Impossible to use ESP-TLS due to version mismatch with esp-cryptoauthlib

[nikost000]

When enabling "Use secure element ATECC608A with ESP-TLS" compilation fails with message

/home/nikos/.platformio/packages/framework-espidf@3.40200.210118/components/esp-tls/esp_tls_mbedtls.c:600:39: error: 'struct <anonymous>' has no member named 'slave_address'; did you mean 'address'?

This is because the version of esp-cryptoauthlib provided with Core2-AWS-IoT-Toolkit is not the proper matching version for the ESP-TLS of the ESP-IDF used by -AWS-IoT-Toolkit. The name of this struct member was changed in this commit to support the latest esp-cryptoauthlib:
https://github.com/espressif/esp-idf/blob/1abdfee3b7ea9e432bba5eeda36c8a9f4dc1f6ba/components/esp-tls/esp_tls_mbedtls.c

But Core2-AWS-IoT-Toolkit uses an old version of ESP IDF and ESP-TLS, so it can't find this struct member.

This renders the use of mBedTLS and ESP-TLS useless, which is one of the main features of AWS Core2 m5Stack.

To fix this, there are two choices:

1. Update to latest esp-cryptoauthlib, which fixes the problem but is unstable with Core2-AWS-IoT-Toolkit. Sometimes ESP-TLS fails to read the certificates, other times it lags for seconds reading eg. the serial number.
2. Leave the esp-cryptoauthlib as provided with Core2-AWS-IoT-Toolkit but use next version of ESP-IDF (4.3) which has a newer ESP-TLS which works fine with the provided esp-cryptoauthlib. However updating to next minor version of ESP-IDF results in boot loop and the culprint is according to backtrace disp_spi line 176.

Since the secure element is the main feature of this AWS m5stack, a not-working ESP-TLS doesn't make sense.

[rashedtalukder]

Update your platformio.ini file to an prior version of the Espressif32 platform: https://github.com/m5stack/Core2-for-AWS-IoT-EduKit/blob/master/Blinky-Hello-World/platformio.ini#L6

That will fix the issue you're seeing there.

Otherwise, you can use the newer version of the cryptoauthlib port: https://github.com/aws-iot-edukit/esp-cryptoauthlib. Note that it uses git submodules to import the committed cryptoauthlib.

[nikost000]

Hi
Using older version of IDF doesn't work:

• All versions down to 3.1.0 yield the same error 'struct <anonymous>' has no member named 'slave_address'; did you mean 'address'?
• Versions below 3.0.0 won't compile at all because m5stack-core2 doesn't support older versions

Available platformio espressif32 versions are here: https://registry.platformio.org/platforms/platformio/espressif32/versions

Using latest port of esp-cryptoauthlib doesnt work either. It requires to use the BSP which as it seems is still in early dev stage since its only on the dev branch, with the latest commit 2 months ago. Is it dead or is development still going on?

Thanks

[rashedtalukder]

Please use platform version 3.2.1 like we do in the examples: https://github.com/m5stack/Core2-for-AWS-IoT-EduKit/blob/master/Blinky-Hello-World/platformio.ini#L6

platform = espressif32@3.2.1

[nikost000]

My original post refers to version 3.2.1 as in the examples. I tried older versions only because you asked me to :).

To reproduce this open eg. Blinky-Hello-World enable "Use secure element ATECC608A with ESP-TLS" in components -> ESP-TLS and compilation fails, as described in OP.

Go to components and replace esp-cryptoauthlib with latest from https://github.com/aws-iot-edukit/esp-cryptoauthlib, update submodules etc. try to compile and it fails with:

components/esp-cryptoauthlib/cryptoauthlib/lib/mbedtls/atca_mbedtls_wrap.c:57:10: fatal error: atca_mbedtls_patch.h: No such file or directory

components/esp-cryptoauthlib/port/atca_cfgs_port.c:50:31: error: 'CONFIG_I2C_MANAGER_0_TIMEOUT' undeclared here (not in a function)

[rashedtalukder]

Sorry, I didn't digest your first sentence thoroughly and led you astray. I more fully understand what you're trying to do — specifically use ESP-TLS. Yes, so the APIs were changed in the patch version of the ESP-IDF v4.3.1 (aka PlatformIO platform-espressif v3.4.0)which fixes that issue. However using ESP-IDF 4.2.2+ has other changes that were introduced that breaks the BSP as well.

We are completely rewriting the BSP from the ground up in the BSP-dev branch which is compatible with v4.4 and with a few changes, will be compatible with v5.0. You'll see a push to that branch either this week or the beginning of next week that will hopefully get a little closer to v5.0 support. The updated BSP has completely different APIs from the original that's contained in the current projects. That means it using it does not work in the current examples. That BSP is meant to work with the latest https://github.com/aws-iot-edukit/esp-cryptoauthlib together.

[nikost000]

Thanks for the update :)
At the moment we are running hundreds of these devices with the latest non-aws-ported esp-cryptoauthlib from the official espressif repository which has some stability issues when used with m5stack aws, mainly dropping connections and lag (due to I assume collisions on the i2c bus which is shared among others with the touch screen controller and atecc608a) but its working.

I will be patiently waiting for the final BSP and port our firmware when time comes :)

[InvisibleGit]

Thank you both... I have exact same issue is @nikost000 and I've seen exactly the same behavior.

I've reverted to working BSP for now, which as @nikost000 also noted has it's own problems but works.

Thanks @rashedtalukder for the explanation of why the flaw was introduced. Looking forward to new BSP...

[rashedtalukder]

@nikost000 and @InvisibleGit,

If you are willing/able to share your company and use-case with me via e-mail, this helps me shape and prioritize roadmap items in the future: trashed at amazon period com

Using the Espressif provided esp-cryptoauthlib is not thread-safe and there have been a few others commits to the official cryptoauthlib that are beneficial for the version iterations of the ATECC608.

[rashedtalukder]

To help in the interim, we're providing a project template: https://github.com/aws-iot-edukit/Project_Template-Core2_for_AWS

You can read the updated API reference docs in https://edukit.workshop.aws/en/api-reference/v2/index.html

Since ESP-IDF v5 is not yet stable, we might have additional under-the-hood changes to the BSP. There shouldn't be any breaking changes, but we will probably add more to the WiFi library.