Hello all,
I was told to post my problem here. I have three questions. But first a little context, I am using a custom board based upon the IMX6ULEVK. This board has an SE050A1 chip on it which I want to use with OpenSSL. Also I have an IMX6ULEVK with the OM-SE050ARD.
1. First off, on my custom board the SE050 is connected to I2C-0:0x48. Everywhere it's listed that i2c-1 is the standard interface that is used. Now I am able to run the examples like ex_ecc like: ex_ecc "/dev/i2c-0:0x48" . However i am not sure how to use i2c-0 when using the provider like this:
openssl rand --provider /usr/lib/libsssProvider.so -hex 32. Is there possibly a cmake option I missed? Or is there anything else i can provide in my bitbake recipe to achieve this? (BB file provided: "se050x.bb.txt")
2. When running ex_ecc (i believe) platformSCP03 is correctly used. But when running openssl I get errors on the sss_session_open. (see logs: )
3. the only commands available on my IMX6UL are:
ex_ecc ex_ecdh ex_eddsa ex_hkdf ex_symmetric
se052_deep_pwr_down se05x_ConcurrentEcc se05x_GetInfo se05x_Minimal se05x_scp03_boot
se052_reset_example se05x_ConcurrentSymm se05x_InvokeGarbageCollection se05x_MultipleDigestCryptoObj
I want to update my keys in the future, I am just not sure what i should use for this, I have seen multiple mentions of the Access Manager and the SSSCLI tools. These are not available to me. I am wondering if I should use these to update the keys? If so, How can I make these tools available on my board.
Thanks for the reply in advance
With kind regards
Hi,
First off, thanks for the reply, setting the boot_sss_port did work! However the SCP03 still does not, i have provided my debug output (file= ex_ecc_openssl_logs_2.0.txt). So the examples do run with the same keys. However, the openssl provider doesn't.
regarding the ssscli tool i'm currently trying to add this to my yocto image. I will keep you updated.
with kind regards
Hi @eal-fox ,
Please kindly have my comments as below:
1. Please use EX_SSS_BOOT_SSS_PORT to specify the i2c port used by the provider. For example, use the following command at first before issuing any openssl commands.
export EX_SSS_BOOT_SSS_PORT="/dev/i2c-0:0x48"
2. Similar as above, use EX_SSS_BOOT_SCP03_PATH to specify the key file path in case you are using provider. for example, export EX_SSS_BOOT_SCP03_PATH="/home/ubuntu/simw-top/sss/plugin/openssl_provider/scripts/se050F_scp_keys.txt" , please kindly refer to se05x_mw_v04.05.01/simw-top/doc/appendix/platfscp.html for more details regarding the key file format.
3. Those bin files are demos out of the MW , you may build your own application based on them or just create a new one, alternatively you may use command line tool such as the SSSCLI tool to update the keys inside, please refer to se05x_mw_v04.05.01/simw-top/doc/cli-tool.html for more details regarding the SSSCLI tool usage as well as installation.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------