SE050: Get error of "Se05x_API_GetFreeMemory Failed" for SE050F2HQ1

Hi @Kan_Li ,

I try to apply the cmake option in yocto and got some error.

So I use the source code build first.

But why my cmake option is not applied?

joezhang@home:~/workspace/se050/simw-top_build/simw-top-eclipse_jrcpv1$ cmake -L
CMake Warning:
No source or binary directory provided. Both will be assumed to be the
same as the current working directory, but note that this warning will
become a fatal error in future CMake releases.


CMake Error: The source directory "/home/joezhang/workspace/se050/simw-top_build/simw-top-eclipse_jrcpv1" does not appear to contain CMakeLists.txt.
Specify --help for usage, or press the help button on the CMake GUI.
-- Cache values
CMAKE_BUILD_TYPE:STRING=Debug
CMAKE_ECLIPSE_EXECUTABLE:FILEPATH=CMAKE_ECLIPSE_EXECUTABLE-NOTFOUND
CMAKE_ECLIPSE_GENERATE_LINKED_RESOURCES:BOOL=TRUE
CMAKE_ECLIPSE_MAKE_ARGUMENTS:STRING=-j8
CMAKE_INSTALL_PREFIX:PATH=/usr/local
LIB_ANL:FILEPATH=/usr/lib/x86_64-linux-gnu/libanl.so
NXPInternal:BOOL=OFF
OPENSSL_ROOT_DIR:PATH=
PAHO_BUILD_DEB_PACKAGE:BOOL=FALSE
PAHO_BUILD_DOCUMENTATION:BOOL=FALSE
PAHO_BUILD_SAMPLES:BOOL=FALSE
PAHO_BUILD_SHARED:BOOL=FALSE
PAHO_BUILD_STATIC:BOOL=TRUE
PAHO_ENABLE_CPACK:BOOL=TRUE
PAHO_ENABLE_TESTING:BOOL=FALSE
PAHO_WITH_SSL:BOOL=TRUE
PTMW_A71CH_AUTH:STRING=None
PTMW_Applet:STRING=SE05X_C
PTMW_FIPS:STRING=None
PTMW_Host:STRING=iMXLinux
PTMW_HostCrypto:STRING=OPENSSL
PTMW_Log:STRING=Default
PTMW_RTOS:STRING=Default
PTMW_SBL:STRING=None
PTMW_SCP:STRING=None
PTMW_SE05X_Auth:STRING=None
PTMW_SE05X_Ver:STRING=03_XX
PTMW_SMCOM:STRING=T1oI2C
PTMW_mbedTLS_ALT:STRING=None
SSSFTR_SE05X_AES:BOOL=ON
SSSFTR_SE05X_AuthECKey:BOOL=ON
SSSFTR_SE05X_AuthSession:BOOL=ON
SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ:BOOL=ON
SSSFTR_SE05X_ECC:BOOL=ON
SSSFTR_SE05X_KEY_GET:BOOL=ON
SSSFTR_SE05X_KEY_SET:BOOL=ON
SSSFTR_SE05X_RSA:BOOL=ON
SSSFTR_SW_AES:BOOL=ON
SSSFTR_SW_ECC:BOOL=ON
SSSFTR_SW_KEY_GET:BOOL=ON
SSSFTR_SW_KEY_SET:BOOL=ON
SSSFTR_SW_RSA:BOOL=ON
SSSFTR_SW_TESTCOUNTERPART:BOOL=ON
WithAccessMgr_UnixSocket:BOOL=OFF
WithCodeCoverage:BOOL=OFF
WithExtCustomerTPMCode:BOOL=OFF
WithNXPNFCRdLib:BOOL=OFF
WithOPCUA_open62541:BOOL=OFF
WithSharedLIB:BOOL=OFF

joezhang@home:~/workspace/se050/simw-top_build/simw-top-eclipse_jrcpv1$ cmake --build ./
...
[100%] Built target nxp_iot_agent_common

My host PC(x86) can run this script, means that '-DPTMW_Host=iMXLinux' is not applied.

joezhang@home:~/workspace/se050/simw-top_build/simw-top-eclipse_jrcpv1$ ./bin/se05x_Minimal 
App :INFO :PlugAndTrust_v04.02.00_20220524
App :INFO :Running ./bin/se05x_Minimal
App :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments.
smCom :ERROR:opening failed...
Failed to open the i2c bus: Permission denied
smCom :INFO :Pass i2c device address in the format <i2c_port>:<i2c_addr(optional. Default 0x48)>.
smCom :INFO :Example ./example /dev/i2c-1:0x48 OR ./example /dev/i2c-1
smCom :ERROR:phPalEse_i2c_open_and_configure Failed retry 
smCom :ERROR:I2C init Failed: retval d 
smCom :ERROR:phPalEse_Init Failed
smCom :ERROR: Failed to create physical connection with ESE 
sss :ERROR:SM_I2CConnect Failed. Status 7012
App :ERROR:sss_session_open failed
App :ERROR:ex_sss_session_open Failed
App :ERROR:!ERROR! ret != 0.

Hi @yoooh8668 ,

To check the cmake option, the command should be "cmake -L ." That is the root cause of your issue. You can not run the demo directly on your PC with the default configuration as the default setting uses I2C port , you have to change it to VCOM and use a VCOM to I2C bridge between SE050 and your PC, it is something like FRDM-K64 board as mentioned in https://www.nxp.com/docs/en/application-note/AN12398.pdf . 

We provide an example to show how to update cmake options in a Linux system, please refer to section 6.1 in https://www.nxp.com.cn/docs/en/application-note/AN13027.pdf for more details.

Hope that makes sense,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Hi @Kan_Li ,

For SE050C2HQ1

The cmake option is below:

EXTRA_OECMAKE += "\
    -DCMAKE_BUILD_TYPE=Debug \
    -DPTMW_SE05X_Ver=03_XX \
    -DPTMW_Applet=SE05X_C \
    -DPTMW_Host=iMXLinux \
    -DPTMW_HostCrypto=OPENSSL \
    -DPTMW_SMCOM=T1oI2C \
    -DPTMW_FIPS=None \
    -DPTMW_SCP=None \
    -DSSSFTR_SE05X_RSA=1 \
    -DPTMW_SE05X_Auth=None \
    "

get error of :

 warning: 'EC_KEY_****' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]

need to set -DSS'SFTR_SE05X_RSA=0' which is not the same as table6.

But result is pass:

$ EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48 ./se05x_Minimal
App   :INFO :PlugAndTrust_v04.02.00_20220524
App   :INFO :Running ./se05x_Minimal
App   :INFO :Using PortName='/dev/i2c-1:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48)
sss   :INFO :atr (Len=35)
      00 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 08 
      01 00 00 00    00 64 00 00    0A 4A 43 4F    50 34 20 41 
      54 50 4F 
sss   :WARN :Communication channel is Plain.
sss   :WARN :!!!Not recommended for production use.!!!
App   :INFO :mem=32196
App   :INFO :se05x_Minimal Example Success !!!...
App   :INFO :ex_sss Finished

For SE050F2HQ1:

cmake option:

EXTRA_OECMAKE += "\
    -DCMAKE_BUILD_TYPE=Debug \
    -DPTMW_SE05X_Ver=03_XX \
    -DPTMW_Applet=SE05X_C \
    -DPTMW_Host=iMXLinux \
    -DPTMW_HostCrypto=OPENSSL \
    -DPTMW_SMCOM=T1oI2C \
    -DPTMW_FIPS=SE050 \
    -DPTMW_SCP=SCP03_SSS \
    -DSSSFTR_SE05X_RSA=0 \
    -DPTMW_SE05X_Auth=PlatfSCP03 \
    "

(p.s. '-DSSSFTR_SE05X_RSA=0' because of the compile warning above.)

The result is failed:

$ EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48 /run/media/sda1/se05x_Minimal
App   :INFO :PlugAndTrust_v04.02.00_20220524
App   :INFO :Running /run/media/sda1/se05x_Minimal
App   :INFO :Using PortName='/dev/i2c-1:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48)
App   :INFO :Using default PlatfSCP03 keys. You can use keys from file using ENV=EX_SSS_BOOT_SCP03_PATH
sss   :INFO :atr (Len=35)
      00 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 08 
      01 00 00 00    00 64 00 00    0A 4A 43 4F    50 34 20 41 
      54 50 4F 
scp   :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:144 Function:nxScp03_AuthenticateChannel
sss   :ERROR:Could not set SCP03 Secure Channel
App   :ERROR:sss_session_open failed
App   :ERROR:ex_sss_session_open Failed
App   :ERROR:!ERROR! ret != 0.

But the error listed below is gone:

sss   :WARN :Communication channel is Plain.
sss   :WARN :!!!Not recommended for production use.!!!
sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
App   :ERROR:Se05x_API_GetFreeMemory Failed

Hi @yoooh8668 ,

Are you using the MW with openssl 3.0? Actually 3.0 is supported since the latest version, which is 4.03.00, but seems its just 4.02.00 from your side,  please update your MW from the following link:

https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&appType=license 

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Hi @Kan_Li ,

SRC_URI = "file://SE05x-MW-v04.03.00.zip \
        file://0001-not-support-Wformat-security-without-Wformat.patch \
           "
EXTRA_OECMAKE += "\
    -DCMAKE_BUILD_TYPE=Debug \
    -DPTMW_SE05X_Ver=03_XX \
    -DPTMW_Applet=SE05X_C \
    -DPTMW_Host=iMXLinux \
    -DPTMW_HostCrypto=OPENSSL \
    -DPTMW_SMCOM=T1oI2C \
    -DPTMW_FIPS=None \
    -DPTMW_SCP=None \
    -DSSSFTR_SE05X_RSA=1 \
    -DPTMW_SE05X_Auth=None \
    "

Got compile error of :

warning: 'RSA_***' is deprecated: Since OpenSSL 3.0

Hi @yoooh8668 ,

This is due to you are using openssl 3.0 but cmake was not configured for that, please add the following flag in your build file:

-DPTMW_OpenSSL=3_0

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Hi @Kan_Li ,

The previous issue is solved.

But i encounter some new error on SE050F2HQ1:

root@hmi-imx8mp:~# EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48 /run/media/sda1/se05x_Minimal                                                                                                                                                                                                        
App   :INFO :PlugAndTrust_v04.03.00_20221122
App   :INFO :Running /run/media/sda1/se05x_Minimal
App   :INFO :Using PortName='/dev/i2c-1:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48)
App   :WARN :Using SCP03 keys from:'/home/root/se050E_scp_keys.txt' (ENV=EX_SSS_BOOT_SCP03_PATH)
sss   :INFO :atr (Len=35)
      00 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 08 
      01 00 00 00    00 64 00 00    0A 4A 43 4F    50 34 20 41 
      54 50 4F 
scp   :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:144 Function:nxScp03_AuthenticateChannel
sss   :ERROR:Could not set SCP03 Secure Channel
App   :ERROR:sss_session_open failed
App   :ERROR:ex_sss_session_open Failed
App   :ERROR:!ERROR! ret != 0.

 I do follow the "SCP key define" instruction in ch.7.2 of 'AN13027.pdf'.

Here is my cmake option:

SRC_URI = "file://SE05x-MW-v04.03.00.zip \
        file://0001-not-support-Wformat-security-without-Wformat.patch \
        file://se050E_scp_keys.txt \
           "
export EX_SSS_BOOT_SCP03_PATH
EX_SSS_BOOT_SCP03_PATH = "${WORKDIR}/se050E_scp_keys.txt"

EXTRA_OECMAKE += "\
    -DCMAKE_BUILD_TYPE=Debug \
    -DPTMW_SE05X_Ver=03_XX \
    -DPTMW_Applet=SE05X_C \
    -DPTMW_Host=iMXLinux \
    -DPTMW_HostCrypto=OPENSSL \
    -DPTMW_OpenSSL=3_0 \
    -DPTMW_SMCOM=T1oI2C \
    -DPTMW_FIPS=SE050 \
    -DPTMW_SCP=SCP03_SSS \
    -DSSSFTR_SE05X_RSA=1 \
    -DPTMW_SE05X_Auth=PlatfSCP03 \
    -DSSS_PFSCP_ENABLE_SE050F2_0001A92A=1 \
    "

p.s. the 'se050E_scp_keys.txt' is the same as in ch7.2.2.

Thanks~ it works.

I sum up the solution:

For SE050F2HQ1:

1. cmake option

EXTRA_OECMAKE += "\
    -DCMAKE_BUILD_TYPE=Debug \
    -DPTMW_SE05X_Ver=03_XX \
    -DPTMW_Applet=SE05X_C \
    -DPTMW_Host=iMXLinux \
    -DPTMW_HostCrypto=OPENSSL \
    -DPTMW_OpenSSL=3_0 \
    -DPTMW_SMCOM=T1oI2C \
    -DPTMW_FIPS=SE050 \
    -DPTMW_SCP=SCP03_SSS \
    -DSSSFTR_SE05X_RSA=1 \
    -DPTMW_SE05X_Auth=PlatfSCP03 \
    -DSSS_PFSCP_ENABLE_SE050F2_0001A92A=1 \
    "

Follow the "6 Product specific CMake build settings" in

"https://www.nxp.com.cn/docs/en/application-note/AN13027.pdf"

2. Add Platform SCP Key in test device

# cat /home/root/se050E_scp_keys.txt 
ENC b50e1f12b81fe53b6c3b5387912a1a5a
MAC 71936959d37f2b22c5a0c34919a2bc1f
DEK 869593239854dc0d869900500ca79c15
# export EX_SSS_BOOT_SCP03_PATH=/home/root/se050E_scp_keys.txt

Follow the "3.4 Common keys" in

"https://www.nxp.com/docs/en/application-note/AN12436.pdf"

3. run test

# EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48 /run/media/sda1/se05x_Minimal
App   :INFO :PlugAndTrust_v04.03.00_20221122
App   :INFO :Running /run/media/sda1/se05x_Minimal
App   :INFO :Using PortName='/dev/i2c-1:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48)
App   :WARN :Using SCP03 keys from:'/home/root/se050E_scp_keys.txt' (ENV=EX_SSS_BOOT_SCP03_PATH)
sss   :INFO :atr (Len=35)
      00 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 08 
      01 00 00 00    00 64 00 00    0A 4A 43 4F    50 34 20 41 
      54 50 4F 
App   :INFO :mem=30392
App   :INFO :se05x_Minimal Example Success !!!...
App   :INFO :ex_sss Finished

Hi @yoooh8668 ,

Good to know that! Thanks for the sharing!

Best Regards,

Kan