Close
0%
0%

SE050 Security Breakout Board

Breakout board intended to secure Raspberry PI or others IoT products thanks to SE050 secure element from NXP

Similar projects worth following
Breakout board intended to secure Raspberry PI or others IoT products thanks to SE050 secure element from NXP

This product is a breakout board for SE050 Secure Element from NXP. It can be used to secure your IoT device against both remote and physical attackers.

Key Benefits

  • Easy to use, just plug to your RPi and follow tutorials from NXP. Easier to use than SE050 dev board from NXP which requires wire jumpers.
  • Ready-to-use examples available in Plug & Trust Middleware

Key Features

  • CC EAL6+ based HW and OS running NXP IoT applet
  • RSA and ECC Signature/Verification
  • AES Encryption/Decryption
  • HMAC, CMAC, SHA-1, SHA-2
  • Fully encrypted communications between SE050 and RPi
  • Open source library from NXP
  • Attestation of outputs from an I2C sensor connected as a slave

Use Cases

  • Secure connection to clouds (Amazon AWS, Microsoft Azure, Google GCP, IBM Watson),
  • Wi-Fi Credential protection,
  • Anti-cloning
  • I2C sensor data protection

  • Version 2.0 of the board

    Michael Grand01/08/2022 at 16:26 0 comments

    A new version of the board a now available on Tindie. Schematic is the same but the breakout board is smaller to better fit your project.

  • Discount on SE050 Breakout Board

    Michael Grand10/22/2020 at 20:47 0 comments

    There is a limited 20% discount (24$ instead of 30$) on the SE050 Breakout board. Don't miss it!

  • Using SE050 Breakout board as a PKCS11 token

    Michael Grand10/22/2020 at 18:39 0 comments

    NXP already provides all the stuff needed to use the SE050 as a pkcs11 token but documentation is not so easy to understand.

    First of all you will have to install all the required packages on raspbian:

    sudo apt-get update
    sudo apt-get install cmake cmake-curses-gui cmake-gui libssl-dev python3-pip libffi-dev
    sudo apt-get install gnutls-bin
    sudo apt-get install opensc opensc-pkcs11

    The if we consider that you have already downloaded and unzipped the Plug & Trust MW from NXP in the '~/se050_mw' directory (as explained in my previous post), you can type the following commands:

    cd ~/se050_mw/simw-top/
    python scripts/create_cmake_projects.py
    cd ~/se050_mw/simw-top_build/raspbian_native_se050_t1oi2c
    ccmake .

    A configuration window should appear, set the following parameters to the given values:

    RTOS = Default
    mbedTLS_ALT = SSS
    HostCrypto = MBEDTLS

     Launch the compilation and wait for a while (-_-) :

    cmake --build .
    sudo make install
    sudo ldconfig /usr/local/lib
    export PKCS11_MODULE=/usr/local/lib/libsss_pkcs11.so

    Now your SE050 breakout board is ready to bu used as a PKCS11 token. if you list the available PKCS11 slots using pkcs11-tool from OpenSC, you should see the following output:

    pkcs11-tool --module $PKCS11_MODULE --list-slots
    
    Available slots:
    Slot 0 (0x1):
      token label        : SSS_PKCS11
      token manufacturer : NXP
      token model        :
      token flags        : rng, token initialized
      hardware version   : 3.1
      firmware version   : 2.16
      serial num         :
      pin min/max        : 0/10

    In a next post, we will see how to use SE050 breakout board through pkcs11-tool.

  • Configuring the SE050 chip

    Michael Grand10/04/2020 at 17:49 0 comments

    NXP provides a simple tool intended to ease SE050 configuration. To install it type the following commands:

    cd ~/se050_mw/simw-top/pycli/
    sudo pip3 install -r requirements.txt
    sudo pip3 install -e src/

    Then you can use the 'ssscli' command to control/configure your SE050 secure element. For example:

    #connect to se050
    ssscli connect se050 t1oi2c none
    #get SE050 UID
    ssscli se05x uid
    #list objects on SE050
    ssscli se05x readidlist
    #generate a 4096bits RSA key pair at address 0xf0000201
    ssscli generate rsa 0xf0000201 4096
    #sign a file
    touch foo
    ssscli sign 0xf0000201 foo foo_sig
    #verify file
    ssscli verify 0xf0000201 foo foo_sig

    SSCLI program provides other interesting features allowing to easily personalize your SE050 chip. Check the documentation provided with the NXP Plug & Trust MW for more information.

    In the next post, i will explain how to use the SE050 chip as a standard PKCS11 token using OpenSC pkcs11-tool.

View all 4 project logs

  • 1
    Identify the pins on the RPi

    Identify on your RPi the six pins (1 to 6 according to RPi documentation) illustrated on the following picture (pins are the same on RPi ZW, RPi 2, 3 & 4):

  • 2
    Connect your breakout board

    Connect your breakout board on these pins according to the following picture (breakout board should be ABOVE the Raspberry Pi board). !!!Beware connecting the breakout board incorrectly WILL BREAK your board!!!

  • 3
    Installing Raspbery PI OS and enable I2C port

    If you don't have an already ready to use Raspberry PI, you can follow the installation  instructions from the official website. Once installed, you have to enable I2C port in Linux kernel using the raspi-config command (5 Interfacing Options -> P5 I2C):

    sudo raspi-config
    sudo reboot
    

View all 6 instructions

Enjoy this project?

Share

Discussions

greatdubaie wrote 08/31/2023 at 06:41 point

My engagement with the project has brought significant value, and I'd like to extend this insight to the https://hmrentacardubai.com/ajman-rent-car/ rent a car in ajman company team. This way, they can gain from it as well and consider integrating innovative approaches. 

  Are you sure? yes | no

hillerabde768 wrote 03/18/2023 at 18:21 point

There has been a great deal of value to me in my involvement with the project. Would like to share it with the security patrol company team so they can also read it and implement something new.

  Are you sure? yes | no

Kris Keillor wrote 12/20/2022 at 00:05 point

Thanks for sharing this project - I am trying to figure out how to include a "Secure Element" in a LoRaWAN project, which I was planning to be RP-2040 based, until I learned about the Secure Element requirements. Your links to the NXP documentation are really helpful. But I can't find this on Tindie anymore, is it still available for sale?

  Are you sure? yes | no

Michael Grand wrote 12/20/2022 at 15:48 point

Hi Kris, unfortunately I don't sale it anymore but you can still buy the new version of the NXP dev kit OM-SE050ARD-E (while its quite expensive).

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates