DISCLAIMER APPLICABLE TO THIS DOCUMENT CONTENTS:
This post contains a guide of how to use i.MXRT1050 demoboard with other NXP demoboards to demonstrate Secure access to industrial IOT, using NFC, embedded secure element and MCU (see picture below). A ready to use package including preparation of a secure element, and of a MIFARE DESFire EV2 card can be used as 3-step authentication example using symmetric AES keys; a session key will be generated inside SE050 which will be exported to i.MXRT1050 which will handle contactless communication thru CLRC663 plus frontend.
This document is structured as follows:
- Hardware Requirements:
- 1. Overview of i.MXRT1050 EVKB:
- 2. BLE-NFC-V2:
- 3 OM-SE050ARD: SE050 Arduino Compatible Development Kit
- Preparing hardware for "Secure Access to Industrial IOT demo" at i.MXRT1050 EVKB
- Running "Secure Access to Industrial IOT demo" at i.MXRT1050 EVKB:
- Available Resources:
Following hardware is required to run the project:
- i.MXRT1050 EVKB development board plus referred TFT LCD Display
- BLE-NFC-V2 arduino-friendly board.
- OM-SE050ARD, embedded secure element arduino-friendly R3 board.
1. Overview of i.MXRT1050 EVKB:
The i.MXRT1050 EVKB development board provides the ideal platform for evaluation of and development with the i.MX RT1050 crossover processor, featuring NXP’s advanced implementation of the Arm Cortex-M7 core. The i.MX RT1050 EVK is a 4-layer through-hole USB-powered PCB. The board includes a high performance onboard debug probe, audio subsystem and accelerometer, with several options for adding off-the-shelf add-on boards for networking, sensors, display and other interfaces.
This core operates at speeds up to 600 MHz to provide high CPU performance and best real-time response.
Support for Amazon FreeRTOS available within the MCUXpresso SDK.The i.MX RT1050 EVK board is now supported by Arm Mbed OS and Zephyr OS, both open source embedded operating systems for developing the Internet of Things.
i.MXRT1050 EVKB board supported devices
Processors and Microcontrollers
|i.MX RT Series|
|USB PD-PHY and CC-Logic|
The i.MXRT1050 EVKB is fully supported by the MCUXpresso suite of tools, which provides device drivers, middleware and examples to allow rapid development, plus configuration tools and an optional free IDE. MCUXpresso software is compatible with tools from popular tool vendors such as Arm and IAR, and the i.MXRT1050 EVKB may also be used with the popular debug probes available from SEGGER and P&E Micro.
As final touch to this demonstrator, one LCD display will be added in order to show "access control" check result when approaching a MIFARE DESFire EV2 card to the Reader antenna, without the use of a computer console.Connection between i.MXRT1050 EVKB board and LCD Display requires attachment of two flat cables, one for touch-screeen functionality and the other for controlling Display itself.
Click here to order Touchscreen LCD Display thru buy direct: P/N: RK043FN02H-CT 12NC:935358709598
It is easier to use the BLE-NFC-V2 board due to four Arduino compliant male connectors. Current version has only double row-male connectors which imposes that BLE-NFC-V2 board will be the last board stacked on top of other arduino boards. The following figure shows the pin mapping between the two boards.
(Arduino connector # - Pin #)
NFC BLE V2
(Arduino connector # - Pin #)
Connections between i.MXRT1050 EVKB Board and NFC BLE V2
3 OM-SE050ARD: SE050 Arduino Compatible Development Kit
The OM-SE050ARD is the flexible and easy-to-use development kit for the EdgeLock SE050 Plug & Trust product family. It can be used in various ways for example via the Arduino interface compatible to any board featuring an Arduino compatible header, including many i.MX, LPC and Kinetis boards, or via a direct I2C connection. This kit allows evaluation of the SE050 product family features and simplifies the development of secure IoT applications. More information can be found in the respective Application Note AN12395.
Preparing hardware for "Secure Access to Industrial IOT demo" at i.MXRT1050 EVKB
Reworking i.MXRT1050 EVKB:
It is necessary to short circuit 4 empty resistor pads: R278, R279, R280 and R281 – they connect SPI from i.MX1050 until Arduino SPI pads, which will be used by NFC BLE V2 board.
Reworking NFC-BLE V2 board:
It is necessary to cut at least one male pin to avoid conflict with OM-SE050ARD board (better would be to cut first 2 pins):
Configuring OM-SE050ARD board jumpers:
Final HW configuration of these three boards altogether:
Since NFC BLE V2 has only male connectors, OMSE050ARD board is first connected to i.MX1050 EVKB, then NFC BLE V2 is plugged on top of this latest pcb.
Running "Secure Access to Industrial IOT demo" at i.MXRT1050 EVKB:
- If this is the first time you’re using i.MXRT1050 EVKB board, follow this link i.MXRT1050 board overview . Make sure to install the SDK package for i.MXRT1050 EVKB which is required for the project below to run.
- Download the following zip package Access_RT_v_1_0_18092019.zip. This file is split in two parts and includes 3 functionalities in one MCUxpresso project:
Preparation of MFDFEV2 cardThe touch screen display will offer three functionalities. By default, the first screen will be "Authenticate" functionality. When you choose the arrow to the right, you'll find TAB with word START, that you'll touch when you need to prepare a MIFARE DESFire EV2 card with suitable application and AES keys used for demonstrator. Just place a virgin card on top of Reader antenna, and press "START" button and check with Terminal on MCUxpresso to check sequence of actions to personalize one DESFire EV2 card. You may also use Teraterm to monitor the execution of DESFire card personalization, by inspecting the COM number used by i.MXRT1050 board.
- Preparation of SE050 with proper keys
- When you choose the arrow to the left once, you'll find TAB with word Authenticate; if you do it again, then you'll the word "START", which you will touch when you need to prepare a virgin OM-SE050ARD demoboardcard with suitable application and AES keys used for demonstrator. Just press "START" button and check with Terminal on MCUxpresso to check sequence of actions to personalize one SE050 board. You may also use Teraterm to monitor the execution of SE050 key provisioning, by inspecting the COM number used by i.MXRT1050 board.
- After steps 2.a and 2.b have been done to obtain preparation of one Secure element as well as preparation of one MIFARE DESFire EV2 card, then select using < and > keys the Default Display menu, containing word "Authenticate" : just place DESFire EV2 card on top of NFC antenna and press "Authenticate". If the DESFire EV2 card is the one you have personalized, you'll see a Locker icon that will show "Open locker" , that is "Access granted action". If you place other cards, "Locker icon"will stay closed, that is "Access denied". Again, use MCUxpresso Terminal or use Teraterm to monitor the execution of DESFire EV2 authentication steps with SE050 by inspecting the COM number used by i.MXRT1050 board.
- Quick start guide to integration of SE050 with i.MXRT1050
- i.MXRT1050 EVKB
i.MX RT1050 Evaluation Kit | NXP
- SE050: www.nxp.com/SE050
- In the attachment area, you'll find:
- three *.axf files you may use to upload using MCUxpresso and direct firmware flashing functionality to i.MXRT1050 EVKB board.
- one bundle zip file split in 5 files: hands-on zip, hands-on from .z01 until hands-on.z04, due to maximum limit of 50Megabytes for file uploading to this page.
- download all 5 files, unzip them in one laptop directory, then you may re-zip them and import in MCUxpresso. They include draft of all three functionalities of secure access to industrial iot hands-on: DESFire EV2 card preparation, SE050 trust provisioning (with keys) and authentication of card with current installed SE050.