A practical showcase of security development with Zephyr RTOS, featuring examples, best practices, and integrations with PSA Crypto, MBEDTLS, and PKCS#11.
This repository provides a small demonstration of our cryptographic development practices at UL. It includes a subset of PKCS#11 function implementations, built on top of the Zephyr RTOS.
This repository serves as a reference and demonstration platform for implementing security features in embedded systems using Zephyr RTOS. It is designed to support a wide range of use cases—from cryptographic operations and secure storage to secure communication and testing frameworks.
The goal is to provide developers with examples for reusable components, illustrative examples, and guidance for building secure applications on Zephyr, regardless of the target hardware or specific security requirements.
- Integration with NRF SDK and Zephyr RTOS
- Partial implementation of PKCS#11 functions
- Modular and extensible codebase
- Example usage and test cases
We tested our code on the following boards:
Other boards may work but are not actively tested.
To compile the applications, you need the Zephyr SDK installed. For that, follow the instructions on the Zephyr SDK installation page
To be able to flash and work with the nRF7002 DK, you need to set up nrfutil first.
Consult the
nrfutil installation page from Nordic
for details how to install the nrfutil tool.
You may also need to set up udev rules.
This is a very short introduction to what needs to be done to get it running. For more details or to tackle problems, consult Zephyrs 'Getting started' guide.
Create a new workspace and change the working directory:
mkdir ul_zephyr_security_showcase_ws
cd ul_zephyr_security_showcase_wsCreate and activate a virtual environment:
python3 -m venv .venv
# This needs to be done in each new shell you open
. .venv/bin/activateNow install west, the Zephyr RTOS meta-tool.
pip install westInitialize the workspace. This will clone this repository and set up all necessary modules as well as Zephyr RTOS: This may take some time, based on your internet connection.
west init -m https://github.com/methodpark/zephyr-security-showcase.git
west updateNow, install all other Python requirements for Zephyr so all features work:
pip install -r zephyr/scripts/requirements.txtAfterward, you can work with the repository and workspace.
These list the most common use cases during development.
To cover all use cases, please consult the
west documentation.
All commands shall be executed in the workspace ul_zephyr_security_showcase_ws.
west build -b <board_name> <path_to_application>
# example to build the PKCS11 application for the board with TFM
west build -b nrf7002dk/nrf5340/cpuapp/ns ./zephyr-security-showcase/samples/ul/pkcs11After connecting and building for the board, execute:
west flash
Executing (a subset of) tests for all supported boards:
west twister -T <path_to_test_folder>
# example to execute all unit tests
west twister -T ./zephyr-security-showcase/tests