tropicsquare · andreondra · Nov 21, 2025 · Nov 20, 2025 · Nov 20, 2025 · Nov 20, 2025
diff --git a/NUCLEO_F439ZI/CMakeLists.txt b/NUCLEO_F439ZI/CMakeLists.txt
@@ -105,6 +105,11 @@ endif()
 set(LT_USE_TREZOR_CRYPTO 0 CACHE INTERNAL "")
 set(LT_USE_MBEDTLS_V4 0 CACHE INTERNAL "")
 
+# Additional implementation files required by some CFPs.
+# E.g., MbedTLS needs user-provided implementation of mbedtls_ms_time() and other
+# platform-dependent functions.
+set(CFP_PORT_SRCS "")
+
 # Handle LT_CAL
 if(LT_CAL STREQUAL "trezor_crypto")
     message(STATUS "Crypto provider set to trezor_crypto")
@@ -129,11 +134,32 @@ elseif(LT_CAL STREQUAL "mbedtls_v4")
     # It's used in main.c to switch crypto contexts without manual changes
     set(LT_USE_MBEDTLS_V4 1)
 
+    # We configure MbedTLS using config file with following configuration:
+    # - config.py preset "crypto_baremetal"
+    # - following options enabled:
+    #   MBEDTLS_PLATFORM_MS_TIME_ALT
+    #   MBEDTLS_HAVE_TIME
+    #   MBEDTLS_PSA_DRIVER_GET_ENTROPY
+    # - following options disabled:
+    #   MBEDTLS_PSA_BUILTIN_GET_ENTROPY
+    #   MBEDTLS_TEST_HOOKS
+    #   MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+    set(MBEDTLS_CONFIG_FILE "${CMAKE_CURRENT_SOURCE_DIR}/Src/mbedtls_v4/mbedtls_config.h")
+    set(TF_PSA_CRYPTO_CONFIG_FILE "${CMAKE_CURRENT_SOURCE_DIR}/Src/mbedtls_v4/crypto_config.h")
+    add_compile_definitions(MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_SOURCE_DIR}/Src/mbedtls_v4/mbedtls_config.h")
+    add_compile_definitions(TF_PSA_CRYPTO_CONFIG_FILE="${CMAKE_CURRENT_SOURCE_DIR}/Src/mbedtls_v4/crypto_config.h")
     set(ENABLE_TESTING OFF CACHE BOOL "Disable mbedtls_v4 test building.")
     set(ENABLE_PROGRAMS OFF CACHE BOOL "Disable mbedtls_v4 examples building.")
     add_subdirectory("${PATH_VENDOR}mbedtls_v4/" "mbedtls_v4")
 
     target_link_libraries(tropic PUBLIC mbedtls)
+
+    # MbedTLS needs platform-specific implementations of some functions,
+    # as it does not provide them for STM32.
+    # Here we provide time function implementation for STM32 using standard STM32 HAL.
+    set(CFP_PORT_SRCS
+        ${CMAKE_CURRENT_SOURCE_DIR}/Src/mbedtls_v4/mbedtls_platform.c
+    )
 else()
     get_property(lt_cal_choices CACHE LT_CAL PROPERTY STRINGS)
     message(FATAL_ERROR "Incorrect CAL set to LT_CAL!\nSupported CALs: ${lt_cal_choices}")
@@ -175,6 +201,9 @@ set(SOURCES
 
     # Libtropic HAL sources
     ${LT_HAL_SRCS}
+
+    # CFP port sources
+    ${CFP_PORT_SRCS}
 )
 
 # Include path for directories containing header files

diff --git a/NUCLEO_F439ZI/Inc/main.h b/NUCLEO_F439ZI/Inc/main.h
@@ -24,6 +24,7 @@
 #include <stdio.h>
 
 #include "stm32f4xx_hal.h"
+#include "stm32f4xx_hal_rng.h"
 #include "stm32f4xx_nucleo_144.h"
 
 /* Exported types ------------------------------------------------------------*/
@@ -106,4 +107,7 @@
 /* Exported macro ------------------------------------------------------------*/
 /* Exported functions ------------------------------------------------------- */
 
+/* Exported variables ------------------------------------------------------- */
+extern RNG_HandleTypeDef RNGHandle;
+
 #endif /* __MAIN_H */
diff --git a/NUCLEO_F439ZI/Src/main.c b/NUCLEO_F439ZI/Src/main.c
@@ -20,6 +20,7 @@
 /* Includes ------------------------------------------------------------------*/
 #include "main.h"
 
+#include <inttypes.h>
 #include <string.h>
 
 #include "libtropic_examples.h"
@@ -66,6 +67,9 @@ static void Error_Handler(void);
 /* UART handle declaration */
 static UART_HandleTypeDef UartHandle;
 
+/* RNG handle declaration */
+RNG_HandleTypeDef RNGHandle;
+
 /**
  * @brief   Configures the UART peripheral
  *          Put the USART peripheral in the Asynchronous mode (UART Mode)
@@ -140,6 +144,14 @@ int main(void)
         Error_Handler();
     }
 
+    // IMPORTANT: Initialize RNG peripheral.
+    // Do not forget to do this in your application, as the
+    // Libtropic HAL uses RNG for entropy source!
+    RNGHandle.Instance = RNG;
+    if (HAL_RNG_Init(&RNGHandle) != HAL_OK) {
+        Error_Handler();
+    }
+
     // libtropic related code BEGIN
     // libtropic related code BEGIN
     // libtropic related code BEGIN
@@ -157,7 +169,7 @@ int main(void)
 #if LT_USE_MBEDTLS_V4
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
-        LT_LOG_ERROR("PSA Crypto initialization failed, status=%d (psa_status_t)", status);
+        LT_LOG_ERROR("PSA Crypto initialization failed, status=%" PRId32 " (psa_status_t)", status);
         Error_Handler();
     }
 #endif
@@ -193,7 +205,9 @@ int main(void)
     device.spi_cs_gpio_bank = LT_SPI_CS_BANK;
     device.spi_cs_gpio_pin = LT_SPI_CS_PIN;
 
-    device.rng_handle.Instance = RNG;
+    // IMPORTANT: Do not forget to initialize RNG peripheral
+    // at the beginning of your application using HAL_RNG_Init()!
+    device.rng_handle = &RNGHandle;
 
 #ifdef LT_USE_INT_PIN
     device.int_gpio_bank = LT_INT_BANK;
@@ -253,6 +267,12 @@ int main(void)
     // libtropic related code END
     // libtropic related code END
 
+    // Not strictly necessary, but we deinitialize RNG here to
+    // demonstrate proper usage.
+    if (HAL_RNG_DeInit(&RNGHandle) != HAL_OK) {
+        Error_Handler();
+    }
+
     while (1) {
         BSP_LED_On(LED2);
         HAL_Delay(100);