- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- MCUXpresso Training Hub
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- Home
- :
- Identification and Security
- :
- Secure Authentication
- :
- se050 MW openssl
se050 MW openssl
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
se050 MW openssl
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
I was told to post my problem here. I have three questions. But first a little context, I am using a custom board based upon the IMX6ULEVK. This board has an SE050A1 chip on it which I want to use with OpenSSL. Also I have an IMX6ULEVK with the OM-SE050ARD.
1. First off, on my custom board the SE050 is connected to I2C-0:0x48. Everywhere it's listed that i2c-1 is the standard interface that is used. Now I am able to run the examples like ex_ecc like: ex_ecc "/dev/i2c-0:0x48" . However i am not sure how to use i2c-0 when using the provider like this:
openssl rand --provider /usr/lib/libsssProvider.so -hex 32. Is there possibly a cmake option I missed? Or is there anything else i can provide in my bitbake recipe to achieve this? (BB file provided: "se050x.bb.txt")
2. When running ex_ecc (i believe) platformSCP03 is correctly used. But when running openssl I get errors on the sss_session_open. (see logs: )
3. the only commands available on my IMX6UL are:
ex_ecc ex_ecdh ex_eddsa ex_hkdf ex_symmetric
se052_deep_pwr_down se05x_ConcurrentEcc se05x_GetInfo se05x_Minimal se05x_scp03_boot
se052_reset_example se05x_ConcurrentSymm se05x_InvokeGarbageCollection se05x_MultipleDigestCryptoObj
I want to update my keys in the future, I am just not sure what i should use for this, I have seen multiple mentions of the Access Manager and the SSSCLI tools. These are not available to me. I am wondering if I should use these to update the keys? If so, How can I make these tools available on my board.
Thanks for the reply in advance
With kind regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
First off, thanks for the reply, setting the boot_sss_port did work! However the SCP03 still does not, i have provided my debug output (file= ex_ecc_openssl_logs_2.0.txt). So the examples do run with the same keys. However, the openssl provider doesn't.
regarding the ssscli tool i'm currently trying to add this to my yocto image. I will keep you updated.
with kind regards
Kan_Li
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @eal-fox ,
Please kindly have my comments as below:
1. Please use EX_SSS_BOOT_SSS_PORT to specify the i2c port used by the provider. For example, use the following command at first before issuing any openssl commands.
export EX_SSS_BOOT_SSS_PORT="/dev/i2c-0:0x48"
2. Similar as above, use EX_SSS_BOOT_SCP03_PATH to specify the key file path in case you are using provider. for example, export EX_SSS_BOOT_SCP03_PATH="/home/ubuntu/simw-top/sss/plugin/openssl_provider/scripts/se050F_scp_keys.txt" , please kindly refer to se05x_mw_v04.05.01/simw-top/doc/appendix/platfscp.html for more details regarding the key file format.
3. Those bin files are demos out of the MW , you may build your own application based on them or just create a new one, alternatively you may use command line tool such as the SSSCLI tool to update the keys inside, please refer to se05x_mw_v04.05.01/simw-top/doc/cli-tool.html for more details regarding the SSSCLI tool usage as well as installation.
Hope that helps,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
