Example Connections Doc

Secure Chip

OES Prime features tamper-resistant dedicated crypto chip (ATECC508A) for storing cryptographic keys, unique ID,
random number generation and more. The ATECC508A can generate high-quality FIPS random numbers, each of them
is guaranteed to be essentially unique from all numbers ever generated on this or any other device.

This examples demonstrates how to generate random numbers.

Package building and installation

The first step is to build a package with CryptoAuthLib support and random_number application.
If you have not yet build any images or packages with Yocto, visit this page.
If you have already set up build host, then navigate to OES Prime-image directory.

Open meta-layers/meta-emlid-OES Prime-examples/recipes-core/images/OES Prime-image.bbappend
and uncomment the following line:


IMAGE_INSTALL_append += "secure-chip-example"

Build the secure-chip-example package:


bitbake secure-chip-example

Find the package:


find tmp/deploy/ipk/ -name "*secure-chip*.ipk"

You should find secure-chip-example_0.1-r0_aarch64.ipk.

Copy ipk file to OES Prime:


rsync -avz secure-chip-example_0.1-r0_aarch64.ipk root@192.168.2.15:/home/root

where 192.168.2.15 is OES Prime IP address.

Copy ipk file with rsync or scp to OES Prime and install with the following command:


ls secure-chip*.ipk | xargs opkg install

Testing

Execute random_number and you should get the random 32 byte number:


56 df cd 39 5f e1 da f1
80 fa 0c e9 b1 3f 45 a6
e2 64 8e c7 4d 0d 59 a0
15 48 ca 35 83 1b eb b0

The program explained

The random_number is actually the following compiled C program:


#include <stdio.h>
#include <cryptoauthlib.h>

ATCAIfaceCfg g_iface_config = {
    .iface_type        = ATCA_I2C_IFACE,
    .devtype           = ATECC508A,
    .atcai2c           = {
        .slave_address = 0xC0,
        .bus           = 0,
        .baud          = 400000,
    },
    .wake_delay        = 1500,
    .rx_retries        = 20
};

int read_atecc_random_number(uint8_t* random_number)
{
    ATCA_STATUS status = atcab_init(&g_iface_config);

    if (status != ATCA_SUCCESS) {
        printf("atcab_init() failed with ret=0x%08drn", status);
        return -1;
    }

    status = atcab_random(random_number);;
    atcab_release();

    if (status != ATCA_SUCCESS) {
        printf("atcab_random() failed with ret=0x%08drn", status);
        return -1;
    }

    return 0;
}

int main(void)
{
    uint8_t random_number[32];

    if (read_atecc_random_number(&random_number) != 0)
        return -1;

    for (int i = 0; i < 4; i++){
        for(int j = 0; j < 8; j++){
             printf("%02x ", random_number[i * 8 + j]);
        }
        printf("n");
    }
    return 0;
}

1) Include the cryptoauthlib.h header file to get access to CryptoAuthLib API.

2) Call atcab_init() with a pointer for a configuration for an ATECC508A I2C
interface.

3) Call atcab_random() passing a pointer to uint8_t array to receive the 32 byte random number.

4) Print the generated number.

Where to go next

The complete ATECC508A data sheet and CryptoAuthLib API can be found
here.
Beware of some functions and read carefully the documentation as you may lock some data slots
so as you cannot use them anymore.