A71CH – Plug & trust for IoT Session 2: Getting started with A71CH product support package and i.MX6UltraLite examples JORDI JOFRE 26/04/2018 PUBLIC
A71CH – Plug & trust for IoT Session 1: A71CH product introduction Get familiar with A71CH key security features, key benefits, use cases and product support package. April 24th, 2018 - 10 AM CEST and 08 AM PDT Recording: https://register.gotowebinar.com/recording/5952422091538558979 Session 2: Getting started with A71CH product support package and i.MX6UltraLite examples Learn how to get started with A71CH and its support package, including an example with i.MX6UltraLite. April 26th, 2018 - 10 AM CEST and 08 AM PDT 1
Agenda • Finding A71CH product support package. • Getting started with i.MX6UltraLite. • Using A71CH Configure tool. • Using A71CH OpenSSL Engine examples. • Using A71CH Host API examples. 2
Finding A71CH product support package 3
A71CH product website How to get there: www.nxp.com/A71CH Navigate through the tabs: • Overview • Documentation • Software and tools • Buy / parametrics • Package / quality • Training and support Highlighted material: • Videos • Architecture diagrams • Interviews • Etc. Scroll down for more: • Target applications • Related products • Etc. 4
A71CH product website - design tools How to get there: www.nxp.com/products/:A71CH?tab=Design_Tools_Tab Order your A71CH Arduino compatible development kit Download software and software images: • A71CH Host software package installer for Windows • A71CH Host software package installer for Linux • A71CH Host software package and i.MX6UL SW image installer for Windows • A71CH Host software i.MX6UL SW image installer for Linux 5
A71CH getting started with i.MX6UltraLite 6
A71CH getting started with i.MX6UltraLite What do you need? Video tutorial A71CH Arduino compatible i.MX6UltraLite Development PC development kit evaluation Kit and / or AN12129 Contents Contents Laptop URL video tutorial : A71CH mini PCB board i.MX6UltraLite CPU board Standard laptop running Linux www.nxp.com/video/:A71CH- Arduino interface header board Base board or Windows environment STARTED-IMX Power supply Part number : OM3710/A71CHARD URL AN12129 : USB Cable 12NC : 935368997598 www.nxp.com/docs/en/application- Micro-SD card URL: www.nxp.com/OM3710 note/AN12119.pdf Part number : MCIMX6UL-EVKB 12NC : 935328353598 ww.nxp.com/products/i.mx6ultralite- evaluation-kit:MCIMX6UL-EVK 7
A71CH getting started with i.MX6UltraLite Steps Prepare the Flash the microSD Install a terminal Boot the system Run the sample hardware card image emulator applications 8
A71CH getting started with i.MX6UltraLite Jumper Setting Use Hardware preparation JP1 Not set External VCC connection A71CH IC Connect A71CH to 3.3V regulator on JP2 3-4 miniPCB Make sure A71CH Mini PCB JP3 Set Connect I2C SDA pull-up resistor 1 jumpers are configured for I 2 C JP4 Set Connect I2C SCL pull-up resistor interface 1-2 Use I2C address 0x92/0x93 JP5 2-3 (Default) Use I2C address 0x90/0x91 JP6 1-2 Active I2C interface Not set (Default) A71CH operates JP7 Set A71CH reset Plug the A71CH Mini PCB board 2 to the Arduino header adaptor 9
A71CH getting started with i.MX6UltraLite Hardware preparation (II) Plug the A71CH into the 3 i.MXUltraLite board using the Arduino adaptors Arduino headers Arduino headers Arduino headers Arduino headers *Note: The Arduino shield board *Note: Might require soldering of Arduino headers comes with male connectors below 10
A71CH getting started with i.MX6UltraLite Hardware preparation (III) Development PC Install USB to UART Bridge Virtual 4 COM Port drivers (if needed) USB cable Power supply If i.MX6UltraLite board is recognized, it should appear in the Device Manager USB to UART Bridge Virtual COM port driver : 11 https://www.silabs.com/products/development-tools/software/usb-to-uart-bridge-vcp-drivers
A71CH getting started with i.MX6UltraLite Flash the SD card image The NXP-prepared Linux image is ready to run in Flash the microSD card with the 5 i.MX6UltraLite board and includes A71CH Host NXP-prepared Linux image Library and software examples integrated. Development PC microSD card slot Use Win32 Disk Imager, or any other software to flash the Linux image into the microSD card Linux SD card image for i.MX6UltraLite can be downloaded from: 12 www.nxp.com/products/:A71CH?tab=Design_Tools_Tab
A71CH getting started with i.MX6UltraLite TeraTerm terminal application install & configuration Development PC Install and configure TeraTerm 6 terminal application USB cable TeraTerm terminal configuration 13 TeraTerm terminal application: <link>
A71CH getting started with i.MX6UltraLite Booting the system Set-up the i.MXUltraLite 7 daughterboard switches and boot up the system Development PC Boot Mode Select Switch SW602: ON, OFF (from 1-2 switch) TeraTerm USB cable 12 4321 • Account name : root Boot Device Select Switch SW601: • Password: <set your own password> OFF, OFF, ON, OFF (from 1-4 switch) 14
A71CH getting started with i.MX6UltraLite Running the applications root@imx6ulevk:~/axHostSw/linux# Running the A71CH ./a71chConfig_i2c_imx info status Configuration tool: Development PC root@imx6ulevk:~/axHostSw/linux# 8 Running the Host API ./A71CH_i2c_imx usage examples: TeraTerm root@imx6ulevk:~/axHostSw/hostLib/e Running the A71CH mbSeEngine/a71chDemo/scripts# OpenSSL Engine examples: ./a71chPrepareEcc.sh USB cable 15
Using the A71CH Configure tool 16
A71CH Configure tool The A71CH Configure tool is a command line tool that supports the insertion of credentials into the A71CH. A71CH Secure Storage e.g. i.MXUltraLite Development PC Key pair #0 Key pair #2 Public key #0 Configuration APDU Host MCU commands Key pair #1 Key pair #3 Public key #1 commands A71CH Sym key #0 Sym key #4 Public key #2 Configure tool Serial port Config keys (3) Sym key #1 Sym key #5 I 2 C A71CH (SSH possible) General purpose Sym key #2 Sym key #6 Host Library storage Sym key #3 Sym key #7 e.g. TeraTerm command line bash tool Monotonic Monotonic counter #1 counter #0 Command line syntax: The command line syntax uses: a mandatory command name <cmd-n>, followed by e.g. A71CH mini PCB an optional command qualifier <cmd-q>, followed by '0 to n' (option, value) pairs. > <cmd-n> [<cmd-q>] [-option <option-value>]* 17
A71CH Configure tool: Info command Info command 2 1 > info [all|device|cnt|pair|pub|sym| status ] A71CH Echo the status of the A71CH or its stored credentials to the console > info status Secure Storage Key pair #0 Key pair #2 Public key #0 Key pair #1 Key pair #3 Public key #1 1 Sym key #0 Sym key #4 Public key #2 2 3 4 Config keys (3) Sym key #1 Sym key #5 3 Sym key #2 Sym key #6 4 Sym key #3 Sym key #7 General purpose storage Monotonic Monotonic 5 counter #1 counter #0 5 6 6 18
A71CH Configure tool: Generate ECC key pair Generate ECC key pair command: 1 > gen pair -x < int > Generate ECC key pair in index #0: A71CH > gen pair -x 0 1 Secure Storage Show public key pair generated in index #0: Key pair #0 Key pair #2 Public key #0 > info pair 2 Key pair #1 Key pair #3 Public key #1 Sym key #0 Sym key #4 Public key #2 Config keys (3) Sym key #1 Sym key #5 Sym key #2 Sym key #6 Sym key #3 Sym key #7 General purpose storage Retrieve public key command: Monotonic Monotonic counter #0 counter #1 > get pub -c < hex_value > -x < int > -k < keyfile.pem > Retrieve public key pair from index #0 and store it in myPublicKey.pem file ECC key pair > get pub -c 10 -x 0 -k myPublicKey.pem Secret key pair Public key pair 19
A71CH Configure tool: Inject an ECC key pair Generate a device key pair (e.g., using OpenSSL): 2 Generate ECC parameters: > openssl ecparam -name prime256v1 -out eccparams A71CH Generate myDeviceKeyPair keys: > openssl ecparam -in eccparams -genkey -noout -out Secure Storage myDeviceKeyPair.pem Key pair #0 Key pair #2 Public key #0 1 Key pair #1 Key pair #3 Public key #1 Sym key #0 Sym key #4 Public key #2 Config keys (3) Sym key #1 Sym key #5 Inject key pair command: Sym key #2 Sym key #6 > set pair -x < int > [-k < keyfile.pem > | -h < hexvalue_pub > -h < hexvalue_priv >] Sym key #3 Sym key #7 General purpose storage Monotonic Monotonic Inject myDeviceKeyPair in slot #1 : counter #0 counter #1 > set pair – x 1 – k myDeviceKeyPair.pem 2 ECC key pair Secret key pair Public key pair 20
Recommend
More recommend