using wolfSSL library on MPC5748G board with out HSM firmware flashed

akhileshkg · ‎02-16-2021

on MPC5748G device I intend to use wolfSSL library for TLS communication with server. I understand that wolfSSL library is integrated with S32 SDK.

while cheing the secure socket demo code I find that for wolfSSL library Initialization MPC5748G must be flashed with HSM firmware!

HSM Firmware is not shared public and needs NDA signing.

My question: Can't I use wolfSSL without having HSM firmware flashed on device? I mean instead of HSM I am ok to use software crypto that wolfSSL should be providing!

This is something priority for us!! Would appreciate your prompt response and help here.

Thanks,

Akhilesh

akhileshkg · ‎02-23-2021

Thanks Lucas. we almost could do the wolfSSL initialization with the MACRO defines. we are trying to use other CA signed certificates with this. will open a new thread in case we face some challenge in certificate usage with that.

for now we can close this thread.

Thanks for your support!

View solution in original post

akhileshkg · ‎02-23-2021

Thanks Lucas. we almost could do the wolfSSL initialization with the MACRO defines. we are trying to use other CA signed certificates with this. will open a new thread in case we face some challenge in certificate usage with that.

for now we can close this thread.

Thanks for your support!

tejo2one · ‎05-03-2023

Hello Akhilesh,

I am currently using MPC5748G, I want to enable SSL without HSM, are you able to enable SSL with sw library ?

Thanks & best regards,

Tejo

lukaszadrapa · ‎02-16-2021

Hi Akhilesh,

if you take closer look at source files, you will see that HSM functions are used in aes.c and random.c files.

wolfSSL supports software AES implementation, so this can be easily changed using defines:

Generation of random numbers is then similar, custom method is also supported.

If you can accept this, no HSM features are needed.

Regards,

Lukas

jiteshkamboj · ‎02-16-2021

Is there any way that the Socket demo examples works without HSM FW and use wolfssl for this?

I have removed the symbol "NXP_SDK" and Added OPENSSL_EXTRA. Is it correct way to use wolfssl crypto instead of HSM?

lukaszadrapa · ‎02-17-2021

Not sure where you changed that exactly. Because the NXP_SDK is used also in other files and there are more dependencies, I would change only mentioned aes.c and random.c files.

Regards,

Lukas

jiteshkamboj · ‎02-18-2021

Thanks, Lucas, I have now created the project freshly and removed all previous changes.

I have added only 2 Preprocessor:

1. USE_TEST_GENSEED (It is for the Random number generation using wc_GenerateSeed) and

2. NO_ASN_TIME.

I have commented the statement: #define NXP_SDK_HSM

I got logs which I have added in attachments.

What I can understand from the logs that the Certificate is expired.

Can you support how can really get the desired output mention in the lwip_mpc5748g.dox file

lukaszadrapa · ‎02-22-2021

Hi,

I quickly discussed this with our SW team and since you do not need HSM accelerations, it should use WolfSSL (or any other SSL) implementations as it is from the www.wolfssl.com. Also from there it should get newer CA certificates. But this is out of our scope, unfortunately we can't help here.

Regards,

Lukas

using wolfSSL library on MPC5748G board with out HSM firmware flashed

using wolfSSL library on MPC5748G board with out HSM firmware flashed

S32 SDK for Power Architecture®