From 5a6fbbd6595cedfcaa43a1b676c813f9c0f8355f Mon Sep 17 00:00:00 2001 From: Maximilian Deubel Date: Fri, 28 Mar 2025 11:58:07 +0100 Subject: [PATCH 1/2] lib: nrf_cloud: fix non-nrf91 builds The wifi compatibility didn't survive all of the change requests in the original PR. This is fixed here, a test build will also be added. Signed-off-by: Maximilian Deubel --- subsys/net/lib/nrf_cloud/src/nrf_cloud_jwt.c | 48 ++++++++++---------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/subsys/net/lib/nrf_cloud/src/nrf_cloud_jwt.c b/subsys/net/lib/nrf_cloud/src/nrf_cloud_jwt.c index 437d99448ed7..4657103bfad2 100644 --- a/subsys/net/lib/nrf_cloud/src/nrf_cloud_jwt.c +++ b/subsys/net/lib/nrf_cloud/src/nrf_cloud_jwt.c @@ -132,7 +132,8 @@ static int get_key_from_cred(const int sec_tag, uint8_t *const der_out) return 0; } -static int custom_jwt_generate(struct jwt_data *const jwt) +static int custom_jwt_generate(uint32_t exp_delta_s, char *const jwt_buf, size_t jwt_buf_sz, + const char *subject, int sec_tag) { int err = 0; psa_key_id_t kid; @@ -140,7 +141,7 @@ static int custom_jwt_generate(struct jwt_data *const jwt) uint8_t priv_key[PRV_KEY_SZ]; /* Load private key from storage */ - err = get_key_from_cred(jwt->sec_tag, priv_key); + err = get_key_from_cred(sec_tag, priv_key); if (err) { LOG_ERR("Failed to get private key, error: %d", err); return err; @@ -170,11 +171,10 @@ static int custom_jwt_generate(struct jwt_data *const jwt) .sec_tag = kid, .key_type = JWT_KEY_TYPE_CLIENT_PRIV, .alg = JWT_ALG_TYPE_ES256, - .validity_s = jwt->exp_delta_s, - .jwt_buf = jwt->jwt_buf, - .jwt_sz = jwt->jwt_sz, - .subject = jwt->subject, - .audience = jwt->audience, + .validity_s = exp_delta_s, + .jwt_buf = jwt_buf, + .jwt_sz = jwt_buf_sz, + .subject = subject, }; return app_jwt_generate(&_jwt_internal); @@ -189,16 +189,10 @@ int nrf_cloud_jwt_generate(uint32_t time_valid_s, char *const jwt_buf, size_t jw int err; const char *id_ptr; - struct jwt_data jwt = { - .audience = NULL, - .key = JWT_KEY_TYPE_CLIENT_PRIV, - .alg = JWT_ALG_TYPE_ES256, - .jwt_buf = jwt_buf, - .jwt_sz = jwt_buf_sz - }; - - jwt.sec_tag = IS_ENABLED(CONFIG_NRF_CLOUD_COAP) ? + uint32_t exp_delta_s = time_valid_s; + int sec_tag = IS_ENABLED(CONFIG_NRF_CLOUD_COAP) ? nrf_cloud_sec_tag_coap_jwt_get() : nrf_cloud_sec_tag_get(); + const char *subject; #if defined(CONFIG_MODEM_JWT) /* Check if modem time is valid */ @@ -211,30 +205,38 @@ int nrf_cloud_jwt_generate(uint32_t time_valid_s, char *const jwt_buf, size_t jw } #endif if (time_valid_s > NRF_CLOUD_JWT_VALID_TIME_S_MAX) { - jwt.exp_delta_s = NRF_CLOUD_JWT_VALID_TIME_S_MAX; + exp_delta_s = NRF_CLOUD_JWT_VALID_TIME_S_MAX; } else if (time_valid_s == 0) { - jwt.exp_delta_s = NRF_CLOUD_JWT_VALID_TIME_S_DEF; - } else { - jwt.exp_delta_s = time_valid_s; + exp_delta_s = NRF_CLOUD_JWT_VALID_TIME_S_DEF; } if (IS_ENABLED(CONFIG_NRF_CLOUD_CLIENT_ID_SRC_INTERNAL_UUID)) { /* The UUID is present in the iss claim, so there is no need * to also include it in the sub claim. */ - jwt.subject = NULL; + subject = NULL; } else { err = nrf_cloud_client_id_ptr_get(&id_ptr); if (err) { LOG_ERR("Failed to obtain client ID, error: %d", err); return err; } - jwt.subject = id_ptr; + subject = id_ptr; } #if defined(CONFIG_NRF_CLOUD_JWT_SOURCE_CUSTOM) - return custom_jwt_generate(&jwt); + return custom_jwt_generate(exp_delta_s, jwt_buf, jwt_buf_sz, subject, sec_tag); #elif defined(CONFIG_MODEM_JWT) + struct jwt_data jwt = { + .audience = NULL, + .key = JWT_KEY_TYPE_CLIENT_PRIV, + .alg = JWT_ALG_TYPE_ES256, + .jwt_buf = jwt_buf, + .jwt_sz = jwt_buf_sz, + .exp_delta_s = exp_delta_s, + .sec_tag = sec_tag, + .subject = subject, + }; err = modem_jwt_generate(&jwt); if (err) { LOG_ERR("Failed to generate JWT, error: %d", err); From da34974ee050c46a6b3c9c2b96966ae5b571c273 Mon Sep 17 00:00:00 2001 From: Maximilian Deubel Date: Wed, 26 Mar 2025 16:18:25 +0100 Subject: [PATCH 2/2] samples: cellular: fix MSS overlay for nRF700x Wi-Fi CoAP Fix configuration for nRF Cloud Multi Service sample using CoAP backend on wi-fi configuration. Signed-off-by: Maximilian Deubel --- .../releases/release-notes-changelog.rst | 1 + .../cellular/nrf_cloud_multi_service/README.rst | 6 +++--- .../overlay_nrf700x_wifi_coap_no_lte.conf | 14 ++++++++++---- .../overlay_nrf700x_wifi_mqtt_no_lte.conf | 1 + .../cellular/nrf_cloud_multi_service/sample.yaml | 15 ++++++++++++++- 5 files changed, 29 insertions(+), 8 deletions(-) diff --git a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst index 4ffcc40127d3..e3b38eddd141 100644 --- a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst +++ b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst @@ -591,6 +591,7 @@ Cellular samples * An issue with a very small :kconfig:option:`CONFIG_COAP_EXTENDED_OPTIONS_LEN_VALUE` Kconfig value in the :file:`overlay-coap_nrf_provisioning.conf` file. * Slow Wi-Fi connectivity startup by selecting ``TFM_SFN`` instead of ``TFM_IPC``. * The size of TLS credentials buffer for Wi-Fi connectivity to allow installing both AWS and CoAP CA certificates. + * Build issues with Wi-Fi configuration using CoAP. * :ref:`lte_sensor_gateway` sample: diff --git a/samples/cellular/nrf_cloud_multi_service/README.rst b/samples/cellular/nrf_cloud_multi_service/README.rst index 6f3bde8f0562..0ab227bc1750 100644 --- a/samples/cellular/nrf_cloud_multi_service/README.rst +++ b/samples/cellular/nrf_cloud_multi_service/README.rst @@ -997,14 +997,14 @@ Once your device has been flashed with this sample, you can add a credential by .. parsed-literal:: :class: highlight - wifi_cred add -s *NetworkSSID* -k 1 -p *NetworkPassword* + wifi cred add *NetworkSSID* WPA2-PSK *NetworkPassword* Where *NetworkSSID* is replaced with the SSID of the Wi-Fi access point you want your device to connect to, and *NetworkPassword* is its password. -Then either reboot the device or use the ``wifi_cred auto_connect`` command to manually trigger a connection attempt. +Then either reboot the device or use the ``wifi cred auto_connect`` command to manually trigger a connection attempt. From now on, these credentials will automatically be used when the configured network is reachable. -See the :ref:`Wi-Fi shell sample documentation ` for more details on the ``wifi_cred`` command. +See the :ref:`Wi-Fi shell sample documentation ` for more details on the ``wifi`` commands. Building with nRF Cloud logging support ======================================= diff --git a/samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_coap_no_lte.conf b/samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_coap_no_lte.conf index cccad0a064ec..384bee26715c 100644 --- a/samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_coap_no_lte.conf +++ b/samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_coap_no_lte.conf @@ -48,7 +48,7 @@ CONFIG_TFM_PROFILE_TYPE_NOT_SET=y CONFIG_TFM_IPC=n CONFIG_TFM_SFN=y CONFIG_TFM_CRYPTO_CONC_OPER_NUM=4 -CONFIG_TFM_CRYPTO_ASYM_SIGN_MODULE_ENABLED=n +CONFIG_TFM_CRYPTO_ASYM_SIGN_MODULE_ENABLED=y ## Configure TFM partitions CONFIG_PM_PARTITION_SIZE_TFM_INTERNAL_TRUSTED_STORAGE=0x2000 @@ -61,6 +61,7 @@ CONFIG_PM_PARTITION_SIZE_TFM=0x24000 ## Configure credentials shells and dependencies CONFIG_SHELL=y +CONFIG_NET_L2_WIFI_SHELL=y CONFIG_WIFI_CREDENTIALS_SHELL=y CONFIG_TLS_CREDENTIALS_SHELL=y CONFIG_TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE=y @@ -177,7 +178,7 @@ CONFIG_NET_TX_STACK_SIZE=2048 CONFIG_NET_RX_STACK_SIZE=2048 CONFIG_ZVFS_OPEN_MAX=16 CONFIG_NET_SOCKETS_POLL_MAX=8 -CONFIG_NET_MGMT_EVENT_STACK_SIZE=4000 +CONFIG_NET_MGMT_EVENT_STACK_SIZE=8000 # nRF Cloud: CoAP CONFIG_NRF_CLOUD_MQTT=n @@ -186,8 +187,6 @@ CONFIG_NRF_CLOUD_ALERT=y CONFIG_NRF_CLOUD_LOCATION=n CONFIG_NRF_CLOUD_JWT_SOURCE_CUSTOM=y CONFIG_NRF_CLOUD_CLIENT_ID_SRC_COMPILE_TIME=y -# User must set their compile time client ID -CONFIG_NRF_CLOUD_CLIENT_ID="" # General config CONFIG_FPU=y @@ -240,3 +239,10 @@ CONFIG_AT_MONITOR=n # Disabling to prevent IPv6 error logs CONFIG_NET_IPV6=n + +# User must set their compile time client ID +CONFIG_NRF_CLOUD_CLIENT_ID="my-device" + +# Enable nordic security backend and PSA APIs +CONFIG_NRF_SECURITY=y +CONFIG_MBEDTLS_PSA_CRYPTO_C=y diff --git a/samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_mqtt_no_lte.conf b/samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_mqtt_no_lte.conf index 1beb2ed1bf18..b7f0deb8d1a1 100644 --- a/samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_mqtt_no_lte.conf +++ b/samples/cellular/nrf_cloud_multi_service/overlay_nrf700x_wifi_mqtt_no_lte.conf @@ -60,6 +60,7 @@ CONFIG_PM_PARTITION_SIZE_TFM=0x24000 ## Configure credentials shells and dependencies CONFIG_SHELL=y +CONFIG_NET_L2_WIFI_SHELL=y CONFIG_WIFI_CREDENTIALS_SHELL=y CONFIG_TLS_CREDENTIALS_SHELL=y CONFIG_TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE=y diff --git a/samples/cellular/nrf_cloud_multi_service/sample.yaml b/samples/cellular/nrf_cloud_multi_service/sample.yaml index 6c3bdeed5024..a785efeb3228 100644 --- a/samples/cellular/nrf_cloud_multi_service/sample.yaml +++ b/samples/cellular/nrf_cloud_multi_service/sample.yaml @@ -125,7 +125,7 @@ tests: - ci_build - sysbuild - ci_samples_cellular - sample.cellular.nrf7002dk_wifi.conn: + sample.cellular.nrf7002dk_wifi.conn.mqtt: sysbuild: true build_only: true integration_platforms: @@ -138,3 +138,16 @@ tests: - ci_build - sysbuild - ci_samples_cellular + sample.cellular.nrf7002dk_wifi.conn.coap: + sysbuild: true + build_only: true + integration_platforms: + - nrf7002dk/nrf5340/cpuapp/ns + platform_allow: nrf7002dk/nrf5340/cpuapp/ns + extra_args: + - EXTRA_CONF_FILE="overlay_nrf700x_wifi_coap_no_lte.conf" + - SB_CONF_FILE="sysbuild_nrf700x-wifi-conn.conf" + tags: + - ci_build + - sysbuild + - ci_samples_cellular