Close

TSensor OS and SE050 Driver

A project log for TSensor

Trusted and Secure Lorawan Sensor

michael-grandMichael Grand 05/04/2020 at 18:130 Comments

The first step of the TSensor development was to choose an OS natively supporting most of the required features. Nowadays, there is a large number of embedded OS which could be used to build the TSensor node. If we only consider Open Source (and free) OS, my short list was :

At the end, MBED was chosen as the B-L072Z-LRWAN1 board is natively supported by this OS (including the Lorawan stack). Unfortunately, this is not the case for the SE050 secure element (others OS do not natively support this component neither). At this point, there is two strategies: either port the NXP Plug & Trust middleware to MBED OS or develop a driver from scratch.

There is two problems with the former strategy: First, a large part of the NXP's middleware source code is licensed under a restrictive license which does not allow to share it. In addition, its source code analysis shows that this piece of software is really memory hungry. Several buffers as large as 1024 bytes are used to store temporary data during command building. In the same time, one of the main concern when dealing with MBED OS is its memory footprint. Indeed, MBED OS and the Lorawan stack consume almost all the available volatile memory of the STM32L072 MCU. In consequence, it is hardly possible to use both MBED OS with its Lorawan stack and the NXP's Plug & Trust middleware at the same time on such a cheap chip like the STM32L072. Therefore the only viable strategy is to develop an SE050 driver from scratch keeping in mind that its volatile memory footprint should be as small as possible.

TSensor development platform is designed to meet the use case where measures from an environmental sensor have be authenticated. Thus, only the management of the SE050 attestation mechanism used to authenticate the data exchanged on a I2C bus connecting a sensor with a host MCU has to be implemented. In addition, because measurements are not confidential (at least in the vicinity of the sensor) and because attestation mechanism is based on asymmetric cryptography, exchanges between the host MCU and the SE050 do not need to be encrypted to be secure. Consequently, the minimal SE050 driver required to build a trusted node is not so complex.

SE050 driver is composed of two layers:

On the following github repo (mbed-se050-drv), you will find an MBED library implementing the previously described minimal driver, it allows to use the SE050 I2C attestation feature. You can use repo mbed-se050-example to test this library.

In the next post, you will learn how to use the mbed-se050-drv library to build a trusted lorawan end-node.

Discussions