From 2ac8c5f20b3270c394a87e43fbd7882374a9f9b6 Mon Sep 17 00:00:00 2001 From: pennam Date: Fri, 1 Mar 2024 13:57:00 +0100 Subject: [PATCH 1/5] Examples: RandomNumber fix serial prints referring to ECCX08 --- examples/RandomNumber/RandomNumber.ino | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/RandomNumber/RandomNumber.ino b/examples/RandomNumber/RandomNumber.ino index 55404da..7918c53 100644 --- a/examples/RandomNumber/RandomNumber.ino +++ b/examples/RandomNumber/RandomNumber.ino @@ -1,5 +1,5 @@ /* - secureElement Random Number + SecureElement Random Number This sketch uses the ECC508/ECC608 or SE050 to generate a random number every second and print it to the Serial Monitor @@ -19,12 +19,12 @@ void setup() { while (!Serial); if (!secureElement.begin()) { - Serial.println("Failed to communicate with ECC508/ECC608!"); + Serial.println("Failed to communicate with SecureElement!"); while (1); } if (!secureElement.locked()) { - Serial.println("The ECC508/ECC608 is not locked!"); + Serial.println("The SecureElement is not locked!"); while (1); } } From 96ab727d3c77b91eb1c0418f19496d327753cab0 Mon Sep 17 00:00:00 2001 From: pennam Date: Fri, 1 Mar 2024 13:58:12 +0100 Subject: [PATCH 2/5] Examples: add dedicated example skecth for ATECCX08 configuration and locking --- .../ConfigurationLocking.ino | 111 ++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 examples/ConfigurationLocking/ConfigurationLocking.ino diff --git a/examples/ConfigurationLocking/ConfigurationLocking.ino b/examples/ConfigurationLocking/ConfigurationLocking.ino new file mode 100644 index 0000000..988e347 --- /dev/null +++ b/examples/ConfigurationLocking/ConfigurationLocking.ino @@ -0,0 +1,111 @@ +/* + Configure and Lock your ATECCX08 SecureElement + + This sketch can be used to apply default configuration and lock + yout ATECCX08 Secure Element. + Default configuration can be found here: + https://github.com/arduino-libraries/ArduinoECCX08/blob/master/src/utility/ECCX08DefaultTLSConfig.h + + SE050 do not have EEPROM configuration and do not need to be locked + to work correctly. secureElement.locked() always return true for SE050 + and the sketch does nothing. + + The circuit: + - A board equipped with ECC508 or ECC608 or SE050 chip + + This example code is in the public domain. +*/ + +#include + +void setup() { + Serial.begin(9600); + while (!Serial); + + SecureElement secureElement; + + if (!secureElement.begin()) { + Serial.println("No SecureElement present!"); + while (1); + } + + String serialNumber = secureElement.serialNumber(); + + Serial.print("SecureElement Serial Number = "); + Serial.println(serialNumber); + Serial.println(); + + if (!secureElement.locked()) { + String lock = promptAndReadLine("The SecureElement on your board is not locked, would you like to PERMANENTLY configure and lock it now? (y/N)", "N"); + lock.toLowerCase(); + + if (!lock.startsWith("y")) { + Serial.println("Unfortunately you can't proceed without locking it :("); + while (1); + } + + if (!secureElement.writeConfiguration()) { + Serial.println("Writing SecureElement configuration failed!"); + while (1); + } + + if (!secureElement.lock()) { + Serial.println("Locking SecureElement configuration failed!"); + while (1); + } + + Serial.println("SecureElement locked successfully"); + Serial.println(); + } else { +#if defined(SECURE_ELEMENT_IS_ECCX08) + Serial.println("SecureElement already locked!"); + Serial.println(); +#else + Serial.println("SecureElement does not need to be locked!"); + Serial.println(); +#endif + } + +} + +void loop() { + // do nothing +} + +String promptAndReadLine(const char* prompt, const char* defaultValue) { + Serial.print(prompt); + Serial.print(" ["); + Serial.print(defaultValue); + Serial.print("]: "); + + String s = readLine(); + + if (s.length() == 0) { + s = defaultValue; + } + + Serial.println(s); + + return s; +} + +String readLine() { + String line; + + while (1) { + if (Serial.available()) { + char c = Serial.read(); + + if (c == '\r') { + // ignore + continue; + } else if (c == '\n') { + break; + } + + line += c; + } + } + + return line; +} From 724948491fdf9cbfa70b5be516dd91e71ec6311d Mon Sep 17 00:00:00 2001 From: pennam Date: Mon, 18 Mar 2024 08:55:32 +0100 Subject: [PATCH 3/5] Examples: RandomNumber add note about the ConfigurationLocking example --- examples/RandomNumber/RandomNumber.ino | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/examples/RandomNumber/RandomNumber.ino b/examples/RandomNumber/RandomNumber.ino index 7918c53..650ae8f 100644 --- a/examples/RandomNumber/RandomNumber.ino +++ b/examples/RandomNumber/RandomNumber.ino @@ -4,6 +4,10 @@ This sketch uses the ECC508/ECC608 or SE050 to generate a random number every second and print it to the Serial Monitor + If the SecureElement is not configured and locked the ConfigurationLocking + example should be used before running this sketch to setup the chip with a + default TLS configuration. + Circuit: - A board equipped with ECC508 or ECC608 or SE050 chip @@ -35,4 +39,3 @@ void loop() { delay(1000); } - From 1580af9fda91a9e2978f678c0e9623a531ac614b Mon Sep 17 00:00:00 2001 From: pennam Date: Mon, 18 Mar 2024 08:56:52 +0100 Subject: [PATCH 4/5] Examples: fix sketch description using SecureElement naming --- .../CertificateSigningRequest/CertificateSigningRequest.ino | 2 +- examples/SelfSignedCertificate/SelfSignedCertificate.ino | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/CertificateSigningRequest/CertificateSigningRequest.ino b/examples/CertificateSigningRequest/CertificateSigningRequest.ino index 226da43..88dd35c 100644 --- a/examples/CertificateSigningRequest/CertificateSigningRequest.ino +++ b/examples/CertificateSigningRequest/CertificateSigningRequest.ino @@ -4,7 +4,7 @@ This sketch can be used to generate a CSR for a private key generated in an ECC508/ECC608 or SE050 crypto chip slot. - If the ECC508/ECC608 is not configured and locked it prompts + If the SecureElement is not configured and locked it prompts the user to configure and lock the chip with a default TLS configuration. diff --git a/examples/SelfSignedCertificate/SelfSignedCertificate.ino b/examples/SelfSignedCertificate/SelfSignedCertificate.ino index c859d73..6c8adf2 100644 --- a/examples/SelfSignedCertificate/SelfSignedCertificate.ino +++ b/examples/SelfSignedCertificate/SelfSignedCertificate.ino @@ -4,7 +4,7 @@ This sketch can be used to generate a self signed certificate for a private key generated in an ECC508/ECC608 or SE050 crypto chip slot. - If the crypto chip is not configured and locked it prompts + If the SecureElement is not configured and locked it prompts the user to configure and lock the chip with a default TLS configuration. @@ -145,4 +145,4 @@ String readLine() { } return line; -} \ No newline at end of file +} From 85baef4253a00c23ca0fd6633f08889f4d089fd2 Mon Sep 17 00:00:00 2001 From: Mattia Pennasilico Date: Mon, 18 Mar 2024 08:59:29 +0100 Subject: [PATCH 5/5] Examples: ConfigurationLocking fix typo in sketch description Co-authored-by: per1234 --- examples/ConfigurationLocking/ConfigurationLocking.ino | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/ConfigurationLocking/ConfigurationLocking.ino b/examples/ConfigurationLocking/ConfigurationLocking.ino index 988e347..bd18226 100644 --- a/examples/ConfigurationLocking/ConfigurationLocking.ino +++ b/examples/ConfigurationLocking/ConfigurationLocking.ino @@ -7,7 +7,7 @@ https://github.com/arduino-libraries/ArduinoECCX08/blob/master/src/utility/ECCX08DefaultTLSConfig.h SE050 do not have EEPROM configuration and do not need to be locked - to work correctly. secureElement.locked() always return true for SE050 + to work correctly. secureElement.locked() always returns true for SE050 and the sketch does nothing. The circuit: