Configuration Options

Kconfig files describe build-time configuration options (called symbols in Kconfig-speak), how they’re grouped into menus and sub-menus, and dependencies between them that determine what configurations are valid.

Kconfig files appear throughout the directory tree. For example, subsys/power/Kconfig defines power-related options.

This documentation is generated automatically from the Kconfig files by the genrest.py script. Click on symbols for more information.

All configuration options

Symbol name

Help/prompt

CONFIG_APP_LINK_WITH_MBEDTLS_INCLUDES

Add mbedcrypto header files to the ‘app’ include path.

CONFIG_BLE_CONTROLLER_S112

s112

CONFIG_BLE_CONTROLLER_S132

s132

CONFIG_BLE_CONTROLLER_S140

s140

CONFIG_BSD_LIB

Redefinition of BSD_LIBRARY inside nrfxlib.

CONFIG_BT_LL_NRFXLIB

Use Nordic BLE Link Layer implementation.

CONFIG_BT_LL_NRFXLIB_DEFAULT

Helper variable used to change the default link layer if BT_CTLR is supported for the platform.

CONFIG_BT_LL_NRFXLIB_VS_INCLUDE

Include nRF BLE Controller vendor specific HCI interface.

CONFIG_CC310_BACKEND

Enable cc310 backend

CONFIG_CC310_MBEDTLS_AES_C

cc310 (AES-128)

CONFIG_CC310_MBEDTLS_CCM_C

Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. This also includes CCM* MBEDTLS_CCM_C setting in mbed TLS config file.

CONFIG_CC310_MBEDTLS_CHACHA20_C

HW accelerated chacha20 support

CONFIG_CC310_MBEDTLS_CHACHAPOLY_C

cc310

CONFIG_CC310_MBEDTLS_CIPHER_MODE_CBC

CONFIG_CC310_MBEDTLS_CIPHER_MODE_CFB

CONFIG_CC310_MBEDTLS_CIPHER_MODE_CTR

CONFIG_CC310_MBEDTLS_CIPHER_MODE_OFB

CONFIG_CC310_MBEDTLS_CMAC_C

HW accelerated CMAC support for AES-128

CONFIG_CC310_MBEDTLS_DHM_C

Enable the DHM module from nrf cc310. MBEDTLS_DHM_C setting in mbed TLS config file.

CONFIG_CC310_MBEDTLS_ECDH_C

cc310

CONFIG_CC310_MBEDTLS_ECDSA_C

cc310

CONFIG_CC310_MBEDTLS_ECJPAKE_C

CONFIG_CC310_MBEDTLS_ECP_C

cc310

CONFIG_CC310_MBEDTLS_POLY1305_C

cc310

CONFIG_CC310_MBEDTLS_RSA_C

cc310

CONFIG_CC310_MBEDTLS_SHA1_C

cc310

CONFIG_CC310_MBEDTLS_SHA256_C

cc310

CONFIG_GENERATE_MBEDTLS_CFG_FILE

nRF Connect SDK Security will generate a mbed TLS configuration file based on the selection of configuration options in Kconfig. However, if the generated configuration file needs custom adjustments, this setting can be used to disable generating the mbed TLS configuration file. Only disable this setting if you know what you are doing.

CONFIG_GLUE_MBEDTLS_AES_C

CONFIG_GLUE_MBEDTLS_CCM_C

CONFIG_GLUE_MBEDTLS_CIPHER_MODE_CBC

CONFIG_GLUE_MBEDTLS_CIPHER_MODE_CFB

CONFIG_GLUE_MBEDTLS_CIPHER_MODE_CTR

CONFIG_GLUE_MBEDTLS_CIPHER_MODE_OFB

CONFIG_GLUE_MBEDTLS_DHM_C

CONFIG_HW_CC310_INTERRUPT

Use interrupt version of nrf cc310 platform library

CONFIG_MBEDTLS_AES_256_CMAC_C

CONFIG_MBEDTLS_AES_C

This setting will enable AES block cipher, including ECB - Electronic Code Book. Enabling AES will provide a sub-menu which allows for fine grained configuration of specific cipher support. Corresponds to MBEDTLS_AES_C setting in mbed TLS config file.

CONFIG_MBEDTLS_CCM_C

Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. This also includes CCM* MBEDTLS_CCM_C setting in mbed TLS config file.

CONFIG_MBEDTLS_CFG_FILE

mbed TLS configuration file

CONFIG_MBEDTLS_CHACHA20_C

Enable the CHACHA20 stream cipher. MBEDTLS_CHACHA20_C setting in mbed TLS config file.

CONFIG_MBEDTLS_CHACHAPOLY_C

Enable the CHACHA-POLY module. MBEDTLS_CHACHAPOLY_C setting in mbed TLS config file.

CONFIG_MBEDTLS_CIPHER_AES_256_CBC_C

CONFIG_MBEDTLS_CIPHER_AES_256_CCM_C

CONFIG_MBEDTLS_CIPHER_AES_256_CFB_C

CONFIG_MBEDTLS_CIPHER_AES_256_CTR_C

CONFIG_MBEDTLS_CIPHER_AES_256_ECB_C

CONFIG_MBEDTLS_CIPHER_AES_256_OFB_C

CONFIG_MBEDTLS_CIPHER_MODE_CBC

Enable the AES Cipher Block Chaining (CBC) mode, MBEDTLS_CIPHER_MODE_CBC setting in mbed TLS config file.

CONFIG_MBEDTLS_CIPHER_MODE_CFB

Enable the AES Cipher Feedback mode (CFB) mode, MBEDTLS_CIPHER_MODE_CFB setting in mbed TLS config file.

CONFIG_MBEDTLS_CIPHER_MODE_CTR

Enable the AES Counter Block Cipher mode (CTR) mode, MBEDTLS_CIPHER_MODE_CTR setting in mbed TLS config file.

CONFIG_MBEDTLS_CIPHER_MODE_OFB

Enable the AES Output Feedback mode (OFB) mode, MBEDTLS_CIPHER_MODE_OFB setting in mbed TLS config file.

CONFIG_MBEDTLS_CIPHER_MODE_XTS

Enable the AES Xor-encrypt-xor with ciphertext stealing mode (XTS) mode, MBEDTLS_CIPHER_MODE_XTS setting in mbed TLS config file.

CONFIG_MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS

Enable support for one and zeros padding for CBC cipher functions in mbedTLS. That is, fill buffer with 80 00 .. 00.

CONFIG_MBEDTLS_CIPHER_PADDING_PKCS7

Enable support for PKCS7 padding for CBC cipher functions in mbedTLS. That is, fill buffer with ll bytes, where ll is padding length.

CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS

Enable support for zeros padding for CBC cipher functions in mbedTLS. That is, fill buffer with 00 .. 00.

CONFIG_MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN

Enable support for zeros and length padding for CBC cipher functions in mbedTLS. That is, fill buffer with 00 .. 00 ll, where ll is padding length.

CONFIG_MBEDTLS_CMAC_C

Enable the CMAC module. MBEDTLS_CMAC_C setting in mbed TLS config file.

CONFIG_MBEDTLS_DHM_C

Enable the DHM module. MBEDTLS_DHM_C setting in mbed TLS config file.

CONFIG_MBEDTLS_ECDH_C

Enable the ECDH module. MBEDTLS_ECDH_C setting in mbed TLS config file.

CONFIG_MBEDTLS_ECDSA_C

Enable the ECDSA module. MBEDTLS_ECDSA_C setting in mbed TLS config file.

CONFIG_MBEDTLS_ECJPAKE_C

Enable support for ECJPAKE

CONFIG_MBEDTLS_ECP_C

Enable low level APIs for elliptic curves for additional functionality (besides ECDH and ECDSA) Enabling ECC will provide a sub-menu which allows for fine grained configuration of ECC based features and specific cipher support. Corresponds to MBEDTLS_ECP_C setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED

MBEDTLS_ECP_DP_BP256R1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED

MBEDTLS_ECP_DP_BP384R1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED

MBEDTLS_ECP_DP_BP512R1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED

MBEDTLS_ECP_DP_CURVE25519_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED

MBEDTLS_ECP_DP_CURVE448_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED

MBEDTLS_ECP_DP_SECP192K1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED

MBEDTLS_ECP_DP_SECP192R1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED

MBEDTLS_ECP_DP_SECP224K1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED

MBEDTLS_ECP_DP_SECP224R1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED

MBEDTLS_ECP_DP_SECP256K1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED

MBEDTLS_ECP_DP_SECP256R1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED

MBEDTLS_ECP_DP_SECP384R1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED

MBEDTLS_ECP_DP_SECP521R1_ENABLED setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_FIXED_POINT_OPTIM

This setting control ECP fixed point optimizations. If disabled, the system will use less memory, but it will also reduce the performance of the system. MBEDTLS_ECP_FIXED_POINT_OPTIM setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_MAX_BITS

This setting controls the largest elliptic curve supported in the library. If only smaller curves are used, then this value can be reduced in order to save memory. MBEDTLS_ECP_MAX_BITS setting in mbed TLS config file.

CONFIG_MBEDTLS_ECP_WINDOW_SIZE

Window sized used for elliptic curve multiplication. This value can be reduce down to 2. Reducing the value will impact the performance of the system. MBEDTLS_ECP_WINDOW_SIZE setting in mbed TLS config file.

CONFIG_MBEDTLS_ENABLE_HEAP

This option enables the mbedtls to use the heap. This setting must be global so that various applications and libraries in Zephyr do not try to do this themselves as there can be only one heap defined in mbedtls. If this is enabled, then the Zephyr will, during the device startup, initialize the heap automatically.

CONFIG_MBEDTLS_GCM_C

CONFIG_MBEDTLS_HEAP_SIZE

The mbedtls routines will use this heap if enabled. For streaming communication with arbitrary (HTTPS) servers on the Internet, 32KB + overheads (up to another 20KB) may be needed. Ensure to adjust the heap size according to the need of the application.

CONFIG_MBEDTLS_MPI_MAX_SIZE

Maximum number of bytes for usable Multiple Precision Integers (MPI) / Bignum. This will reduce the size of MPIs that can be used for calculation. Only reduce this value if it is ensured that the system won’t need larger numbers. MBEDTLS_MPI_MAX_SIZE setting in mbed TLS config file.

CONFIG_MBEDTLS_MPI_WINDOW_SIZE

Window size used for Multiple Precision Integers (MPI) / Bignum calculation. Note that reducing this value might have an impact on the performance. MBEDTLS_MPI_WINDOW_SIZE setting in mbed TLS config file.

CONFIG_MBEDTLS_PKCS1_V15

PKCS1 v1.5 support

CONFIG_MBEDTLS_PKCS1_V21

PKCS1 v2.1 support

CONFIG_MBEDTLS_POLY1305_C

Enable the POLY1305 module. MBEDTLS_POLY1305_C setting in mbed TLS config file.

CONFIG_MBEDTLS_RSA_C

Enable RSA cryptosystem support. MBEDTLS_RSA_C setting in mbed TLS config file.

CONFIG_MBEDTLS_SHA1_C

SHA-1 hash functionality.

CONFIG_MBEDTLS_SHA256_C

SHA-256 hash functionality.

CONFIG_MBEDTLS_SHA256_SMALLER

Use a SHA-256 implementation with smaller footprint. Note, that this implementation will also have a lower performance. On a Cortex-M4 the size of mbedtls_sha256_process() will be reduced from ~2KB to ~0.5KB, however it will also perform around 30% slower. MBEDTLS_SHA256_SMALLER setting in mbed TLS config file.

CONFIG_MBEDTLS_SHA512_C

SHA-512 hash support

CONFIG_MBEDTLS_SSL_CIPHERSUITES

List of cipher suites to support in SSL/TLS. The cipher suites are given as a comma separated string, and in order of preference. This list can only be used for restricting cipher suites available in the system. Warning: This field has offers no validation checks. MBEDTLS_SSL_CIPHERSUITES setting in mbed TLS config file.

CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN

Maximum buffer size for incoming and outgoing mbed TLS I/O buffers. MBEDTLS_SSL_MAX_CONTENT_LEN setting in mbed TLS config file.

CONFIG_MBEDTLS_TLS_LIBRARY

Create the mbed SSL/TLS library in addition to the mbed crypto library.

CONFIG_MBEDTLS_VANILLA_BACKEND

Enable mbed TLS vanilla backend

CONFIG_MBEDTLS_X509_LIBRARY

Create the mbed x509 library for handling of certificates.

CONFIG_MPSL

Use Nordic Multi Protocol Service Layer (MPSL) implementation, providing services for single and multi-protocol implementations.

CONFIG_NFC_T2T_NRFXLIB

Enable NFC Type 2 Tag library

CONFIG_NFC_T4T_NRFXLIB

Enable NFC Type 4 Tag library

CONFIG_NORDIC_SECURITY_BACKEND

nRF Connect SDK Security provides crypto functionality through different backends. Some HW platforms supports the used of HW accelerated crypto features.

CONFIG_NRFXLIB_CRYPTO

CONFIG_NRF_CC310_BL

To use, link with nrfxlib_crypto in CMake.

CONFIG_NRF_CC310_PLATFORM

To use, link with nrfxlib_crypto in CMake.

CONFIG_NRF_CRYPTO_BACKEND_COMBINATION_0

CONFIG_NRF_CRYPTO_GLUE_LIBRARY

CONFIG_NRF_OBERON

To use, link with nrfxlib_crypto in CMake.

CONFIG_NRF_SECURITY_ADVANCED

This setting will enable the advanced configuration menu. The advanced configuration allows for further fine tuning of the mbed TLS configuration by adjusting , as example: SSL maximum content sizes, disabling of specific cipher suites, ECP bit sizes, Bignum options.

CONFIG_NRF_SECURITY_RNG

The Random Number Generator support in nRF Security provides a Pseudorandom Number Generator, PRNG. The Pseudorandom Number Generator is seeded by a True Random Number Generator, TRNG, available in hardware.

CONFIG_VANILLA_MBEDTLS_AES_C

mbed TLS (AES-128, AES-192, AES-256)

CONFIG_VANILLA_MBEDTLS_CCM_C

Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. This also includes CCM* MBEDTLS_CCM_C setting in mbed TLS config file.

CONFIG_VANILLA_MBEDTLS_CHACHA20_C

SW implemented chacha20 support

CONFIG_VANILLA_MBEDTLS_CHACHAPOLY_C

mbed TLS vanilla

CONFIG_VANILLA_MBEDTLS_CIPHER_MODE_CBC

CONFIG_VANILLA_MBEDTLS_CIPHER_MODE_CFB

CONFIG_VANILLA_MBEDTLS_CIPHER_MODE_CTR

CONFIG_VANILLA_MBEDTLS_CIPHER_MODE_OFB

CONFIG_VANILLA_MBEDTLS_CMAC_C

CMAC support for AES-128, AES-192, AES-256

CONFIG_VANILLA_MBEDTLS_DHM_C

Enable the DHM module from mbed TLS vanilla. MBEDTLS_DHM_C setting in mbed TLS config file.

CONFIG_VANILLA_MBEDTLS_ECDH_C

mbed TLS vanilla

CONFIG_VANILLA_MBEDTLS_ECDSA_C

mbed TLS vanilla

CONFIG_VANILLA_MBEDTLS_ECP_C

mbed TLS vanilla

CONFIG_VANILLA_MBEDTLS_GCM_C

Enable the GCM module. MBEDTLS_GCM_C setting in mbed TLS config file.

CONFIG_VANILLA_MBEDTLS_POLY1305_C

mbed TLS vanilla

CONFIG_VANILLA_MBEDTLS_RSA_C

mbed TLS vanilla

CONFIG_VANILLA_MBEDTLS_SHA1_C

mbed TLS vanilla

CONFIG_VANILLA_MBEDTLS_SHA256_C

mbed TLS vanilla