Some time ago (around August 2016) embedded community media were hit with hype around simplified flow for AWS IoT provisioning (1, 2, 3). I’m personally very interested in all categories related to those news:
IoT – is 3mdeb business core and despite this term was largely abused these days, we just love to build connected embedded devices. Building this kind of devices is inherently related with firmware deployment, provisioning and update problems.
AWS – truly it is had to find similar level of quality and feature-richness and because I was lucky to invest my time and work with grandfather of AWS IoT (namely 2lemetry ThingFabric) I naturally try to follow this trend and make sure 3mdeb customers use best in class product in IoT cloud segment. To provide that service we try to be on track with all news related to AWS IoT.
Security – there will be not so much work for Embedded System Consultants if IoT will be rejected because of security issues. I’m sure I don’t have to convince anyone about important of security. Key is to see typical flow that we face in technology (especially in security area):
1 2 3 4 5
AWS IoT cryptography is not trivial and doing it right is even more complex. Using crypt chips like ECC508A should simplify whole workflow.
Initial idea for this blog post was to triage ECC508A with some Linux or mbed OS enabled platform. Atmel SAM G55 seem to have support in mbed OS here, but diving into CryptoAuthentication with development stack that I’m not sure work fine is not best choice. That’s why I had to try stuff on Windows 10 and then after understanding things better I move to something more convenient.
I mostly relied on ATECC508A Node Authentication Example Using Asymmetric PKI Application Note.
What we need to start is:
Welcome in the world of M$ Windows. I wonder who get idea of excluding Mac and Linux users from Atmel SAM developers community, but this decision was really wrong. Of course there are options like ASF but this requires much more work for setup and is probably not feasible for initial triage post. Unfortunately number of examples in ASF is limited and I can’t find anything related to crypt or i2c.
Atmel Studio is obviously inspired or even build on Visual Studio engine.
CryptoAuthentication Node Basic Example Solution
To make things simple
CryptoAuthentication Node Basic Example Solution.zip,
which you can be downloaded
is 15MB and contain almost 2k of files. Download and unpack archive.
After starting Atmel Studio choose
Open Project..., navigate to
CryptoAuthentication example and choose
node-auth-basic you should get funny
pop-up that tells you to watch out for malicious Atmel Studio projects:
Then you have window with info
Please select your project, so choose
node-auth-basic, then try
Build -> Rebuild Solution, of course this doesn’t
work out of the box.
One of problems that I faced was described
here this is just
OPTIMIZE_HIGH macro. After fixing that both examples compile fine.
I realized that Atmel Studio use older ASF (3.28.1) then what is available (3.32.0), but upgrading ASF leads to upgrading whole project and take time. After upgrade you get report if everything went fine for your 2k files.
The problem with
node-auth-basic is that it is not prepared for SAM G55.
Whole code in
AT88CKECC-AWS-XSTK documents target SAM D21. So you have to
change target device and this is possible only after update. To change device
node-auth-basic project properties and got to
Device tab, then use
Change Device find
SAMG family and use
SAMG55J19. Please note that SAM
G55 devices are not visible if not change
Show devices to
All Parts. Result
should look like this:
I can only imagine how outdated this post will be with next version of Atmel Studio.
Now we get more compilation errors:
With above problem I started to think I’m getting really useless expertise. The issue was pretty clear – we compile for SAMG not for SAMD and we need different header.
ASF installation madness
Moreover when I tried to reinstall ASF I had to register on Atmel page which complained on LastPass and identify my location as Russian Federation (despite I’m in Poland). Of course Atmel Studio open Edge to login me into their website. This whole IDE sucks and do a lot of damage to Atmel – how I can recommend them after all that hassle ? Then after going through password/login Windows 10 detect that something is wrong with Atmel Studio and decided that it have to be restarted. What I finally started installation I get this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
This should be enough to throw it away. Of course I have ~500MB on disk, but this is not enough. I assume that MS way in Windows 10 of providing information to user is throwing exceptions or this was method of handling lack of free space in Atmel Studio.
I gave up
Couple more things that I found:
- There is no easy way to convert examples for ECC508A to make them work with SAMG55 as those examples are mostly created for SAMD21. Clearly Atmel do a lot noise about 250USD kit for which you don’t have examples.
- CryptoAuthentication library doesn’t have HAL for SAMG55
- Atmel engagement in process of supporting community is poor, what can be found here 1,2
- Full datasheet is available only under NDA
I waste lot of time to figure out that evaluation of well advertised product is terribly difficult. I’m sure that lack of knowledge of Atmel ecosystem probably added to my problems. I also didn’t bother to contact community, which is not fair to judge from my side.
Key idea behind this triage was to check ECC508A in environment suggested by manufacturer. It happens that manufacturer didn’t prepare infrastructure and documentation to be able to evaluate product in advertised way. Initial triage was needed for implementation in more complex system with Embedded Linux on board. Luckily during whole this process I found cryptoauth-openssl-engine Github repository. Which I will evaluate in next posts.
If you will struggle with similar problems and pass through some mentioned
above or you successfully triaged
AT88CKECC-AWS-XSTK please let
me know. Other comments as always welcome.