Is there a method to disable both CRYPTO and TRNG from a PSoC 62 example?

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
GrCa_1363456
Level 6
Level 6
50 likes received Beta tester First comment on KBA

What modification are needed to the Code, MakeFile or Libraries such that the compiler doesn't attempt to utilize CRYPTO or TRNG features that don't exist in the CY8C6247FDI-D32?

WiFi_Scan example runs on a CY8C6247BZI-D54 in a CY8CKIT-062-WiFi-BT
The same example does NOT compile for a CY8C6247FDI-D32.
The main difference between these two parts is the CRYPTO and TRNG.

Here's the process..
1. Start with Wi-Fi_Scan example for CY8CKIT-062-WiFi-BT. Build this code to ensure it compiles.
2. Change the Board Support Package (BSP) to utilize CY8C6247FDI-D32. This part does NOT have CRYPTO or TRNG.
3. Build this code to see that it doesn't compile.

Reference: "PSOC6 mbedtls with CY8C6247FDI-D32 that does not have crypto hardware: errors linking trng related functions" @ https://community.infineon.com/t5/PSoC-6/PSOC6-mbedtls-with-CY8C6247FDI-D32-that-does-not-have-crypt... <== This post has two suggestions to resovle the issue:
The first - Using DEFINES+=COMPONENT_43907 is NOT a fix. This define causes other problems. One hypothesis is that CY43907 points to libraries that don't utilize hardware CRYPTO or TRNG. CY43907 utilizes an ARM Cortex R MCU and other features that do NOT exist in a PSoC 62.
The second - Making additional modifications to the BSP appeared to be working - but the team here decided to revert back to using the DEFINES+=COMPONENT_43907, which they now realize wasn't a solid decision.

Reference: "What examples with TCP sockets run on PSoC 6 devices that don't support CRYPTO?" @ https://community.infineon.com/t5/PSoC-6/What-examples-with-TCP-sockets-run-on-PSoC-6-devices-that-d... <== The fix for this issue was provided by an Infineon insider. It appears to work for the lack of CRYPTO. It may not have taken into account the lack of TRNG.

Thanks for your support.
Greg

0 Likes
1 Solution
GrCa_1363456
Level 6
Level 6
50 likes received Beta tester First comment on KBA

Giraffe,

Thanks for the suggestion. That is appreciated.

I received the following additional suggestion that has been verified.

This suggestions does NOT modify the makefile or mbedtls user config file.

========================

If you are using Wi-Fi TCP Client example, if you are using TCP (This is default in the example) as Protocol instead of TLS in cy_socket_create() function, (in create_tcp_client_socket() function (cy_tls.c Line 422), then The program will not use TRNG block. But linking errors might raise for trng_get_bytes and mbedtls_hardware_poll.

For this,

1. Remove the definition of trng_get_bytes() in cy_tls.c (since TCP mode will not use this, it will not be a problem).

2. Remove the "#else" part in mbedtls_hardware_poll() function in cy_tls.c (Since this is also not used in TCP mode, it will not cause any problem).

========================

These instructions worked for TCP_Client.

For MQTT,  similar changes were made to cy_aws_retry_utils.c in the aws-iot-device-sdk-port library. MQTT now works too. 

This fix needed changes to the Infineon/cypress libraries. It would be ideal if the changes were made official in Infineon's GitHub Example code through some # define for non-CRYPTO hardware . For now, this works.

Greg

View solution in original post

0 Likes
2 Replies
Giraffe1492
Level 5
Level 5
25 sign-ins 25 likes received 10 solutions authored

It seems that you want to run the WiFi_Scan example on a CY8C6247FDI-D32, which doesn't have CRYPTO or TRNG features. In order to make the example work, you will need to make some changes to the code, Makefile, or libraries to avoid using the non-existent hardware features.

Here are some steps you can follow:

  1. Update the mbedtls configuration:

You need to update the mbedtls configuration in your project to disable the hardware acceleration for the crypto and TRNG features. Locate the "mbedtls_device.h" file in your project or in the BSP. If it's not there, you can create one.

In the "mbedtls_device.h" file, add the following lines:

 
#define MBEDTLS_AES_ALT #define MBEDTLS_SHA1_ALT #define MBEDTLS_SHA256_ALT #defineMBEDTLS_SHA512_ALT #define MBEDTLS_CCM_ALT #define MBEDTLS_GCM_ALT

 

This will disable the hardware acceleration for the cryptographic operations and use the software implementations provided by mbedtls.

  1. Update the TRNG configuration:

To use the software-based random number generator provided by mbedtls, you need to modify the "cy_entropy.c" file located in the BSP.

Open "cy_entropy.c" and look for the following lines:

 

#include "mbedtls/config.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h"#else #include MBEDTLS_CONFIG_FILE #endif

 

Replace them with:

 

#include "mbedtls_device.h"

This will ensure that the mbedtls configuration is correctly used in the cy_entropy.c file.

  1. Modify the Makefile:

You may need to update the Makefile to include the new mbedtls configuration file if you created it.

Add the following line to the Makefile under the "INCLUDES" section:

 

makefile
INCLUDES += -I<path_to_your_mbedtls_device_h>

Replace "<path_to_your_mbedtls_device_h>" with the path to the "mbedtls_device.h" file you created or modified.

After making these changes, clean and rebuild your project. The example should now compile and work with the CY8C6247FDI-D32 without utilizing the CRYPTO or TRNG hardware features.

Please note that using software-based cryptographic operations may result in lower performance compared to hardware-accelerated implementations. If your application requires high-performance cryptographic operations, you might need to consider using a different PSoC device with CRYPTO and TRNG hardware support.

 

GrCa_1363456
Level 6
Level 6
50 likes received Beta tester First comment on KBA

Giraffe,

Thanks for the suggestion. That is appreciated.

I received the following additional suggestion that has been verified.

This suggestions does NOT modify the makefile or mbedtls user config file.

========================

If you are using Wi-Fi TCP Client example, if you are using TCP (This is default in the example) as Protocol instead of TLS in cy_socket_create() function, (in create_tcp_client_socket() function (cy_tls.c Line 422), then The program will not use TRNG block. But linking errors might raise for trng_get_bytes and mbedtls_hardware_poll.

For this,

1. Remove the definition of trng_get_bytes() in cy_tls.c (since TCP mode will not use this, it will not be a problem).

2. Remove the "#else" part in mbedtls_hardware_poll() function in cy_tls.c (Since this is also not used in TCP mode, it will not cause any problem).

========================

These instructions worked for TCP_Client.

For MQTT,  similar changes were made to cy_aws_retry_utils.c in the aws-iot-device-sdk-port library. MQTT now works too. 

This fix needed changes to the Infineon/cypress libraries. It would be ideal if the changes were made official in Infineon's GitHub Example code through some # define for non-CRYPTO hardware . For now, this works.

Greg

0 Likes