SE050: Get error of "Se05x_API_GetFreeMemory Failed" for SE050F2HQ1

yoooh8668 · ‎02-17-2023

Trust FW: EdgeLock SE05x Plug & Trust Middleware (04.03.00)

HW: SE050F2HQ1

Command:

$ se05x_Minimal

cmake options:

EXTRA_OECMAKE += "\
-DCMAKE_BUILD_TYPE=Debug \
-DPTMW_Host=iMXLinux \
-DPTMW_SE05X_Ver=03_XX \
-DPTMW_Applet=SE050_E \
-DPTMW_HostCrypto=OPENSSL \
-DPTMW_SMCOM=T1oI2C \
-DSE05X_Auth=None \
-DIOT=None \
"

Hi,

I get another version of se050 (SE050F2HQ1)
I run the test command and find some error:

App :INFO :PlugAndTrust_v04.03.00_20221122
App :INFO :Running ./se05x_Minimal
App :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments.
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08 
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41 
54 50 4F 
sss :INFO :Newer version of Applet Found
sss :INFO :Compiled for 0x30100. Got newer 0x30600
sss :WARN :Communication channel is Plain.
sss :WARN :!!!Not recommended for production use.!!!
sss :WARN :nxEnsure:'ret == SM_OK' failed. At Line:7014 Function:sss_se05x_TXn
App :ERROR:Se05x_API_GetFreeMemory Failed
App :INFO :mem=0
App :ERROR:se05x_Minimal Example Failed !!!...
App :INFO :ex_sss Finished
App :ERROR:ex_sss_entry Failed
App :ERROR:!ERROR! ret != 0.

The origin one (SE050C2HQ1) gets no error:

App :INFO :PlugAndTrust_v04.02.00_20220524
App :INFO :Running ./se05x_Minimal
App :INFO :Using PortName='/dev/i2c-1:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48)
sss :INFO :atr (Len=35)
00 A0 00 00 03 96 04 03 E8 00 FE 02 0B 03 E8 08 
01 00 00 00 00 64 00 00 0A 4A 43 4F 50 34 20 41 
54 50 4F 
sss :WARN :Communication channel is Plain.
sss :WARN :!!!Not recommended for production use.!!!
App :INFO :mem=32196
App :INFO :se05x_Minimal Example Success !!!...
App :INFO :ex_sss Finished

Please help me solve this issue.

Kan_Li · ‎02-28-2023

Hi @yoooh8668 ,

Have you changed the default platform SCP keys? If the OEF ID for your SE050F2HQ1 is right A92A, which can be verified with the help of se05x_GetInfo demo, you may check the key value in

/home/root/se050E_scp_keys.txt

with the following:

Please kindly refer to https://www.nxp.com/docs/en/application-note/AN12436.pdf for more details.

The "SCP key define" instruction in ch.7.2 of 'AN13027.pdf' is for SE050E2 indeed.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

在原帖中查看解决方案

Kan_Li · ‎02-19-2023

Hi @yoooh8668 ,

Since you are using SE050F2 now, the cmake option of PTMW_Applet has to be adopted properly, please kindly refer to the following for details.

Please kindly refer to https://www.nxp.com.cn/docs/en/application-note/AN13027.pdf for more details.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

yoooh8668 · ‎02-20-2023

Hi @Kan_Li ,

I try to apply the cmake option in yocto and got some error.

So I use the source code build first.

But why my cmake option is not applied?

joezhang@home:~/workspace/se050/simw-top_build/simw-top-eclipse_jrcpv1$ cmake -L
CMake Warning:
No source or binary directory provided. Both will be assumed to be the
same as the current working directory, but note that this warning will
become a fatal error in future CMake releases.


CMake Error: The source directory "/home/joezhang/workspace/se050/simw-top_build/simw-top-eclipse_jrcpv1" does not appear to contain CMakeLists.txt.
Specify --help for usage, or press the help button on the CMake GUI.
-- Cache values
CMAKE_BUILD_TYPE:STRING=Debug
CMAKE_ECLIPSE_EXECUTABLE:FILEPATH=CMAKE_ECLIPSE_EXECUTABLE-NOTFOUND
CMAKE_ECLIPSE_GENERATE_LINKED_RESOURCES:BOOL=TRUE
CMAKE_ECLIPSE_MAKE_ARGUMENTS:STRING=-j8
CMAKE_INSTALL_PREFIX:PATH=/usr/local
LIB_ANL:FILEPATH=/usr/lib/x86_64-linux-gnu/libanl.so
NXPInternal:BOOL=OFF
OPENSSL_ROOT_DIR:PATH=
PAHO_BUILD_DEB_PACKAGE:BOOL=FALSE
PAHO_BUILD_DOCUMENTATION:BOOL=FALSE
PAHO_BUILD_SAMPLES:BOOL=FALSE
PAHO_BUILD_SHARED:BOOL=FALSE
PAHO_BUILD_STATIC:BOOL=TRUE
PAHO_ENABLE_CPACK:BOOL=TRUE
PAHO_ENABLE_TESTING:BOOL=FALSE
PAHO_WITH_SSL:BOOL=TRUE
PTMW_A71CH_AUTH:STRING=None
PTMW_Applet:STRING=SE05X_C
PTMW_FIPS:STRING=None
PTMW_Host:STRING=iMXLinux
PTMW_HostCrypto:STRING=OPENSSL
PTMW_Log:STRING=Default
PTMW_RTOS:STRING=Default
PTMW_SBL:STRING=None
PTMW_SCP:STRING=None
PTMW_SE05X_Auth:STRING=None
PTMW_SE05X_Ver:STRING=03_XX
PTMW_SMCOM:STRING=T1oI2C
PTMW_mbedTLS_ALT:STRING=None
SSSFTR_SE05X_AES:BOOL=ON
SSSFTR_SE05X_AuthECKey:BOOL=ON
SSSFTR_SE05X_AuthSession:BOOL=ON
SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ:BOOL=ON
SSSFTR_SE05X_ECC:BOOL=ON
SSSFTR_SE05X_KEY_GET:BOOL=ON
SSSFTR_SE05X_KEY_SET:BOOL=ON
SSSFTR_SE05X_RSA:BOOL=ON
SSSFTR_SW_AES:BOOL=ON
SSSFTR_SW_ECC:BOOL=ON
SSSFTR_SW_KEY_GET:BOOL=ON
SSSFTR_SW_KEY_SET:BOOL=ON
SSSFTR_SW_RSA:BOOL=ON
SSSFTR_SW_TESTCOUNTERPART:BOOL=ON
WithAccessMgr_UnixSocket:BOOL=OFF
WithCodeCoverage:BOOL=OFF
WithExtCustomerTPMCode:BOOL=OFF
WithNXPNFCRdLib:BOOL=OFF
WithOPCUA_open62541:BOOL=OFF
WithSharedLIB:BOOL=OFF

joezhang@home:~/workspace/se050/simw-top_build/simw-top-eclipse_jrcpv1$ cmake --build ./
...
[100%] Built target nxp_iot_agent_common

My host PC(x86) can run this script, means that '-DPTMW_Host=iMXLinux' is not applied.

joezhang@home:~/workspace/se050/simw-top_build/simw-top-eclipse_jrcpv1$ ./bin/se05x_Minimal 
App :INFO :PlugAndTrust_v04.02.00_20220524
App :INFO :Running ./bin/se05x_Minimal
App :INFO :If you want to over-ride the selection, use ENV=EX_SSS_BOOT_SSS_PORT or pass in command line arguments.
smCom :ERROR:opening failed...
Failed to open the i2c bus: Permission denied
smCom :INFO :Pass i2c device address in the format <i2c_port>:<i2c_addr(optional. Default 0x48)>.
smCom :INFO :Example ./example /dev/i2c-1:0x48 OR ./example /dev/i2c-1
smCom :ERROR:phPalEse_i2c_open_and_configure Failed retry 
smCom :ERROR:I2C init Failed: retval d 
smCom :ERROR:phPalEse_Init Failed
smCom :ERROR: Failed to create physical connection with ESE 
sss :ERROR:SM_I2CConnect Failed. Status 7012
App :ERROR:sss_session_open failed
App :ERROR:ex_sss_session_open Failed
App :ERROR:!ERROR! ret != 0.

Kan_Li · ‎02-21-2023

Hi @yoooh8668 ,

To check the cmake option, the command should be "cmake -L ." That is the root cause of your issue. You can not run the demo directly on your PC with the default configuration as the default setting uses I2C port , you have to change it to VCOM and use a VCOM to I2C bridge between SE050 and your PC, it is something like FRDM-K64 board as mentioned in https://www.nxp.com/docs/en/application-note/AN12398.pdf .

We provide an example to show how to update cmake options in a Linux system, please refer to section 6.1 in https://www.nxp.com.cn/docs/en/application-note/AN13027.pdf for more details.

Hope that makes sense,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

yoooh8668 · ‎02-22-2023

Hi @Kan_Li ,

For SE050C2HQ1

The cmake option is below:

EXTRA_OECMAKE += "\
    -DCMAKE_BUILD_TYPE=Debug \
    -DPTMW_SE05X_Ver=03_XX \
    -DPTMW_Applet=SE05X_C \
    -DPTMW_Host=iMXLinux \
    -DPTMW_HostCrypto=OPENSSL \
    -DPTMW_SMCOM=T1oI2C \
    -DPTMW_FIPS=None \
    -DPTMW_SCP=None \
    -DSSSFTR_SE05X_RSA=1 \
    -DPTMW_SE05X_Auth=None \
    "

get error of :

 warning: 'EC_KEY_****' is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]

need to set -DSS'SFTR_SE05X_RSA=0' which is not the same as table6.

But result is pass:

$ EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48 ./se05x_Minimal
App   :INFO :PlugAndTrust_v04.02.00_20220524
App   :INFO :Running ./se05x_Minimal
App   :INFO :Using PortName='/dev/i2c-1:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48)
sss   :INFO :atr (Len=35)
      00 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 08 
      01 00 00 00    00 64 00 00    0A 4A 43 4F    50 34 20 41 
      54 50 4F 
sss   :WARN :Communication channel is Plain.
sss   :WARN :!!!Not recommended for production use.!!!
App   :INFO :mem=32196
App   :INFO :se05x_Minimal Example Success !!!...
App   :INFO :ex_sss Finished

For SE050F2HQ1:

cmake option:

EXTRA_OECMAKE += "\
    -DCMAKE_BUILD_TYPE=Debug \
    -DPTMW_SE05X_Ver=03_XX \
    -DPTMW_Applet=SE05X_C \
    -DPTMW_Host=iMXLinux \
    -DPTMW_HostCrypto=OPENSSL \
    -DPTMW_SMCOM=T1oI2C \
    -DPTMW_FIPS=SE050 \
    -DPTMW_SCP=SCP03_SSS \
    -DSSSFTR_SE05X_RSA=0 \
    -DPTMW_SE05X_Auth=PlatfSCP03 \
    "

(p.s. '-DSSSFTR_SE05X_RSA=0' because of the compile warning above.)

The result is failed:

$ EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48 /run/media/sda1/se05x_Minimal
App   :INFO :PlugAndTrust_v04.02.00_20220524
App   :INFO :Running /run/media/sda1/se05x_Minimal
App   :INFO :Using PortName='/dev/i2c-1:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48)
App   :INFO :Using default PlatfSCP03 keys. You can use keys from file using ENV=EX_SSS_BOOT_SCP03_PATH
sss   :INFO :atr (Len=35)
      00 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 08 
      01 00 00 00    00 64 00 00    0A 4A 43 4F    50 34 20 41 
      54 50 4F 
scp   :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:144 Function:nxScp03_AuthenticateChannel
sss   :ERROR:Could not set SCP03 Secure Channel
App   :ERROR:sss_session_open failed
App   :ERROR:ex_sss_session_open Failed
App   :ERROR:!ERROR! ret != 0.

But the error listed below is gone:

sss   :WARN :Communication channel is Plain.
sss   :WARN :!!!Not recommended for production use.!!!
sss   :WARN :nxEnsure:'ret == SM_OK' failed. At Line:6971 Function:sss_se05x_TXn
App   :ERROR:Se05x_API_GetFreeMemory Failed

Kan_Li · ‎02-22-2023

Hi @yoooh8668 ,

Are you using the MW with openssl 3.0? Actually 3.0 is supported since the latest version, which is 4.03.00, but seems its just 4.02.00 from your side, please update your MW from the following link:

https://www.nxp.com/webapp/Download?colCode=SE05x-PLUG-TRUST-MW&appType=license

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

yoooh8668 · ‎02-22-2023

Hi @Kan_Li ,

SRC_URI = "file://SE05x-MW-v04.03.00.zip \
        file://0001-not-support-Wformat-security-without-Wformat.patch \
           "
EXTRA_OECMAKE += "\
    -DCMAKE_BUILD_TYPE=Debug \
    -DPTMW_SE05X_Ver=03_XX \
    -DPTMW_Applet=SE05X_C \
    -DPTMW_Host=iMXLinux \
    -DPTMW_HostCrypto=OPENSSL \
    -DPTMW_SMCOM=T1oI2C \
    -DPTMW_FIPS=None \
    -DPTMW_SCP=None \
    -DSSSFTR_SE05X_RSA=1 \
    -DPTMW_SE05X_Auth=None \
    "

Got compile error of :

warning: 'RSA_***' is deprecated: Since OpenSSL 3.0

Kan_Li · ‎02-23-2023

Hi @yoooh8668 ,

This is due to you are using openssl 3.0 but cmake was not configured for that, please add the following flag in your build file:

-DPTMW_OpenSSL=3_0

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

yoooh8668 · ‎02-28-2023

Hi @Kan_Li ,

The previous issue is solved.

But i encounter some new error on SE050F2HQ1:

root@hmi-imx8mp:~# EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48 /run/media/sda1/se05x_Minimal                                                                                                                                                                                                        
App   :INFO :PlugAndTrust_v04.03.00_20221122
App   :INFO :Running /run/media/sda1/se05x_Minimal
App   :INFO :Using PortName='/dev/i2c-1:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48)
App   :WARN :Using SCP03 keys from:'/home/root/se050E_scp_keys.txt' (ENV=EX_SSS_BOOT_SCP03_PATH)
sss   :INFO :atr (Len=35)
      00 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 08 
      01 00 00 00    00 64 00 00    0A 4A 43 4F    50 34 20 41 
      54 50 4F 
scp   :WARN :nxEnsure:'status == kStatus_SSS_Success' failed. At Line:144 Function:nxScp03_AuthenticateChannel
sss   :ERROR:Could not set SCP03 Secure Channel
App   :ERROR:sss_session_open failed
App   :ERROR:ex_sss_session_open Failed
App   :ERROR:!ERROR! ret != 0.

I do follow the "SCP key define" instruction in ch.7.2 of 'AN13027.pdf'.

Here is my cmake option:

SRC_URI = "file://SE05x-MW-v04.03.00.zip \
        file://0001-not-support-Wformat-security-without-Wformat.patch \
        file://se050E_scp_keys.txt \
           "
export EX_SSS_BOOT_SCP03_PATH
EX_SSS_BOOT_SCP03_PATH = "${WORKDIR}/se050E_scp_keys.txt"

EXTRA_OECMAKE += "\
    -DCMAKE_BUILD_TYPE=Debug \
    -DPTMW_SE05X_Ver=03_XX \
    -DPTMW_Applet=SE05X_C \
    -DPTMW_Host=iMXLinux \
    -DPTMW_HostCrypto=OPENSSL \
    -DPTMW_OpenSSL=3_0 \
    -DPTMW_SMCOM=T1oI2C \
    -DPTMW_FIPS=SE050 \
    -DPTMW_SCP=SCP03_SSS \
    -DSSSFTR_SE05X_RSA=1 \
    -DPTMW_SE05X_Auth=PlatfSCP03 \
    -DSSS_PFSCP_ENABLE_SE050F2_0001A92A=1 \
    "

p.s. the 'se050E_scp_keys.txt' is the same as in ch7.2.2.

Kan_Li · ‎02-28-2023

Hi @yoooh8668 ,

Have you changed the default platform SCP keys? If the OEF ID for your SE050F2HQ1 is right A92A, which can be verified with the help of se05x_GetInfo demo, you may check the key value in

/home/root/se050E_scp_keys.txt

with the following:

Please kindly refer to https://www.nxp.com/docs/en/application-note/AN12436.pdf for more details.

The "SCP key define" instruction in ch.7.2 of 'AN13027.pdf' is for SE050E2 indeed.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

yoooh8668 · ‎03-03-2023

Thanks~ it works.

I sum up the solution:

For SE050F2HQ1:

1. cmake option

EXTRA_OECMAKE += "\
    -DCMAKE_BUILD_TYPE=Debug \
    -DPTMW_SE05X_Ver=03_XX \
    -DPTMW_Applet=SE05X_C \
    -DPTMW_Host=iMXLinux \
    -DPTMW_HostCrypto=OPENSSL \
    -DPTMW_OpenSSL=3_0 \
    -DPTMW_SMCOM=T1oI2C \
    -DPTMW_FIPS=SE050 \
    -DPTMW_SCP=SCP03_SSS \
    -DSSSFTR_SE05X_RSA=1 \
    -DPTMW_SE05X_Auth=PlatfSCP03 \
    -DSSS_PFSCP_ENABLE_SE050F2_0001A92A=1 \
    "

Follow the "6 Product specific CMake build settings" in

"https://www.nxp.com.cn/docs/en/application-note/AN13027.pdf"

2. Add Platform SCP Key in test device

# cat /home/root/se050E_scp_keys.txt 
ENC b50e1f12b81fe53b6c3b5387912a1a5a
MAC 71936959d37f2b22c5a0c34919a2bc1f
DEK 869593239854dc0d869900500ca79c15
# export EX_SSS_BOOT_SCP03_PATH=/home/root/se050E_scp_keys.txt

Follow the "3.4 Common keys" in

"https://www.nxp.com/docs/en/application-note/AN12436.pdf"

3. run test

# EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48 /run/media/sda1/se05x_Minimal
App   :INFO :PlugAndTrust_v04.03.00_20221122
App   :INFO :Running /run/media/sda1/se05x_Minimal
App   :INFO :Using PortName='/dev/i2c-1:0x48' (ENV: EX_SSS_BOOT_SSS_PORT=/dev/i2c-1:0x48)
App   :WARN :Using SCP03 keys from:'/home/root/se050E_scp_keys.txt' (ENV=EX_SSS_BOOT_SCP03_PATH)
sss   :INFO :atr (Len=35)
      00 A0 00 00    03 96 04 03    E8 00 FE 02    0B 03 E8 08 
      01 00 00 00    00 64 00 00    0A 4A 43 4F    50 34 20 41 
      54 50 4F 
App   :INFO :mem=30392
App   :INFO :se05x_Minimal Example Success !!!...
App   :INFO :ex_sss Finished

Kan_Li · ‎03-05-2023

Hi @yoooh8668 ,

Good to know that! Thanks for the sharing!

Best Regards,

Kan