Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sys/shell: Update cryptoauthlib shell commands #20673

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

sys/shell: Update cryptoauthlib shell commands #20673

wants to merge 6 commits into from
+816 −44

Conversation

Einhornhool
Copy link
Contributor

@Einhornhool Einhornhool commented May 16, 2024
edited

Contribution description

The cryptoauthlib shell command was broken due to API changes.
I updated the calls.

Additionally I made the output a bit prettier.

It is also possible to select a specific device, in case there's more than one.

Update 2024-05-17:
Now also compatible with ATECC608A config zone.

Testing procedure

Connect an ATECC508 (or 608), and run an application with the shell and the cryptoauthlib package.
The output should look like this (values differ depending on configuration, of course):

Usage

2024-05-16 08:54:07,871 # atca
2024-05-16 08:54:07,886 # * set_dev <number> - set and initialize an atca device (defaults to index 0)
2024-05-16 08:54:07,891 # * read - read Microchip CryptoAuth device's config zone
2024-05-16 08:54:07,896 # * read_bin - read config zone and print binary data
2024-05-16 08:54:07,904 # * lock_c - PERMANENTLY lock Microchip CryptoAuth device's config zone (cannot be undone!)
2024-05-16 08:54:07,911 # * lock_d - PERMANENTLY lock Microchip CryptoAuth device's data zone (cannot be undone!)
2024-05-16 08:54:07,917 # * check_lc - check if Microchip CryptoAuth device's config zone is locked
2024-05-16 08:54:07,923 # * check_ld - check if Microchip CryptoAuth device's data zone is locked

atca read (for ATECC608A)

2024-05-17 16:55:22,735 # atca read
2024-05-17 16:55:22,769 # Config Zone
2024-05-17 16:55:22,771 # Device Info (Read Only)
2024-05-17 16:55:22,775 # --------------------------------------------
2024-05-17 16:55:22,778 # Device Type       | ATECC608
2024-05-17 16:55:22,781 # Serial No (Pt. 1) | 0x01 0x23 0x9b 0xb6 
2024-05-17 16:55:22,786 # Revision No.      | 0x00 0x00 0x60 0x02 
2024-05-17 16:55:22,789 # Serial No (Pt. 2) | 0xc9 0xad 0xf1 0xd4 0xee 
2024-05-17 16:55:22,792 # AES Enabled       | True
2024-05-17 16:55:22,793 # I2C Enabled       | True
2024-05-17 16:55:22,796 # Single Wire       | False
2024-05-17 16:55:22,800 # --------------------------------------------
2024-05-17 16:55:22,800 # 
2024-05-17 16:55:22,802 # Device Info (Writable)
2024-05-17 16:55:22,806 # ---------------------------------------------
2024-05-17 16:55:22,808 # I2C Address       | 0xc0
2024-05-17 16:55:22,810 # Counter Match     | Disabled
2024-05-17 16:55:22,811 # ChipMode:
2024-05-17 16:55:22,814 # I2C Address       | Default address
2024-05-17 16:55:22,818 # TTLenable         | Fixed input levels
2024-05-17 16:55:22,821 # Watchdog          | 1.3 sec (recommended)
2024-05-17 16:55:22,824 # Clock Divider     | 0x00
2024-05-17 16:55:22,824 # 
2024-05-17 16:55:22,825 # Slot Config
2024-05-17 16:55:22,828 # ----------------------------------------
2024-05-17 16:55:22,831 # SlotID  | Hex    | Binary
2024-05-17 16:55:22,834 #         |        | 7      0 | 15     8
2024-05-17 16:55:22,837 # --------+--------+----------------------
2024-05-17 16:55:22,841 # 0       | 0x8720 | 00000001 | 00000001 | 
2024-05-17 16:55:22,845 # 1       | 0x8720 | 10011011 | 10011011 | 
2024-05-17 16:55:22,849 # 2       | 0x8720 | 00000000 | 00000000 | 
2024-05-17 16:55:22,852 # 3       | 0x8720 | 01100000 | 01100000 | 
2024-05-17 16:55:22,856 # 4       | 0x8700 | 11001001 | 11001001 | 
2024-05-17 16:55:22,860 # 5       | 0x8700 | 11110001 | 11110001 | 
2024-05-17 16:55:22,864 # 6       | 0x8f20 | 11101110 | 11101110 | 
2024-05-17 16:55:22,867 # 7       | 0x8720 | 01111001 | 01111001 | 
2024-05-17 16:55:22,871 # 8       | 0x0000 | 11000000 | 11000000 | 
2024-05-17 16:55:22,875 # 9       | 0x0000 | 00000000 | 00000000 | 
2024-05-17 16:55:22,878 # 10      | 0x0000 | 10000111 | 10000111 | 
2024-05-17 16:55:22,882 # 11      | 0x0000 | 10000111 | 10000111 | 
2024-05-17 16:55:22,886 # 12      | 0x0000 | 10000111 | 10000111 | 
2024-05-17 16:55:22,890 # 13      | 0x0000 | 10000111 | 10000111 | 
2024-05-17 16:55:22,893 # 14      | 0x0000 | 10000111 | 10000111 | 
2024-05-17 16:55:22,893 # 
2024-05-17 16:55:22,897 # Counter 0         | 0x00 0x00 0x00 0x01
2024-05-17 16:55:22,900 # Counter 1         | 0x3f 0xff 0xff 0xff
2024-05-17 16:55:22,903 # UseLockEnable     | False
2024-05-17 16:55:22,905 # VolatileKeyPermit | Disabled
2024-05-17 16:55:22,908 # SecureBootMode    | Disabled
2024-05-17 16:55:22,910 # SecureBootPersist | Disabled
2024-05-17 16:55:22,915 # SecureBootNonce   | Optional, controlled by SecureBootMode
2024-05-17 16:55:22,920 # Secure Boot Signature or Digest stored in slot 0
2024-05-17 16:55:22,923 # Secure Boot Public Key stored in slot 0
2024-05-17 16:55:22,925 # KDF IV Loc        | 0
2024-05-17 16:55:22,927 # UserExtra         | 0x00
2024-05-17 16:55:22,929 # UserExtraAdd (I2C)| 0xc1
2024-05-17 16:55:22,933 # LockValue         | Data and OTP Locked
2024-05-17 16:55:22,936 # LockConfig        | Config Zone Locked
2024-05-17 16:55:22,936 # 
2024-05-17 16:55:22,940 # SlotLocked (X = locked, - = unlocked):
2024-05-17 16:55:22,945 # Slot   |  0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15
2024-05-17 16:55:22,950 # Locked |  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  - 
2024-05-17 16:55:22,951 # Chip Options:
2024-05-17 16:55:22,953 # Power On Self Test| Disabled
2024-05-17 16:55:22,956 # IO Prot Key       | Disabled
2024-05-17 16:55:22,959 # AES KDF           | Disabled
2024-05-17 16:55:22,962 # ECDH              | Clear Output on Bus OK
2024-05-17 16:55:22,966 # KDF               | Clear Output on Bus OK
2024-05-17 16:55:22,969 # IO Protection Key stored in slot 0
2024-05-17 16:55:22,969 # 
2024-05-17 16:55:22,970 # X509 Format:
2024-05-17 16:55:22,973 # PubKey 0         | No restrictions
2024-05-17 16:55:22,976 # PubKey 1         | No restrictions
2024-05-17 16:55:22,979 # PubKey 2         | No restrictions
2024-05-17 16:55:22,983 # PubKey 3         | No restrictions
2024-05-17 16:55:22,983 # 
2024-05-17 16:55:22,984 # Key Config
2024-05-17 16:55:22,987 # ----------------------------------------
2024-05-17 16:55:22,989 # SlotID  | Hex    | Binary
2024-05-17 16:55:22,993 #         |        | 7      0 | 15     8
2024-05-17 16:55:22,996 # --------+--------+----------------------
2024-05-17 16:55:23,000 # 0       | 0x1300 | 00010011 | 00010011 | 
2024-05-17 16:55:23,004 # 1       | 0x1300 | 00010011 | 00010011 | 
2024-05-17 16:55:23,007 # 2       | 0x1300 | 00010011 | 00010011 | 
2024-05-17 16:55:23,011 # 3       | 0x1300 | 00010011 | 00010011 | 
2024-05-17 16:55:23,015 # 4       | 0x1800 | 00011000 | 00011000 | 
2024-05-17 16:55:23,019 # 5       | 0x1800 | 00011000 | 00011000 | 
2024-05-17 16:55:23,022 # 6       | 0x1300 | 00010011 | 00010011 | 
2024-05-17 16:55:23,026 # 7       | 0x1f00 | 00011111 | 00011111 | 
2024-05-17 16:55:23,030 # 8       | 0x1c00 | 00011100 | 00011100 | 
2024-05-17 16:55:23,034 # 9       | 0x1000 | 00010000 | 00010000 | 
2024-05-17 16:55:23,037 # 10      | 0x1000 | 00010000 | 00010000 | 
2024-05-17 16:55:23,041 # 11      | 0x1000 | 00010000 | 00010000 | 
2024-05-17 16:55:23,045 # 12      | 0x1000 | 00010000 | 00010000 | 
2024-05-17 16:55:23,048 # 13      | 0x1000 | 00010000 | 00010000 | 
2024-05-17 16:55:23,052 # 14      | 0x1c00 | 00011100 | 00011100 |

atca read_bin

2024-05-16 08:55:58,145 # atca read_bin
2024-05-16 08:55:58,188 # ConfigZone Binary Data:
2024-05-16 08:55:58,192 # ---------------------------------------------------
2024-05-16 08:55:58,196 # Bytes \ Bits | 7      0 7      0 7      0 7      0
2024-05-16 08:55:58,201 # -------------+-------------------------------------
2024-05-16 08:55:58,207 # 000:003      | 00000001 00100011 10011011 10110110 SN0 SN1 SN2 SN3
2024-05-16 08:55:58,213 # 004:007      | 00000000 00000000 01100000 00000010 RN0 RN1 RN2 RN3
2024-05-16 08:55:58,219 # 008:011      | 11001001 10101101 11110001 11010100 SN4 SN5 SN6 SN7
2024-05-16 08:55:58,225 # 012:015      | 11101110 00000001 01111001 00000000 SN8 RSVD I2CE RSVD
2024-05-16 08:55:58,231 # 016:019      | 11000000 00000000 00000000 00000000 I2CA RSVD OTPM CM
2024-05-16 08:55:58,231 # 
2024-05-16 08:55:58,232 # Slot Config
2024-05-16 08:55:58,237 # ---------------------------------------------------
2024-05-16 08:55:58,241 # Bytes \ Bits | 7      0 15     8 7      0 15     8
2024-05-16 08:55:58,245 # -------------+-------------------------------------
2024-05-16 08:55:58,251 # 020:023      | 10000111 00100000 10000111 00100000 SC0 SC0 SC1 SC1
2024-05-16 08:55:58,257 # 024:027      | 10000111 00100000 10000111 00100000 SC2 SC2 SC3 SC3
2024-05-16 08:55:58,263 # 028:031      | 10000111 00000000 10000111 00000000 SC4 SC4 SC5 SC5
2024-05-16 08:55:58,269 # 032:035      | 10001111 00100000 10000111 00100000 SC6 SC6 SC7 SC7
2024-05-16 08:55:58,275 # 036:039      | 00000000 00000000 00000000 00000000 SC8 SC8 SC9 SC9
2024-05-16 08:55:58,282 # 040:043      | 00000000 00000000 00000000 00000000 SC10 SC10 SC11 SC11
2024-05-16 08:55:58,288 # 044:047      | 00000000 00000000 00000000 00000000 SC12 SC12 SC13 SC13
2024-05-16 08:55:58,294 # 048:051      | 00000000 00000000 00000000 00000000 SC14 SC14 SC15 SC15
2024-05-16 08:55:58,300 # 052:055      | 00000000 00000000 00000000 00000001 CNT0 CNT0 CNT0 CNT0
2024-05-16 08:55:58,307 # 056:059      | 00000000 00000000 00000000 00000000 CNT0 CNT0 CNT0 CNT0
2024-05-16 08:55:58,313 # 060:063      | 00111111 11111111 11111111 11111111 CNT1 CNT1 CNT1 CNT1
2024-05-16 08:55:58,319 # 064:067      | 00000000 00000000 00000000 00000000 CNT1 CNT1 CNT1 CNT1
2024-05-16 08:55:58,326 # 068:071      | 00000000 00000000 00000000 00000000 LKU0 LKU1 LKU2 LKU3
2024-05-16 08:55:58,332 # 072:075      | 00000000 00000000 00000000 00000000 LKU4 LKU5 LKU6 LKU7
2024-05-16 08:55:58,338 # 076:079      | 00000000 00000000 00000000 00000000 LKU8 LKU9 LKU10 LKU11
2024-05-16 08:55:58,345 # 080:083      | 00000000 00000000 00000000 00000000 LKU12 LKU13 LKU14 LKU15
2024-05-16 08:55:58,351 # 084:087      | 00000000 11000001 00000000 00000000 UE SEL LV LC
2024-05-16 08:55:58,357 # 088:091      | 11111111 11111111 00000000 00000000 SL0 SL1 RFU0 RFU1
2024-05-16 08:55:58,364 # 092:095      | 00000000 00000000 00000000 00000000 X509-0 X509-1 X509-2 X509-3
2024-05-16 08:55:58,364 # 
2024-05-16 08:55:58,365 # Key Config
2024-05-16 08:55:58,369 # ---------------------------------------------------
2024-05-16 08:55:58,374 # Bytes \ Bits | 7      0 15     8 7      0 15     8
2024-05-16 08:55:58,378 # -------------+-------------------------------------
2024-05-16 08:55:58,384 # 096:099      | 00010011 00000000 00010011 00000000 KC0 KC0 KC1 KC1
2024-05-16 08:55:58,390 # 100:103      | 00010011 00000000 00010011 00000000 KC2 KC2 KC3 KC3
2024-05-16 08:55:58,396 # 104:107      | 00011000 00000000 00011000 00000000 KC4 KC4 KC5 KC5
2024-05-16 08:55:58,402 # 108:111      | 00010011 00000000 00011111 00000000 KC6 KC6 KC7 KC7
2024-05-16 08:55:58,408 # 112:115      | 00011100 00000000 00010000 00000000 KC8 KC8 KC9 KC9
2024-05-16 08:55:58,414 # 116:119      | 00010000 00000000 00010000 00000000 KC10 KC10 KC11 KC11
2024-05-16 08:55:58,421 # 120:123      | 00010000 00000000 00010000 00000000 KC12 KC12 KC13 KC13
2024-05-16 08:55:58,427 # 124:127      | 00011100 00000000 00011100 00000000 KC14 KC14 KC15 KC15

@github-actions github-actions bot added the Area: sys Area: System label May 16, 2024
@maribu maribu requested review from kYc0o and mguetschow May 20, 2024 08:59
@kYc0o kYc0o self-assigned this May 20, 2024
@mguetschow mguetschow added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label May 21, 2024
@riot-ci
Copy link

riot-ci commented May 21, 2024
edited

Murdock results

✔️ PASSED

002882a pkg/cryptoauthlib: add example config

Success Failures Total Runtime
10161 0 10161 19m:41s

Artifacts

@kYc0o
Copy link
Contributor

kYc0o commented May 27, 2024

I've tested it with a ATECC608C with success! Although my output looks a bit different, especially the part on which slots data/keys are stored:

Counter 0         | 0xff 0xff 0xff 0xff
Counter 1         | 0xff 0xff 0xff 0xff
UseLockEnable     | False
VolatileKeyPermit | Disabled
SecureBootMode    | Disabled
SecureBootPersist | Disabled
SecureBootNonce   | Optional, controlled by SecureBootMode
Secure Boot Signature or Digest stored in slot 7
Secure Boot Public Key stored in slot 240

Slot 7 seems ok but slot 240 doesn't.
In this other example it shows another kind of random number:

Chip Options:
Power On Self Test| Disabled
IO Prot Key       | Enabled
AES KDF           | Enabled
ECDH              | Clear Output on Bus OK
KDF               | Clear Output on Bus OK
IO Protection Key stored in slot 96

I don't mind much that output since the device and key config are what is expected from the configuration which was originally flashed into the device by the manufacturer.
I think after the comments by the automatic review are addressed this PR could be ready for merge.

@github-actions github-actions bot added the Area: pkg Area: External package ports label May 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kYc0o kYc0o Awaiting requested review from kYc0o

@mguetschow mguetschow Awaiting requested review from mguetschow

@PeterKietzmann PeterKietzmann Awaiting requested review from PeterKietzmann PeterKietzmann is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@kYc0o kYc0o

Labels
Area: pkg Area: External package ports Area: sys Area: System CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Einhornhool @riot-ci @kYc0o @mguetschow