctr_drbg_seed' never returns.

I traced the problem down to

'ctx->f_entropy( ctx->p_entropy, seed,ctx->entropy_len )' ++ 'mbedtls_hardware_poll' ++ 'trng_get_bytes' ++

then the code jumps into LLF_RND_StartTrngHw.dbgasm and loops between

'0x00059322: c3 f8 c4 e1 str.w lr, [r3, #452] ; 0x1c4' and '0x00059338: f3 d1 bne.n 0x59322 <LLF_RND_StartTrngHW+106>'

my guess is, that it has something todo with the Cryptocell310 hardware acceleration, because the NRF52832 did not support this feature and the 840 does. However, I am clueless in regards of what is failing.

I tried building a small application to showcase the problem, but somehow a new application wont compile because: 'fatal error: objects_cryptocell.h: No such file or directory'

I dont know why my main programm seems to find this header and my new one doesnt.

EDIT: I was able to make a minimal showcase program. I had to add -DPIO_FRAMEWORK_MBED_RTOS_PRESENT to the platformio.ini, then I could compile.

mbedTLS test

#include <mbed.h>
#include "RTT/SEGGER_RTT.h"
#include "mbedtls/entropy.h"
#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"

mbedtls_entropy_context *entropy = NULL;
mbedtls_ctr_drbg_context *ctr_drbg = NULL;

int main() {
entropy = new mbedtls_entropy_context();
ctr_drbg = new mbedtls_ctr_drbg_context();
const unsigned char personalization[] = "test123";


mbedtls_ctr_drbg_seed(ctr_drbg, mbedtls_entropy_func, entropy, personalization, strlen((char *)personalization));

return 0;

programm is running on an NRF52840-DK

thanks, Jonas

OK. Problem solved: I needed to do 'mbedtls_platform_setup', then it worked. I think this initializes the Cryptocell Coprocessor?

But, I still think this is a bug in MbedTLS, because if you forget to initialize it, you should get some sort of error, and not just a code loop. I also found a relating bug, that is marked fixed, but in my opinion it isnt. https://github.com/ARMmbed/mbed-os/issues/7069

posted by Jonas Woerner 21 Mar 2019

1 Answer

1 year, 3 months ago.

Hi Jonas, Thank you for your question!

As you mentioned, this issue is because the Cryptocell library hasn't been initialized. The loop is within the Cryptocell driver, when it is waiting for the hardware interrupt. As this is part of the hardware accelerator driver, outside of Mbed TLS, this is not a bug in Mbed TLS. As you can see in this article, It is needed to call the `mbedtls_platform_setup()' function in your application, in order to initialize the underlying platform.

Regards, Mbed TLS Team member Ron

Accepted Answer