You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by "AndreHeinemans-NXP (via GitHub)" <gi...@apache.org> on 2023/08/17 13:52:22 UTC
[GitHub] [nuttx] AndreHeinemans-NXP opened a new pull request, #10249: Added NXP SE05x support (secure element)
AndreHeinemans-NXP opened a new pull request, #10249:
URL: https://github.com/apache/nuttx/pull/10249
## Summary
Added NXP SE05x support (secure element)
Depends on tooling in Apps (PR pending)
## Impact
ucans32k146:se05x target has this driver enabled
## Testing
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1711238036
> @xiaoxiang781216
>
> The problem is in MbedTLS like I mentioned earlier but I found a workaround by also enabling MBEDTLS_SSL_PROTO_DTLS and MBEDTLS_SSL_DTLS_CONNECTION_ID in the config. These changes are pushed which should fix the build
>
> I added this issue in [apache/nuttx-apps#2045](https://github.com/apache/nuttx-apps/issues/2045)
could you provide a patch to fix this issue?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] PetervdPerk-NXP commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "PetervdPerk-NXP (via GitHub)" <gi...@apache.org>.
PetervdPerk-NXP commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1687891343
> In these cases, the downloaded code is an interface to the binary files provided by the vendor.
You get a precompiled, certified wireless stack. It can't be done otherwise unless we write wireless stack from scratch - but that requires open radio peripheral documentation (true for Nordic, not true for ESP) and resources which NuttX community doesn't have.
But isn't that what were doing here? You get a vendor provided secure element stack. It can't be done otherwise unless we write secure element stack from scratch. But that requires open security manual (false for NXP).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] AndreHeinemans-NXP commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "AndreHeinemans-NXP (via GitHub)" <gi...@apache.org>.
AndreHeinemans-NXP commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1690279374
> @AndreHeinemans-NXP please rebase your patch to the last master.
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] raiden00pl commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "raiden00pl (via GitHub)" <gi...@apache.org>.
raiden00pl commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1687689218
I'm a little concerned about this change.
It seems to me that NuttX has always avoided the approach where we pull code from the
ventor's repositories and wrap it in some code to work with RTOS.
This approach silently evades the NuttX coding standard, make code review more difficult
and make it impossible to reuse code in similar crypto drivers.
It think for drivers only drivers/segger has a similar approach, but in this case it's justified,
as the driver is dedicated to the Segger tools.
I understand that this approach is easier for NXP, but from the project point of view,
it seems wrong.
If it's not necessary because of some precompiled files (closed source drivers for chip peripherals)
or a solution commonly considered a standard in the embedded world (jlink tools, openamp),
we shouldn't do that.
Please, let's not make NuttX another Zephyr where vendors take shortcuts and instead of
creating code dedicated for the OS, they download a ton of code from their repositories.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] AndreHeinemans-NXP commented on a diff in pull request #10249: Added NXP SE05x support (secure element)
Posted by "AndreHeinemans-NXP (via GitHub)" <gi...@apache.org>.
AndreHeinemans-NXP commented on code in PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#discussion_r1298242476
##########
drivers/crypto/se05x.c:
##########
@@ -0,0 +1,266 @@
+/****************************************************************************
+ * drivers/crypto/se05x.c
Review Comment:
The pnt folder only contains the external 'plug&trust' library and the needed wrappers. The intention was to seperate that from the ioctl functions
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1693033071
> @xiaoxiang781216 This problem cannot be fixed in this changeset because it was already there in NuttX-apps/MbedTLS. If you build a random target on master with MbedTLS enabled then these warnings will appear.
>
> I think the problem is in MbedTLS' ssl.h:590 which should also test MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT for not being defined at all. But that file is downloaded and not part of the NuttX or NuttX-apps repositories.
it is fixed here: https://github.com/apache/nuttx-apps/pull/1995
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1711315364
ok, let' wait the result from ci.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] raiden00pl commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "raiden00pl (via GitHub)" <gi...@apache.org>.
raiden00pl commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1687954497
> But isn't that what were doing here? You get a vendor provided secure element stack. It can't be done otherwise unless we write secure element stack from scratch. But that requires open security manual (false for NXP).
If APDU uses any precompiled binary files provided by NXP or APDU interface is not openly available, then I don't see any other option than downloading from the vendor.
If both statements are false, then getting the code from the vendor is a shortcut. That's how I see it.
The question remains what it means that the interface is open. No NDA? No login barrier? Any available source from which we can get interface definitions? This question is more for the wider community.
Zephyr-ation (duplicating Zephyr's bad practices which are convenient for vendors) is the worst thing that can happen to this project, so that's why I'm complaining :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] AndreHeinemans-NXP commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "AndreHeinemans-NXP (via GitHub)" <gi...@apache.org>.
AndreHeinemans-NXP commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1692393902
@xiaoxiang781216
This problem cannot be fixed in this changeset because it was already there in NuttX-apps/MbedTLS. If you build a random target on master with MbedTLS enabled then these warnings will appear.
I think the problem is in MbedTLS' ssl.h:590 which should also test MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT for not being defined at all. But that file is downloaded and not part of the NuttX or NuttX-apps repositories.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] jarivanewijk commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "jarivanewijk (via GitHub)" <gi...@apache.org>.
jarivanewijk commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1688870005
> BTW do we have CCLA from NXP ? I don't see in `AUTHORS`. When does it become required?
I don't want to disrupt the discussion on this PR, but I got triggered by your comment. To my knowledge a CCLA has been submitted by NXP over a year ago. Some colleagues (including myself) have also submitted ICLAs. I must have confirmation somewhere that it was accepted by the Apache Foundation. Looks like this still needs to be added to the AUTHORS file? Should we have made a PR for that ourselves? I would have expected that file to get updated periodically.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] PetervdPerk-NXP commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "PetervdPerk-NXP (via GitHub)" <gi...@apache.org>.
PetervdPerk-NXP commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1688075900
So if we hide it in a blob it's okay, but if there's a source available it's called zephyr-ation?
We could just publish a blob and use that, but would be bad practice in my opinion.
The Plug & Trust Nano Package dependency for the SE050 secure element is os-independent and is used by other RTOS'es i.e. Zephyr and FreeRTOS. Pretty much how LittleFS is handled in NuttX as well (https://github.com/littlefs-project/littlefs). If you find this kind of code-reuse a shortcut that would be your call but I think it's more effort then publishing a blob and make bindings to it.
> The question remains what it means that the interface is open. No NDA? No login barrier? Any available source from which we can get interface definitions? This question is more for the wider community.
It's published as Apache 2.0 license
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1709631999
arm-05 ci fail, could you rebase the change to the last master?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] PetervdPerk-NXP commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "PetervdPerk-NXP (via GitHub)" <gi...@apache.org>.
PetervdPerk-NXP commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1687805438
We try to write a dedicated code for NuttX whenever possible i.e. S32K1, S32K3, IMXRT and SocketCAN.
For the SE050 secure element we took a different approach because of complexity of the Application Protocol Data Unit (APDU) and maintaining the security updates through the external repository. The [repository ](https://github.com/NXPPlugNTrust/nano-package)we use is open-source and Apache 2.0 licensed.
> make it impossible to reuse code in similar crypto drivers.
We took an approach to abstract the Secure Element through the introduced ` _SEIOCBASE` ioctl. With generic commands such as `SEIOC_GENERATE_KEYPAIR` any other crypto/secure element driver can reuse this interface.
Also how come it's okay for a wireless driver i.e. ESP32, ESP32C3, BL602, NRF52, NRF53 and NRF91 to pull from external repositories and now for a secure element it's not?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] raiden00pl commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "raiden00pl (via GitHub)" <gi...@apache.org>.
raiden00pl commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1687878075
> We try to write a dedicated code for NuttX whenever possible i.e. S32K1, S32K3, IMXRT and SocketCAN.
Thanks for that :)
> For the SE050 secure element we took a different approach because of complexity of the Application Protocol Data Unit (APDU) and maintaining the security updates through the external repository.
That's another thing. Is this a good approach to rely on security updates in an external repo? Teams in companies change, projects are abandoned, and the response time of corporations to security flaws often leaves much to be desired.
> Also how come it's okay for a wireless driver i.e. ESP32, ESP32C3, BL602, NRF52, NRF53 and NRF91 to pull from external repositories and now for a secure element it's not?
In these cases, the downloaded code is an interface to the binary files provided by the vendor.
You get a precompiled, certified wireless stack. It can't be done otherwise unless we write wireless stack from scratch - but that requires open radio peripheral documentation (true for Nordic, not true for ESP) and resources which NuttX community doesn't have.
At least for Nordic chips the amount of pulled code is minimal to make it work. Not sure about the rest.
For NRF91 there is even an IPC implementation dedicated to NuttX that is functionally compatible with
the Nordic SDK implementation, just to avoid dependence on the vendor's code (https://github.com/apache/nuttx/blob/master/arch/arm/src/nrf91/nrf91_nrfx_ipc.c).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] raiden00pl commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "raiden00pl (via GitHub)" <gi...@apache.org>.
raiden00pl commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1689428406
> I don't want to disrupt the discussion on this PR, but I got triggered by your comment. To my knowledge a CCLA has been submitted by NXP over a year ago. Some colleagues (including myself) have also submitted ICLAs. I must have confirmation somewhere that it was accepted by the Apache Foundation. Looks like this still needs to be added to the AUTHORS file? Should we have made a PR for that ourselves? I would have expected that file to get updated periodically.
It'll be great when AUTHORS gets updated. This will help to avoid doubts like mine in the future.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1691985273
@AndreHeinemans-NXP you have to fix this warning:
```
In file included from mbedtls/library/ssl_misc.h:27,
from mbedtls/library/constant_time_internal.h:30,
from mbedtls/library/base64.c:25:
Error: /github/workspace/sources/apps/crypto/mbedtls/mbedtls/include/mbedtls/ssl.h:590:5: error: "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT" is not defined, evaluates to 0 [-Werror=undef]
590 | #if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
before merging this patch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] raiden00pl commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "raiden00pl (via GitHub)" <gi...@apache.org>.
raiden00pl commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1688219700
> So if we hide it in a blob it's okay, but if there's a source available it's called zephyr-ation?
We could just publish a blob and use that, but would be bad practice in my opinion.
If you hide it in a blob AND you don't provide open documentation for that chip then yes, I think it's OK. Or if you provide some kind of certification for a given solution. In other cases, precompiled binary is the worst possible option.
> Pretty much how LittleFS is handled in NuttX as well
littlefs is a well-established open source project independent of any chip vendor (just like previously mentioned openamp). The chance that the project will be completely abandoned overnight and thrown into the abyss is minimal.
> If you find this kind of code-reuse a shortcut that would be your call but I think it's more effort then publishing a blob and make bindings to it.
I'm not going to block this PR in any way, it's just my dislike of this approach. If there are no more people with doubts then I don't have a problem with that. But if more similar solutions start to come out, or worse, we'll start relying on the vendors HAL then I think it's going to be a problem.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1690233731
@AndreHeinemans-NXP please rebase your patch to the last master.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1710540297
@PetervdPerk-NXP the follow compiler error need be fixed first:
```
In file included from mbedtls/library/ssl_misc.h:27,
from mbedtls/library/constant_time_internal.h:30,
from mbedtls/library/base64.c:25:
Error: /github/workspace/sources/apps/crypto/mbedtls/mbedtls/include/mbedtls/ssl.h:590:5: error: "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT" is not defined, evaluates to 0 [-Werror=undef]
590 | #if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 merged pull request #10249: Added NXP SE05x support (secure element)
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 merged PR #10249:
URL: https://github.com/apache/nuttx/pull/10249
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] raiden00pl commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "raiden00pl (via GitHub)" <gi...@apache.org>.
raiden00pl commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1687713287
BTW do we have CCLA from NXP ? I don't see in `AUTHORS`. When does it become required?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] xiaoxiang781216 commented on a diff in pull request #10249: Added NXP SE05x support (secure element)
Posted by "xiaoxiang781216 (via GitHub)" <gi...@apache.org>.
xiaoxiang781216 commented on code in PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#discussion_r1297561857
##########
drivers/crypto/Kconfig:
##########
@@ -74,3 +74,60 @@ config DEV_URANDOM_ARCH
endchoice # /dev/urandom algorithm
endif # DEV_URANDOM
+
+menuconfig DEV_SE05X
+ bool "Enable secure element (SE05X)"
+ depends on I2C
+ depends on CRYPTO
+ default n
+ ---help---
+ Enable support for /dev/se05x secure element provided by NXP SE050
+ or SE051
+
+if DEV_SE05X
+
+choice
+ prompt "Channel communication interface"
+ default DEV_SE05X_PLAIN
+ ---help---
+ Select authentication method
+
+config DEV_SE05X_SCP03
+ bool "SCP03 secure channel (TBI)"
+ select CRYPTO_RANDOM_POOL
+ select CRYPTO_AES
+
+config DEV_SE05X_PLAIN
+ bool "plain communication"
Review Comment:
ensure all Kconfig indent by tab not space
##########
include/nuttx/crypto/se05x.h:
##########
@@ -0,0 +1,164 @@
+/****************************************************************************
+ * include/nuttx/crypto/se05x.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/* Copyright 2023 NXP */
+
+#ifndef __INCLUDE_NUTTX_CRYPTO_SE05X_H_
+#define __INCLUDE_NUTTX_CRYPTO_SE05X_H_
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+#include <nuttx/config.h>
+
+#ifdef CONFIG_DEV_SE05X
+
+#include <nuttx/fs/ioctl.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define SE05X_MODULE_UNIQUE_ID_LEN 18
+
+#define SEIOC_GET_INFO _SEIOC(0x0000) /* Arg: se05x_info_s */
+#define SEIOC_GET_UID _SEIOC(0x0001) /* Arg: se05x_uid_s */
+#define SEIOC_GENERATE_KEYPAIR _SEIOC(0x0002)
+/* Arg: se05x_key_store_entry_t */
+#define SEIOC_SET_KEY _SEIOC(0x0003) /* Arg: se05x_key_transmission_s */
+#define SEIOC_SET_DATA _SEIOC(0x0004) /* Arg: se05x_key_transmission_s */
+#define SEIOC_GET_KEY _SEIOC(0x0005) /* Arg: se05x_key_transmission_s */
+#define SEIOC_GET_DATA _SEIOC(0x0006) /* Arg: se05x_key_transmission_s */
+#define SEIOC_DELETE_KEY _SEIOC(0x0007) /* Arg: uint32_t key_id */
+#define SEIOC_CREATE_SIGNATURE _SEIOC(0x0008) /* Arg: se05x_signature_s */
+#define SEIOC_VERIFY_SIGNATURE _SEIOC(0x0009) /* Arg: se05x_signature_s */
+#define SEIOC_DERIVE_SYMM_KEY _SEIOC(0x000A) /* Arg: se05x_derive_key_s */
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+typedef enum
+{
+ SE05X_ASYM_CIPHER_EC_NIST_P_256 = 0,
+} se05x_asym_cipher_type;
Review Comment:
```suggestion
} se05x_asym_cipher_type_e;
```
##########
include/nuttx/crypto/se05x.h:
##########
@@ -0,0 +1,164 @@
+/****************************************************************************
+ * include/nuttx/crypto/se05x.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/* Copyright 2023 NXP */
+
+#ifndef __INCLUDE_NUTTX_CRYPTO_SE05X_H_
+#define __INCLUDE_NUTTX_CRYPTO_SE05X_H_
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+#include <nuttx/config.h>
+
+#ifdef CONFIG_DEV_SE05X
+
+#include <nuttx/fs/ioctl.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+#define SE05X_MODULE_UNIQUE_ID_LEN 18
+
+#define SEIOC_GET_INFO _SEIOC(0x0000) /* Arg: se05x_info_s */
+#define SEIOC_GET_UID _SEIOC(0x0001) /* Arg: se05x_uid_s */
+#define SEIOC_GENERATE_KEYPAIR _SEIOC(0x0002)
+/* Arg: se05x_key_store_entry_t */
+#define SEIOC_SET_KEY _SEIOC(0x0003) /* Arg: se05x_key_transmission_s */
+#define SEIOC_SET_DATA _SEIOC(0x0004) /* Arg: se05x_key_transmission_s */
+#define SEIOC_GET_KEY _SEIOC(0x0005) /* Arg: se05x_key_transmission_s */
+#define SEIOC_GET_DATA _SEIOC(0x0006) /* Arg: se05x_key_transmission_s */
+#define SEIOC_DELETE_KEY _SEIOC(0x0007) /* Arg: uint32_t key_id */
+#define SEIOC_CREATE_SIGNATURE _SEIOC(0x0008) /* Arg: se05x_signature_s */
+#define SEIOC_VERIFY_SIGNATURE _SEIOC(0x0009) /* Arg: se05x_signature_s */
+#define SEIOC_DERIVE_SYMM_KEY _SEIOC(0x000A) /* Arg: se05x_derive_key_s */
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+typedef enum
+{
+ SE05X_ASYM_CIPHER_EC_NIST_P_256 = 0,
+} se05x_asym_cipher_type;
+
+typedef enum
+{
+ SE05X_ALGORITHM_NA = 0,
+ SE05X_ALGORITHM_PLAIN,
+ SE05X_ALGORITHM_SHA,
+ SE05X_ALGORITHM_SHA224,
+ SE05X_ALGORITHM_SHA256,
+ SE05X_ALGORITHM_SHA384,
+ SE05X_ALGORITHM_SHA512,
+ SE05X_ALGORITHM_SIZE,
+} se05x_algorithm;
Review Comment:
```suggestion
} se05x_algorithm_e;
```
##########
drivers/crypto/se05x_internal.h:
##########
@@ -0,0 +1,49 @@
+/****************************************************************************
+ * drivers/crypto/se05x_internal.h
Review Comment:
why not move into pnt folder
##########
drivers/crypto/pnt/Make.defs:
##########
@@ -0,0 +1,80 @@
+############################################################################
+# drivers/crypto/pnt/Make.defs
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership. The
+# ASF licenses this file to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+############################################################################
+
+# Copyright 2023 NXP
+
+PNT_GIT_COMMIT_HASH = d7323c25d967edb0ff1957459586850f447eb8c5
+PNT_DOWNLOAD_URL = https://github.com/NXPPlugNTrust/nano-package/archive/$(PNT_GIT_COMMIT_HASH).zip
+PNT_WRAPPER_DIR = crypto/pnt
+PNT_NANO_ZIP = $(PNT_WRAPPER_DIR)/pnt_$(PNT_GIT_COMMIT_HASH).zip
+PNT_NANO_DIR = $(PNT_WRAPPER_DIR)/nano-package
+
+PNT_INCDIRS = \
+ -I. \
+ -I$(PNT_WRAPPER_DIR) \
+ -I$(PNT_NANO_DIR)/lib/apdu \
+ -I$(PNT_NANO_DIR)/lib/t1oi2c \
+
+CSRCS += \
+ $(PNT_WRAPPER_DIR)/pnt_se05x_api.c \
+ $(PNT_WRAPPER_DIR)/pnt_util.c \
+ $(PNT_WRAPPER_DIR)/sm_i2c.c \
+ $(PNT_WRAPPER_DIR)/sm_timer.c \
+ $(PNT_NANO_DIR)/lib/apdu/smCom.c \
+ $(PNT_NANO_DIR)/lib/apdu/se05x_tlv.c \
+ $(PNT_NANO_DIR)/lib/apdu/se05x_APDU_impl.c \
+ $(PNT_NANO_DIR)/lib/t1oi2c/phNxpEse_Api.c \
+ $(PNT_NANO_DIR)/lib/t1oi2c/phNxpEseProto7816_3.c \
+ $(PNT_NANO_DIR)/lib/t1oi2c/phNxpEsePal_i2c.c \
+
+ifeq ($(CONFIG_DEV_SE05X_SCP03),y)
+ PNT_INCDIRS += -I$(PNT_NANO_DIR)/lib/apdu/scp03
+ CFLAGS += DWITH_PLATFORM_SCP03
+ CSRCS += hcrypto.c $(PNT_NANO_DIR)/lib/apdu/scp03/se05x_scp03.c
+endif
+
+CFLAGS += $(PNT_INCDIRS) -DT1oI2C -DT1oI2C_UM11225 -DAX_EMBEDDED=0
+
+UNPACK ?= unzip -q -o
+
+PATCH ?= patch -p1
+
+$(PNT_NANO_ZIP):
+ @echo "Downloading: $(PNT_DOWNLOAD_URL)"
+ $(Q) curl -o $(PNT_NANO_ZIP) -L $(PNT_DOWNLOAD_URL)
+
+$(PNT_NANO_DIR): $(PNT_NANO_ZIP)
+ @echo "Unpacking: $(PNT_NANO_ZIP) -> $(PNT_NANO_DIR)"
+ $(Q) $(UNPACK) $(PNT_NANO_ZIP) -d $(PNT_WRAPPER_DIR)
+ $(call DELDIR, $(PNT_NANO_DIR))
+ $(Q) mv -T $(PNT_NANO_DIR)-$(PNT_GIT_COMMIT_HASH) $(PNT_NANO_DIR)
+ $(Q) $(foreach PATCH_FILE, $(sort $(wildcard $(PNT_WRAPPER_DIR)/*.patch)), $(PATCH) -d $(PNT_NANO_DIR) < $(PATCH_FILE);)
+
+context:: $(PNT_NANO_DIR)
+
+distclean::
+ $(call DELFILE, $(PNT_NANO_ZIP))
+ $(call DELDIR, $(PNT_NANO_DIR))
+
+# Include crypto device driver build support
+
+DEPPATH += --dep-path crypto
+VPATH += :crypto
Review Comment:
remove vpath for crypto
##########
drivers/crypto/pnt/Make.defs:
##########
@@ -0,0 +1,80 @@
+############################################################################
+# drivers/crypto/pnt/Make.defs
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership. The
+# ASF licenses this file to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+############################################################################
+
+# Copyright 2023 NXP
+
+PNT_GIT_COMMIT_HASH = d7323c25d967edb0ff1957459586850f447eb8c5
+PNT_DOWNLOAD_URL = https://github.com/NXPPlugNTrust/nano-package/archive/$(PNT_GIT_COMMIT_HASH).zip
+PNT_WRAPPER_DIR = crypto/pnt
+PNT_NANO_ZIP = $(PNT_WRAPPER_DIR)/pnt_$(PNT_GIT_COMMIT_HASH).zip
+PNT_NANO_DIR = $(PNT_WRAPPER_DIR)/nano-package
+
+PNT_INCDIRS = \
+ -I. \
+ -I$(PNT_WRAPPER_DIR) \
+ -I$(PNT_NANO_DIR)/lib/apdu \
+ -I$(PNT_NANO_DIR)/lib/t1oi2c \
+
+CSRCS += \
+ $(PNT_WRAPPER_DIR)/pnt_se05x_api.c \
+ $(PNT_WRAPPER_DIR)/pnt_util.c \
+ $(PNT_WRAPPER_DIR)/sm_i2c.c \
+ $(PNT_WRAPPER_DIR)/sm_timer.c \
+ $(PNT_NANO_DIR)/lib/apdu/smCom.c \
+ $(PNT_NANO_DIR)/lib/apdu/se05x_tlv.c \
+ $(PNT_NANO_DIR)/lib/apdu/se05x_APDU_impl.c \
+ $(PNT_NANO_DIR)/lib/t1oi2c/phNxpEse_Api.c \
+ $(PNT_NANO_DIR)/lib/t1oi2c/phNxpEseProto7816_3.c \
+ $(PNT_NANO_DIR)/lib/t1oi2c/phNxpEsePal_i2c.c \
+
+ifeq ($(CONFIG_DEV_SE05X_SCP03),y)
+ PNT_INCDIRS += -I$(PNT_NANO_DIR)/lib/apdu/scp03
+ CFLAGS += DWITH_PLATFORM_SCP03
+ CSRCS += hcrypto.c $(PNT_NANO_DIR)/lib/apdu/scp03/se05x_scp03.c
+endif
+
+CFLAGS += $(PNT_INCDIRS) -DT1oI2C -DT1oI2C_UM11225 -DAX_EMBEDDED=0
+
+UNPACK ?= unzip -q -o
+
+PATCH ?= patch -p1
+
+$(PNT_NANO_ZIP):
+ @echo "Downloading: $(PNT_DOWNLOAD_URL)"
+ $(Q) curl -o $(PNT_NANO_ZIP) -L $(PNT_DOWNLOAD_URL)
+
+$(PNT_NANO_DIR): $(PNT_NANO_ZIP)
+ @echo "Unpacking: $(PNT_NANO_ZIP) -> $(PNT_NANO_DIR)"
+ $(Q) $(UNPACK) $(PNT_NANO_ZIP) -d $(PNT_WRAPPER_DIR)
+ $(call DELDIR, $(PNT_NANO_DIR))
+ $(Q) mv -T $(PNT_NANO_DIR)-$(PNT_GIT_COMMIT_HASH) $(PNT_NANO_DIR)
+ $(Q) $(foreach PATCH_FILE, $(sort $(wildcard $(PNT_WRAPPER_DIR)/*.patch)), $(PATCH) -d $(PNT_NANO_DIR) < $(PATCH_FILE);)
+
+context:: $(PNT_NANO_DIR)
+
+distclean::
+ $(call DELFILE, $(PNT_NANO_ZIP))
+ $(call DELDIR, $(PNT_NANO_DIR))
+
+# Include crypto device driver build support
+
+DEPPATH += --dep-path crypto
+VPATH += :crypto
+CFLAGS += ${shell $(INCDIR) "$(CC)" $(TOPDIR)$(DELIM)drivers$(DELIM)crypto$(DELIM)pnt}
Review Comment:
```suggestion
CFLAGS += ${INCDIR_PREFIX}$(TOPDIR)$(DELIM)drivers$(DELIM)crypto$(DELIM)pnt}
```
##########
drivers/crypto/pnt/Make.defs:
##########
@@ -0,0 +1,80 @@
+############################################################################
+# drivers/crypto/pnt/Make.defs
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership. The
+# ASF licenses this file to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+############################################################################
+
+# Copyright 2023 NXP
+
+PNT_GIT_COMMIT_HASH = d7323c25d967edb0ff1957459586850f447eb8c5
+PNT_DOWNLOAD_URL = https://github.com/NXPPlugNTrust/nano-package/archive/$(PNT_GIT_COMMIT_HASH).zip
+PNT_WRAPPER_DIR = crypto/pnt
+PNT_NANO_ZIP = $(PNT_WRAPPER_DIR)/pnt_$(PNT_GIT_COMMIT_HASH).zip
+PNT_NANO_DIR = $(PNT_WRAPPER_DIR)/nano-package
+
+PNT_INCDIRS = \
+ -I. \
Review Comment:
align
##########
drivers/crypto/Make.defs:
##########
@@ -18,12 +18,19 @@
#
############################################################################
+# Copyright 2023 NXP
Review Comment:
remove
##########
drivers/crypto/Kconfig:
##########
@@ -74,3 +74,60 @@ config DEV_URANDOM_ARCH
endchoice # /dev/urandom algorithm
endif # DEV_URANDOM
+
+menuconfig DEV_SE05X
+ bool "Enable secure element (SE05X)"
+ depends on I2C
+ depends on CRYPTO
+ default n
+ ---help---
+ Enable support for /dev/se05x secure element provided by NXP SE050
+ or SE051
+
+if DEV_SE05X
+
+choice
+ prompt "Channel communication interface"
+ default DEV_SE05X_PLAIN
+ ---help---
+ Select authentication method
+
+config DEV_SE05X_SCP03
+ bool "SCP03 secure channel (TBI)"
+ select CRYPTO_RANDOM_POOL
Review Comment:
tab
##########
drivers/crypto/se05x.c:
##########
@@ -0,0 +1,266 @@
+/****************************************************************************
+ * drivers/crypto/se05x.c
Review Comment:
why not move into pnt folder
##########
drivers/crypto/se05x_internal.h:
##########
@@ -0,0 +1,49 @@
+/****************************************************************************
+ * drivers/crypto/se05x_internal.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/* Copyright 2023 NXP */
+
+#ifndef __INCLUDE_NUTTX_DRIVERS_CRYPTO_SE05X_INTERNAL_H_
+#define __INCLUDE_NUTTX_DRIVERS_CRYPTO_SE05X_INTERNAL_H_
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <semaphore.h>
+#include <stdint.h>
+
+/****************************************************************************
+ * Public Types
+ ****************************************************************************/
+
+struct i2c_master_s;
+struct pnt_handle;
+struct se05x_config_s;
+
+struct se05x_dev_s
+{
+ FAR struct se05x_config_s *config;
+ FAR struct i2c_master_s *i2c; /* I2C interface */
+ FAR struct pnt_handle *pnt;
+ sem_t mutex;
Review Comment:
```suggestion
mutex_t mutex;
```
and call mutex_xxx api
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] AndreHeinemans-NXP commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "AndreHeinemans-NXP (via GitHub)" <gi...@apache.org>.
AndreHeinemans-NXP commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1711220065
@xiaoxiang781216
The problem is in MbedTLS like I mentioned earlier but I found a workaround by also enabling MBEDTLS_SSL_PROTO_DTLS and MBEDTLS_SSL_DTLS_CONNECTION_ID in the config. These changes are pushed which should fix the build
I added this issue in apache/nuttx-apps#2045
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] AndreHeinemans-NXP commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "AndreHeinemans-NXP (via GitHub)" <gi...@apache.org>.
AndreHeinemans-NXP commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1711251156
@xiaoxiang781216
```
diff --git a/boards/arm/s32k1xx/ucans32k146/configs/se05x/defconfig b/boards/arm/s32k1xx/ucans32k146/configs/se05x/defconfig
index a6ba699d9b..a7bafc199c 100644
--- a/boards/arm/s32k1xx/ucans32k146/configs/se05x/defconfig
+++ b/boards/arm/s32k1xx/ucans32k146/configs/se05x/defconfig
@@ -32,6 +32,8 @@ CONFIG_HAVE_CXXINITIALIZE=y
CONFIG_I2C=y
CONFIG_INIT_ENTRYPOINT="nsh_main"
CONFIG_LPUART1_SERIAL_CONSOLE=y
+CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID=y
+CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
CONFIG_NSH_ARCHINIT=y
CONFIG_NSH_BUILTIN_APPS=y
CONFIG_NSH_FILEIOSIZE=512
```
its already pushed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [nuttx] PetervdPerk-NXP commented on pull request #10249: Added NXP SE05x support (secure element)
Posted by "PetervdPerk-NXP (via GitHub)" <gi...@apache.org>.
PetervdPerk-NXP commented on PR #10249:
URL: https://github.com/apache/nuttx/pull/10249#issuecomment-1709573001
@xiaoxiang781216 is this ready to be merged?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org