Changes between Version 1 and Version 2 of venice/edgelock


Ignore:
Timestamp:
08/12/2025 06:53:19 PM (3 days ago)
Author:
Ryan Erbstoesser
Comment:

add notes for veniceflex

Legend:

Unmodified
Added
Removed
Modified

  • venice/edgelock

    v1 v2  
    22
    33= NXP !EdgeLock Secure Enclave
    4 While the i.MX8M does have its own internal !EdgeLock Secure Enclave it only allows up to FIPS level 2 and in some cases level 3 is required (which requires the keys are stored in a different IC).
     4
     5Gateworks has added the NXP EdgeLock SEO52F Secure Element with FIPS 140-3 Level 3 Certification to VeniceFLEX and Catalina SBCs.
     6
     7While the i.MX8M processor used on the SBCs does have its own internal !EdgeLock Secure Enclave it only allows up to FIPS level 2 and in some cases level 3 is required (which requires the keys are stored in a different IC).
    58
    69The SE05x speaks SCP03 on top of I2C and can co-exist with other I2C devices. It is often used within OPTEE with a trampoline driver that hooks into Linux with an SMC call to allow Linux owning the I2C bus but OPTEE still allowed controlled access
     
    2427The following Gateworks boards have a SE05x chip on-board:
    2528||= Family =||= Board =||= Chip =||= bus/address =||= reset =||
    26 || Venice   || GW8201-C+ || SE052F || I2C2@0x48 || N/A ||
     29|| VeniceFLEX   || GW8201-C+ || SE052F || I2C2@0x48 || N/A ||
     30
     31* Note, the SE052F is not available on standard Venice, only VeniceFLEX
    2732
    2833
     
    3540Valid chip addresses: 48
    3641}}}
    37   - the valid chip address above confirms SCL/SDA/VDD_3V3/GND are wired correctly and powered
     42  - The valid chip address above confirms SCL/SDA/VDD_3V3/GND are wired correctly and powered
    3843
    3944Because there is no U-Boot or Linux kernel driver there does not need to be any device-tree node for the device.
     
    4247
    4348=== NXP Plug & Trust Middleware
    44 The NXP Plug & Trust middleware communicates with the SE05x directly in userspace via the I2C device file (e.g., /dev/i2c-1). It uses the Linux I2C userspace interface (ioctl calls) to send T1oI2C APDUs, bypassing the need for a dedicated kernel driver. The middleware handles all protocol details, including authentication (e.g., SCP03) and command formatting. Because this is in userspace there is no dt entry needed as long as the I2C bus is enabled.
     49The NXP Plug & Trust middleware communicates with the SE05x directly in userspace via the I2C device file (e.g., /dev/i2c-1). It uses the Linux I2C userspace interface (ioctl calls) to send T1oI2C APDUs, bypassing the need for a dedicated kernel driver. The middleware handles all protocol details, including authentication (e.g., SCP03) and command formatting. Because this is in userspace there is no device-tree entry needed as long as the I2C bus is enabled.
    4550
    4651There are multiple flavors of the NXP Plug & Trust Middleware below are very minimal examples of getting it up and running by building software on the target board itself.
     
    5055
    5156Notes:
    52  - example apps take a 'port' argument identifying the bus and address via <busdev>:<slaveaddr> (ie '/dev/i2c-1:0x48' for GW8201). Note that while the busdev is a Linux path that exists the ':0x48' will not exist in a device path)
    53  - the ssscli ssscli tool isnt' a standalone binary; its a python based CLI installed via setup.py after building the middleware libraries.
    54  - there are fairly detailed HTML docs within the docs directory
     57 - Example apps take a 'port' argument identifying the bus and address via <busdev>:<slaveaddr> (ie '/dev/i2c-1:0x48' for GW8201). Note that while the busdev is a Linux path that exists the ':0x48' will not exist in a device path)
     58 - The ssscli ssscli tool isnt' a standalone binary; its a python based CLI installed via setup.py after building the middleware libraries.
     59 - There are fairly detailed HTML docs within the docs directory
    5560
    5661Building:
     
    255260
    256261Example:
    257  * build
     262 * Build
    258263{{{#!bash
    259264# install pre-requisites
    260265apt update && apt install -y build-essential git cmake python3 python3-pip python3-setuptools python3-wheel libssl-dev libusb-1.0-0-dev pkg-config unzip wget
    261266
    262 # fetch code
     267# Fetch code
    263268git clone https://github.com/NXPPlugNTrust/nano-package
    264269cd nano-package
    265270
    266 # configure
     271# Configure
    267272cd examples/se05x_GetInfo/linux
    268273mkdir build
     
    270275cmake ../
    271276
    272 # build
     277# Build
    273278make
    274279}}}