TinyCrypt deprecation - library's usage removal part 2 (bluetooth) #79931
Conversation
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
5 times, most recently
from
9f3f671
to
98b97ea
Compare
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
5 times, most recently
from
946f924
to
c9cf39d
Compare
|
Any chance this will be ready for Zephyr 4.0? |
As far as I know codefreeze is today for 4.0 and I still need to resolve some failures in this PR + it also depends on 2 other PRs which should be merged before this one. I'm sorry but I think the answer is "no" |
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
6 times, most recently
from
cf8d840
to
91c5e79
Compare
|
@valeriosetti , do we need both Part 1 and Part 2 to be merged into 4.0. |
The challenge as I see it is this part from https://docs.zephyrproject.org/latest/develop/api/api_lifecycle.html#deprecated
Which means that we can't make a release and still have code in the upstream tree using a deprecated API. |
While part 1 is ready to be merged, part 2 absolutely not:
That's what I thought at the beginning of this activity as well, but then I've been asked to keep the following support for TinyCrypt in the codebase for at least the next 2 releases:
I'm not an expert of BT, but based on the number of changes I've done so far in this PR to make the CI happy, it seems that BT is way more affected by TinyCrypt removal than other subsystems. So I agree with @alxelax that giving the user some time to deal with TinyCrypt deprecation wouldn't be that bad. But this is my feeling, of course, so I'll be glad to hear what's reviewers opinion about this :) |
This commit fixes tests/bsim/bluetooth/ll/multiple_id/tests_scripts/multiple.sh. The reason is that this test seems to depend on random number sequence in order to have the proper scheduling. It also fixes some AC tests by commenting out failing test cases. The reason of the failure is still unknown and needs to be investigated in future work. Signed-off-by: Valerio Setti <[email protected]>
Increase test and main stack sizes for the qemu_cortex_m3 platform in order to be able to successfully run the test. Signed-off-by: Valerio Setti <[email protected]>
Moving from TinyCrypt to PSA Crypto API caused failures in the cpu_net build due to RAM being overflowed. It turned out that 8192 bytes were allocated for system heap memory, but Mbed TLS is the only user of that memory (I found this though puncover) for AES purposes. We reduce that to 1024 bytes because this should be enough for this purpose. Note: albeit this is also a standalone example, it's used extensively in other samples/tests and babblesim, so a failure in building it propagates in a lot of other failures. Signed-off-by: Valerio Setti <[email protected]>
valeriosetti
force-pushed
the
deprecate-tinycrypt-part2
branch
from
cca928e
to
acbe7b8
Compare
The BabbleSim test failure was not related to crypto and for that I got a fix from @cvinayak that I applied here. |
|
Hey this seems to be causing a pretty substantial increase in flash size usage on some bt applications, checking the hid example (west build -p -b nrf52dk/nrf52832 samples/bluetooth/peripheral_hids) at 4b6683c and at 184c0f9 That's pretty substantial, I have few projects myself that are now out of flash, is there some magic option to take the usage back down? Mainly thinking something for the migration guide, 20k of flash is a lot |
| data instead of waiting for BT connection to be ready. This is helpful on | ||
| platforms where the BT controller owns the HW random generator and the application | ||
| processor needs to get random data before BT is fully enabled. | ||
| (:github:`79931`) |
There was a problem hiding this comment.
don't think this belongs to here, the migration guide should be for things one would have to do to migrate, there's no instructions here, maybe it was meant to go in release notes?
There was a problem hiding this comment.
I wrote it here because this was a change compared to the previous behavior. I mean, if the final user is already successfully using this driver then he won't notice any difference, but now they can use it also in other scenarios. I thought that release-notes was mostly for new features.
Perhaps I misinterpreted the difference between migration-guide and release-notes. Do you suggest to move it anyway?
There was a problem hiding this comment.
Yeah there's probably some space for interpretation but I think the migration guide should be for stuff where the user has to take an action, like change something on the application side. @kartben? Anyway I don't think it's super important. One thing you may mention though is that some bluetooth functionalities now depends on the mbedtls module rather than tinycrypt, this is useful if anyone is running a project with a name-allowlist filter project list.
There was a problem hiding this comment.
Yeah, perhaps you're right. I mentioned something below for bt-mesh, but BT in general is affected by this, not only mesh. I will prepare a follow-up PR to add documentation
|
@fabiobaltieri yes, I've also been reported by @Emil-Gydesen-Bose on Discord that with the current configuration crypto operations take noticeably longer than with TinyCrypt on nrf53 (build without TF-M) and nrf52. Of course this was not catched by CI because tests themselves are fine, they just take longer. Can you please try it also on your side? It would be nice to have another +1 from someone who's testing this in a real scenario |
|
@valeriosetti you're commenting on speed/performance but @fabiobaltieri was asking about flash size increase? |
Actually in the comment there is also
at the end of the paragraph :) |
|
@nashif this shouldn't have been merged IMO. For some reason the zephyrbot removed the DNM label #79931 (comment) and I didn't feel the need to block this PR because it had that label. Anyways, there are 4 outstanding issues here:
Points 1. and 2. will prevent us from running Bluetooth on several boards and prevent us from passing a lot of Bluetooth PTS tests. Point 3 may also timeout a lot of those tests. Point 4. might stop several boards from being able to run Bluetooth. I would suggest to either revert this PR and fix these things, or fix this fix with urgent care. |
|
@Thalley considering how long this PR had been open, and those issues hadn't been fixed, I have doubts that any of those would have been fixed in a timely manner. Now the merging of this PR at least works as a forcing function to get those issues fixed with urgency. It was still the right move not to merge this PR right before the 4.0 release, since then we'd have had a release with such breakage. Now that breakage is at least on the main branch, which is expected to be unstable at times during the merge window being open. |
FWIW I'm working on a follow up PR that fixes (1), (3) and likely also noticeably reduce (4). I will post it later today. For (2) I can revert that specific commit and see what the CI thinks about it. But I would keep this one as separate PR compared the the one I mentioned above. |
You are right :) I should also have marked those issues as a change request to this PR. I'm still curious as to why the zephyrbot removed the DNM label autonomously, although I assume it's because it added the label itself and then whatever caused the label to be added was fixed and then the label was removed. |
|
@valeriosetti yeah
So the modules goes from roughly x5 to x3 the size, which is still a lot but way better. Flashed the firmware on my device, seems to connect and work fine but you folks probably want to do some better testing. @Thalley the bot kicks in on west.yml changes and adds/removes the dnm tags depending on few conditions (if the hash is valid mainly but there's some more now), so if a PR has a manifest change you can't control that manually really. Maybe we should have a DNM tag for the bot and one for manual use. If you want to dig into it you can open the (I presume the "unable" error is there because it was already removed, guess that's a bug but yeah it tries every time) |
Yeah, this increase is a known effect of the switch to PSA Crypto provided through Mbed TLS. As discussed in the PR that introduced the P256-M driver, PSA Crypto adds key management code (and some wrappers) that TinyCrypt does not have and which cause the increase of ROM code. If it were only for EC support, then there would be
However BT also uses PSA Crypto for AES-CMAC and for that one there's no "direct access" to the low level implementation, so there's no way to exclude the "core" part of PSA Crypto from the code. [1]: it's worth mentioning IMO that on platforms with TF-M, the switch to PSA Crypto API from TinyCrypt reduced ROM footprint because in that case we don't have a duplicated crypto library also in the non-secure side. |
|
@valeriosetti thanks for the detailed answer that's quite something to digest, I won't pretend I understood half of that :-) but happy enough that you folks looked into it and decided it's working as intended. |
|
Sorry for late comment, but we discovered that this PR breaks compilation in most of the BlueNRG based platforms. In particular, is it a correct assumption that now entropy driver is mandatory for platforms supporting BLE? |
This is the second step toward the removal of TinyCrypt library usage from the Zephyr's codebase. This is the continuation of #79566 and #79653.
In particular this PR takes care of removing TinyCrypt usage from the bluetooth subsystem.
To be done
Decide if we want to keep TinyCrypt in BT-mesh (as deprecated) or we want to completely remove it from the codebase.