nrfxlib Configuration Options¶
Kconfig
files describe build-time configuration options (called symbols
in Kconfig-speak), how they’re grouped into menus and sub-menus, and
dependencies between them that determine what configurations are valid.
Kconfig
files appear throughout the directory tree. For example,
subsys/power/Kconfig
defines power-related options.
This documentation is generated automatically from the Kconfig
files by
the gen_kconfig_rest.py
script. Click on symbols for more
information.
Configuration Options¶
Symbol name |
Help/prompt |
---|---|
Add mbedcrypto header files to the ‘app’ include path. |
|
Link application with ZBOSS library |
|
Low Latency Packet Mode (LLPM) is a Nordic proprietary addition which lets the application use connection intervals down to 1 ms. |
|
Use SoftDevice Link Layer implementation. |
|
Helper variable used to change the default link layer if BT_CTLR is supported for the platform. |
|
Include SoftDevice Controller vendor specific HCI interface. |
|
Using atomic operations is the fastest way to ensure mutually exclusive access to the ARM CryptoCell hardware. Warning: If this configuration is set, every execution requiring use of the ARM CryptoCell hardware must happen in the same priority. Calling into mbed TLS APIs from a higher priority while an ongoing operation will lead to undefined behavior. It is highy recommended to to do all cryptographic operations in one single thread if this configuration is set. |
|
Enable cc3xx backend |
|
A mutual exclusive peripheral is the fastest way to ensure mutually exclusive access to the ARM CryptoCell hardware on platform which support it. The MUTEX peripheral is nRF53 platform specific solution. Warning: If this configuration is set, every execution requiring use of the ARM CryptoCell hardware must happen in the same priority. Calling into mbed TLS APIs from a higher priority while an ongoing operation will lead to undefined behavior. It is highy recommended to to do all cryptographic operations in one single thread if this configuration is set. |
|
cc310 (AES-128) |
|
Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher using AES-128. This also includes CCM* (star) mode MBEDTLS_CCM_C setting in mbed TLS config file. |
|
Enable the DHM module from nrf cc3xx. MBEDTLS_DHM_C setting in mbed TLS config file. |
|
Enables exclusive access to the ARM CryptoCell hardware using an RTOS mutex that has priority inheritance. The mutex lock is safe across threads and/or interrupts with different priority. Using an RTOS mutex comes at a cost of lower performance. |
|
HW accelerated chacha20 support |
|
cc3xx |
|
HW accelerated CMAC support using AES-128 |
|
cc3xx |
|
cc3xx |
|
cc3xx |
|
cc3xx |
|
cc3xx |
|
SW implemented chacha20 support |
|
CMAC support using AES-128, AES-192, AES-256 |
|
nrf_oberon |
|
nrf_oberon |
|
nrf_oberon |
|
nrf_oberon |
|
SW implemented chacha20 support |
|
Original mbed TLS |
|
CMAC support using AES-128, AES-192, AES-256 |
|
Original mbed TLS |
|
Original mbed TLS |
|
Original mbed TLS |
|
Original mbed TLS |
|
Original mbed TLS |
|
nRF Connect SDK Security will generate a mbed TLS configuration file based on the selection of configuration options in Kconfig. However, if the generated configuration file needs custom adjustments, this setting can be used to disable generating the mbed TLS configuration file. Only disable this setting if you know what you are doing. |
|
Use interrupt version of nrf cc3xx platform library |
|
This setting will enable AES block cipher, including ECB - Electronic Code Book. Enabling AES will provide a sub-menu which allows for fine grained configuration of specific cipher support. Corresponds to MBEDTLS_AES_C setting in mbed TLS config file. |
|
Enabling this configuration omits 75% of the AES tables in ROM or RAM. There is a tradeoff between lookup size and doing more arithmetic operations on the fly, which impacts the performance of the AES operations. MBEDTLS_AES_FEWER_TABLES setting in mbed TLS config file. |
|
AES lookup tables will be placed in ROM instead of RAM Placing the AES lookup tables in ROM will perform slower but will reduce RAM usage. Using precompiled ROM tables reduces RAM size by ~8kB with an additional cost of ~8kB of ROM size. If MBEDTLS_AES_FEWER_TABLES is used the RAM reduction is ~2kB with an additional cost of ~2kB of ROM size. MBEDTLS_AES_ROM_TABLES setting in mbed TLS config file. |
|
Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher. This also includes CCM* MBEDTLS_CCM_C setting in mbed TLS config file. |
|
Use a specific mbedTLS configuration file. The default config file file can be tweaked with Kconfig. The default configuration is suitable to communicate with majority of HTTPS servers on the Internet, but has relatively many features enabled. To optimize resources for special TLS usage, use available Kconfig options, or select an alternative config. |
|
Enable the CHACHA20 stream cipher. MBEDTLS_CHACHA20_C setting in mbed TLS config file. |
|
Enable the CHACHA-POLY module. MBEDTLS_CHACHAPOLY_C setting in mbed TLS config file. |
|
Enable the AES Cipher Block Chaining (CBC) mode, MBEDTLS_CIPHER_MODE_CBC setting in mbed TLS config file. |
|
Enable the AES Cipher Feedback mode (CFB) mode, MBEDTLS_CIPHER_MODE_CFB setting in mbed TLS config file. |
|
Enable the AES Counter Block Cipher mode (CTR) mode, MBEDTLS_CIPHER_MODE_CTR setting in mbed TLS config file. |
|
Enable the AES Output Feedback mode (OFB) mode, MBEDTLS_CIPHER_MODE_OFB setting in mbed TLS config file. |
|
Enable the AES Xor-encrypt-xor with ciphertext stealing mode (XTS) mode, MBEDTLS_CIPHER_MODE_XTS setting in mbed TLS config file. |
|
Enable support for one and zeros padding for CBC cipher functions in mbedTLS. That is, fill buffer with 80 00 .. 00. |
|
Enable support for PKCS7 padding for CBC cipher functions in mbedTLS. That is, fill buffer with ll bytes, where ll is padding length. |
|
Enable support for zeros padding for CBC cipher functions in mbedTLS. That is, fill buffer with 00 .. 00. |
|
Enable support for zeros and length padding for CBC cipher functions in mbedTLS. That is, fill buffer with 00 .. 00 ll, where ll is padding length. |
|
AES-CMAC - AES Cipher-based Message Authentication Code mode for block ciphers |
|
This setting will enable CTR_DRBG APIs in mbed TLS. Corresponds to MBEDTLS_CTR_DRBG_C setting in mbed TLS config file. |
|
Enable the DHM module. MBEDTLS_DHM_C setting in mbed TLS config file. |
|
Enable the ECDH module. MBEDTLS_ECDH_C setting in mbed TLS config file. |
|
Enable the ECDSA module. MBEDTLS_ECDSA_C setting in mbed TLS config file. |
|
Enable support for ECJPAKE |
|
Enable low level APIs for elliptic curves for additional functionality (besides ECDH and ECDSA) Enabling ECC will provide a sub-menu which allows for fine grained configuration of ECC based features and specific cipher support. Corresponds to MBEDTLS_ECP_C setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_BP256R1_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_BP384R1_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_BP512R1_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_CURVE25519_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_CURVE448_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_SECP192K1_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_SECP192R1_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_SECP224K1_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_SECP224R1_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_SECP256K1_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_SECP256R1_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_SECP384R1_ENABLED setting in mbed TLS config file. |
|
MBEDTLS_ECP_DP_SECP521R1_ENABLED setting in mbed TLS config file. |
|
This setting control ECP fixed point optimizations. If disabled, the system will use less memory, but it will also reduce the performance of the system. MBEDTLS_ECP_FIXED_POINT_OPTIM setting in mbed TLS config file. |
|
This setting controls the largest elliptic curve supported in the library. If only smaller curves are used, then this value can be reduced in order to save memory. MBEDTLS_ECP_MAX_BITS setting in mbed TLS config file. |
|
Window sized used for elliptic curve multiplication. This value can be reduce down to 2. Reducing the value will impact the performance of the system. MBEDTLS_ECP_WINDOW_SIZE setting in mbed TLS config file. |
|
This option enables the mbedtls to use the heap. This setting must be global so that various applications and libraries in Zephyr do not try to do this themselves as there can be only one heap defined in mbedtls. If this is enabled, then the Zephyr will, during the device startup, initialize the heap automatically. |
|
Enable the GCM module. MBEDTLS_GCM_C setting in mbed TLS config file. |
|
Heap size for mbed TLS in bytes. For streaming communication with arbitrary (HTTPS) servers on the Internet, 32KB + overheads (up to another 20KB) may be needed. Ensure to adjust the heap size according to the need of the application. |
|
This setting will enable HMAC_DRBG APIs in mbed TLS. Corresponds to MBEDTLS_HMAC_DRBG_C setting in mbed TLS config file. |
|
Maximum number of bytes for usable Multiple Precision Integers (MPI) / Bignum. This will reduce the size of MPIs that can be used for calculation. Only reduce this value if it is ensured that the system won’t need larger numbers. MBEDTLS_MPI_MAX_SIZE setting in mbed TLS config file. |
|
Window size used for Multiple Precision Integers (MPI) / Bignum calculation. Note that reducing this value might have an impact on the performance. MBEDTLS_MPI_WINDOW_SIZE setting in mbed TLS config file. |
|
PKCS1 v1.5 support |
|
PKCS1 v2.1 support |
|
Enable generic public key wrappers. |
|
Enable generic public key write functions. |
|
Enable the POLY1305 module. MBEDTLS_POLY1305_C setting in mbed TLS config file. |
|
Enable RSA cryptosystem support. MBEDTLS_RSA_C setting in mbed TLS config file. |
|
SHA-1 hash functionality. |
|
SHA-256 hash functionality. |
|
Use a SHA-256 implementation with smaller footprint. Note, that this implementation will also have a lower performance. On a Cortex-M4 the size of mbedtls_sha256_process() will be reduced from ~2KB to ~0.5KB, however it will also perform around 30% slower. MBEDTLS_SHA256_SMALLER setting in mbed TLS config file. |
|
SW implemented SHA-512 hash support |
|
Enable support for RFC 7301 Application Layer Protocol Negotiation. |
|
Enable simple SSL cache implementation. |
|
List of cipher suites to support in SSL/TLS. The cipher suites are given as a comma separated string, and in order of preference. This list can only be used for restricting cipher suites available in the system. Warning: This field has offers no validation checks. MBEDTLS_SSL_CIPHERSUITES setting in mbed TLS config file. |
|
This setting enables SSL/TLS client functionality. Corresponds to MBEDTLS_SSL_CLI_C in mbed TLS config file |
|
Enable support for a limit of records with bad MAC. |
|
Enable server-side support for clients that reconnect from the same port. |
|
Maximum buffer size for incoming and outgoing mbed TLS I/O buffers. MBEDTLS_SSL_MAX_CONTENT_LEN setting in mbed TLS config file. |
|
Enable the TLS 1.2 protocol Corresponds to MBEDTLS_SSL_PROTO_TLS1_2 in mbed TLS config file |
|
Enable support for TLS renegotiation. |
|
Enable support for RFC 6066 server name indication (SNI) in SSL. |
|
Enable support for RFC 5077 session tickets in SSL. |
|
This setting enables SSL/TLS server functionality. Corresponds to MBEDTLS_SSL_SRV_C in mbed TLS config file. |
|
Enable an implementation of TLS server-side callbacks for session tickets. |
|
Corresponds to MBEDTLS_SSL_TLS_C in mbed TLS config file |
|
Create the mbed SSL/TLS library in addition to the mbed crypto library. |
|
Enable Original mbed TLS backend This backend uses unaltered source code from the Arm mbed TLS project. |
|
Enable verification of the extendedKeyUsage extension (leaf certificates). |
|
Enable verification of the keyUsage extension (CA and leaf certificates). |
|
Enable X.509 core for creating certificates. |
|
Enable X.509 CRL parsing. |
|
Enable X.509 Certificate Signing Requests (CSR) parsing. |
|
Enable creating X.509 Certificate Signing Requests (CSR). |
|
Create the mbed x509 library for handling of certificates. |
|
Use Nordic Multi Protocol Service Layer (MPSL) implementation, providing services for single and multi-protocol implementations. |
|
Enable NFC Type 2 Tag library |
|
Enable NFC Type 4 Tag library |
|
nRF Connect SDK Security provides crypto functionality through different backends. Some HW platforms supports the used of HW accelerated crypto features. |
|
Use of Nordic Semiconductor proprietary implementation of nRF 802.15.4 Service Layer. This implementation enables advanced features of nRF 802.15.4 Radio Driver. |
|
To use, link with nrfxlib_crypto in CMake. |
|
To use, link with nrfxlib_crypto in CMake. |
|
Link binary |
|
To use, link with nrfxlib_crypto in CMake. |
|
Enable nRF RPC (Remote Procedure Call) library |
|
Adds API that helps use of TinyCBOR library for data serialization. |
|
nRF RPC need to store some data to handle commands. Pool of contexts is created to avoid dynamic memory allocation. Setting this value too low will cause unnecessary waits for available context. Minimum value that is ensured to work without waiting is the sum of the number of threads in both local and remote pool. |
|
Thread pool is used to execute commands and events that arrived from the remote side. If there is no available threads then remote side will wait. |
|
If enabled selects custom transport layer. User can provide own implementation of nRF PRC transport layer. In this case NRF_RPC_TR_CUSTOM_INCLUDE must be provided. |
|
If NRF_RPC_TR_CUSTOM is enabled this option specifies the include file that contains custom transport layer API. Provided API must be compatible with the template header file “rp_trans_tmpl.h”. |
|
If enabled selects RPMsg as a transport layer for nRF PRC. |
|
This setting will enable the advanced configuration menu. The advanced configuration allows for further fine tuning of the mbed TLS configuration by adjusting , as example: SSL maximum content sizes, disabling of specific cipher suites, ECP bit sizes, Bignum options. |
|
The Random Number Generator support in nRF Security provides a Pseudorandom Number Generator, PRNG. The Pseudorandom Number Generator is seeded by a True Random Number Generator, TRNG, available in hardware. |
|
Enable nrf_oberon mbed TLS backend |
|
nrf_oberon (AES-128, AES-192, AES-256) |
|
Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher using AES-128, AES-192, AES-256. This also includes CCM* (star) mode MBEDTLS_CCM_C setting in mbed TLS config file. |
|
Build a stripped library versions of OpenThread in the build directory. |
|
Uses prebuilt library of openthread instead of building from sources. |
|
Nordic library feature sets |
|
Nordic Semiconductor optimized OpenThread features for FTD. |
|
Nordic Semiconductor complete set of OpenThread features. |
|
Nordic Semiconductor optimized OpenThread features for MTD. |
|
No extra features selected. |
|
The central library variant is optimized for simpler applications only requiring the central role. |
|
The multirole library variant is contains all supported features and can be used for more advanced applications. Using this library may give slightly larger applications. However, the library is designed in such a way that unused functionality is removed by the linker. |
|
The peripheral library variant is optimized for simpler applications only requiring the peripheral role. |
|
mbed TLS (AES-128, AES-192, AES-256) |
|
Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher using AES-128, AES-192, AES-256. This also includes CCM* (star) mode MBEDTLS_CCM_C setting in mbed TLS config file. |
|
Enable the DHM module from mbed TLS vanilla. MBEDTLS_DHM_C setting in mbed TLS config file. |
|
Enable Zigbee Green Power Combo Basic functionality [EXPERIMENTAL] |
|
This option is valid only when building ZBOSS without application layer |
|
Enable Zigbee Green Power Proxy Basic functionality |
|
If selected, the application will be linked with newest version of ZBOSS libraries. Those libraries are not officially certified, but may be used for an early development of applications, that require experimental features. |
|
The Zigbee stack is implemented on the connectivity SoC, but the application is implemented on the host MCU |
|
If selected, the application will be linked with the latest, stable version of ZBOSS libraries. Please check NCS documentation in order to get the certification status of those libraries. |
|
The Zigbee stack, as well as the application is implemented on the SoC |