cancel
Showing results for 
Search instead for 
Did you mean: 

MQTT over MbedTLS for AWS

SZhuk.1
Associate II

Hi!

My goal is connection of STM32 mcu to Amazone web service.

I was wonderful bu Cube and generate a first application (freertos with lwip) for nucleo-f767zi board. There are function like mqtt_client_connect and mqtt_publish in code that was generated and I can connect to local broker (mosquito).

But what about TLS? Is there some kind of instruction on how to enable it for my project?

At now, I'm just enable this checkbox in Cube but I see that there is no any integration with MQTT demo.

Also, some options from IDE don't affected to source generated, like debug log for mbedtls or LWIP_ALTCP_TLS_MBEDTLS flag.

From many comments on web I found, that I need something like altcp_tls_create_config_client_2wayauth function with thread protection, but what's the right way for this project generation?

Sergey

6 REPLIES 6

Hello @SZhuk.1​ ,

Let me first welcome you to STM32 community and thank you for having reported :smiling_face_with_smiling_eyes:

If I correctly understood your request, you're asking for an STM32CubeMX example/ demo to be used as a start point for your project based on TLS Communication with MQTT using mbedTLS on top of lwip.

Please correct me if I've missed something.

Unfortunately, MQTT cannot be configured through STM32CubeMX interface. However, preconfigured projects based on mbedTLS are available through STM32CubeMX > Example selector. They may be handy to correctly configure and work with MbedTLS:

0693W00000CzhuRQAR.pngAlso, exploring the STM32CubeF7 Firmware , in <Firmware_location>\Middlewares\Third_Party\LwIP\doc directory you'll find mqtt_client.txt file detailing steps to use MQTT client for lwIP. It may be helpful in your case.

Otherwise, you may start from the X-CUBE cloud package which is set of libraries and application examples for STM32L4 Series, STM32F4 Series and STM32F7 Series microcontrollers acting as end devices connected to cloud service providers. Then you port it to the board you're using, you'll find linked all the documents needed.

Furthermore, X-CUBE-AZRTOS-H7 is delivered with Nx_MQTT_Client application running on STM32H735G-DK board. This application provides an example of Azure RTOS NetX/NetXDuo stack usage . It shows how to exchange data between client and server using MQTT protocol in an encrypted mode supporting TLS v1.2.

It accessible through Example Selector of STM32CubeMX:

0693W00000CziIiQAJ.pngIt may be a good orientation for you to develop your project.

Hope that my reply helps you.

Khouloud.

SZhuk.1
Associate II

Ok, let me ask my question in more technical way

» Unfortunately, MQTT cannot be configured through STM32CubeMX interface.

I found the following structure in the LwIP sources:

* Client information and connection parameters */

struct mqtt_connect_client_info_t {

#if LWIP_ALTCP && LWIP_ALTCP_TLS

/** TLS configuration for secure connections */

struct altcp_tls_config *tls_config;

#endif

};

As I can understand – these two flags provide support for TLS from out of the box. And both flags are available in Cube.

But generated project will be built with the following errors:

compiling altcp_tls_mbedtls.c...

compiling mqtt.c...

compiling altcp_tls_mbedtls_mem.c...

compiling altcp_tls_mbedtls.c...

linking...

TlsCheck4\TlsCheck4.axf: Error: L6200E: Symbol __asm___19_altcp_tls_mbedtls_c____REV16 multiply defined (by altcp_tls_mbedtls_1.o and altcp_tls_mbedtls.o).

...

Not enough information to list image symbols.

Not enough information to list load addresses in the image map.

Finished: 2 information, 0 warning and 6 error messages.

"TlsCheck4\TlsCheck4.axf" - 6 Error(s), 1 Warning(s).

Could you reproduce my report? It seems like bug in Cube!

Also I've prepared an archive with this error demo so you may just rebuild it or regenerate form Cube's file

https://github.com/grauntir/TlsCheck/releases/tag/CubeErr

SHans.4
Associate

I am also desperately in need of an FreeRTOS / MQTT / TLS example for AWS. Unfortunately the Nx_MQTT_Client example is for NetX, not FreeRTOS.

Are they any FreeRTOS/mbedtls examples that anyone is aware of? 

I'm currently using the STM32H750B-DK which uses a zero copy Ethernet driver which is also making life difficult.

I have been able to get MQTT working w/o TLS, but now that I've added embedtls FreeRTOS needs a larger heap.

I've tried expanding the heap to use the remaining space in SRAM3, but it's still too small. If I move the FreeRTOS heap into SRAM2 the Ethernet drivers sends garbage packets.

The reference manual says:

"AHB SRAM2 is mapped at address 0x3002 0000 and accessible by all system

masters except BDMA through D2 domain AHB matrix. AHB SRAM2 can be used

as DMA buffers to store peripheral input/output data in D2 domain, or as readwrite

segment for application running on Cortex®-M4 CPU." 

but it also says:

"AHB SRAM3 is mapped at address 0x3004 0000 and accessible by all system

masters except BDMA through D2 domain AHB matrix. AHB SRAM3 can be used

as buffers to store peripheral input/output data for Ethernet and USB,"

So finally my questions:

1. Does the Ethernet DMA hardware support SRAM2?

2. Does the stm32h7xx_hal_eth.c support SRAM2?

Thanks in advance for any help anyone can offer, I really need it!

Skip

cleonb322
Associate III

I'm having the same issue implementing tls with mqtt on my stm32f767. I'm limited to 16k in the SRAM2 section. Did you find a proper solution for this issue?