Close
0%
0%

SE050 Security Breakout Board

Breakout board intended to secure Raspberry PI or others IoT products thanks to SE050 secure element from NXP

michael-grandMichael Grand
Following
Liked Like project

Just one more thing

To make the experience fit your profile, pick a username and tell us what interests you.

Pick an awesome username
hackaday.io/
Your profile's URL: hackaday.io/username. Max 25 alphanumeric characters.
Pick a few interests
Projects that share your interests
People that share your interests

We found and based on your interests.

Choose more interests.

OK, I'm done! Skip
Similar projects worth following
4k views
4 comments
1.7k followers
View Gallery
Breakout board intended to secure Raspberry PI or others IoT products thanks to SE050 secure element from NXP

This product is a breakout board for SE050 Secure Element from NXP. It can be used to secure your IoT device against both remote and physical attackers.

Key Benefits

  • Easy to use, just plug to your RPi and follow tutorials from NXP. Easier to use than SE050 dev board from NXP which requires wire jumpers.
  • Ready-to-use examples available in Plug & Trust Middleware

Key Features

  • CC EAL6+ based HW and OS running NXP IoT applet
  • RSA and ECC Signature/Verification
  • AES Encryption/Decryption
  • HMAC, CMAC, SHA-1, SHA-2
  • Fully encrypted communications between SE050 and RPi
  • Open source library from NXP
  • Attestation of outputs from an I2C sensor connected as a slave

Use Cases

  • Secure connection to clouds (Amazon AWS, Microsoft Azure, Google GCP, IBM Watson),
  • Wi-Fi Credential protection,
  • Anti-cloning
  • I2C sensor data protection

  • Version 2.0 of the board

    Michael Grand01/08/2022 at 16:26 0 comments

    A new version of the board a now available on Tindie. Schematic is the same but the breakout board is smaller to better fit your project.

  • Discount on SE050 Breakout Board

    Michael Grand10/22/2020 at 20:47 0 comments

    There is a limited 20% discount (24$ instead of 30$) on the SE050 Breakout board. Don't miss it!

  • Using SE050 Breakout board as a PKCS11 token

    Michael Grand10/22/2020 at 18:39 0 comments

    NXP already provides all the stuff needed to use the SE050 as a pkcs11 token but documentation is not so easy to understand.

    First of all you will have to install all the required packages on raspbian:

    sudo apt-get update
sudo apt-get install cmake cmake-curses-gui cmake-gui libssl-dev python3-pip libffi-dev
sudo apt-get install gnutls-bin
sudo apt-get install opensc opensc-pkcs11

    The if we consider that you have already downloaded and unzipped the Plug & Trust MW from NXP in the '~/se050_mw' directory (as explained in my previous post), you can type the following commands:

    cd ~/se050_mw/simw-top/
python scripts/create_cmake_projects.py
cd ~/se050_mw/simw-top_build/raspbian_native_se050_t1oi2c
ccmake .

    A configuration window should appear, set the following parameters to the given values:

    RTOS = Default
mbedTLS_ALT = SSS
HostCrypto = MBEDTLS

     Launch the compilation and wait for a while (-_-) :

    cmake --build .
sudo make install
sudo ldconfig /usr/local/lib
export PKCS11_MODULE=/usr/local/lib/libsss_pkcs11.so

    Now your SE050 breakout board is ready to bu used as a PKCS11 token. if you list the available PKCS11 slots using pkcs11-tool from OpenSC, you should see the following output:

    pkcs11-tool --module $PKCS11_MODULE --list-slots

Available slots:
Slot 0 (0x1):
  token label        : SSS_PKCS11
  token manufacturer : NXP
  token model        :
  token flags        : rng, token initialized
  hardware version   : 3.1
  firmware version   : 2.16
  serial num         :
  pin min/max        : 0/10

    In a next post, we will see how to use SE050 breakout board through pkcs11-tool.

  • Configuring the SE050 chip

    Michael Grand10/04/2020 at 17:49 0 comments

    NXP provides a simple tool intended to ease SE050 configuration. To install it type the following commands:

    cd ~/se050_mw/simw-top/pycli/
sudo pip3 install -r requirements.txt
sudo pip3 install -e src/

    Then you can use the 'ssscli' command to control/configure your SE050 secure element. For example:

    #connect to se050
ssscli connect se050 t1oi2c none
#get SE050 UID
ssscli se05x uid
#list objects on SE050
ssscli se05x readidlist
#generate a 4096bits RSA key pair at address 0xf0000201
ssscli generate rsa 0xf0000201 4096
#sign a file
touch foo
ssscli sign 0xf0000201 foo foo_sig
#verify file
ssscli verify 0xf0000201 foo foo_sig

    SSCLI program provides other interesting features allowing to easily personalize your SE050 chip. Check the documentation provided with the NXP Plug & Trust MW for more information.

    In the next post, i will explain how to use the SE050 chip as a standard PKCS11 token using OpenSC pkcs11-tool.

View all 4 project logs

  • 1
    Identify the pins on the RPi

    Identify on your RPi the six pins (1 to 6 according to RPi documentation) illustrated on the following picture (pins are the same on RPi ZW, RPi 2, 3 & 4):

  • 2
    Connect your breakout board

    Connect your breakout board on these pins according to the following picture (breakout board should be ABOVE the Raspberry Pi board). !!!Beware connecting the breakout board incorrectly WILL BREAK your board!!!

  • 3
    Installing Raspbery PI OS and enable I2C port

    If you don't have an already ready to use Raspberry PI, you can follow the installation  instructions from the official website. Once installed, you have to enable I2C port in Linux kernel using the raspi-config command (5 Interfacing Options -> P5 I2C):

    sudo raspi-config
sudo reboot

View all 6 instructions

Enjoy this project?

Share

Discussions

greatdubaie wrote 08/31/2023 at 06:41 point

My engagement with the project has brought significant value, and I'd like to extend this insight to the https://hmrentacardubai.com/ajman-rent-car/ rent a car in ajman company team. This way, they can gain from it as well and consider integrating innovative approaches. 

  Are you sure? yes | no

hillerabde768 wrote 03/18/2023 at 18:21 point

There has been a great deal of value to me in my involvement with the project. Would like to share it with the security patrol company team so they can also read it and implement something new.

  Are you sure? yes | no

Kris Keillor wrote 12/20/2022 at 00:05 point

Thanks for sharing this project - I am trying to figure out how to include a "Secure Element" in a LoRaWAN project, which I was planning to be RP-2040 based, until I learned about the Secure Element requirements. Your links to the NXP documentation are really helpful. But I can't find this on Tindie anymore, is it still available for sale?

  Are you sure? yes | no

Michael Grand wrote 12/20/2022 at 15:48 point

Hi Kris, unfortunately I don't sale it anymore but you can still buy the new version of the NXP dev kit OM-SE050ARD-E (while its quite expensive).

  Are you sure? yes | no

Similar Projects

This board is simply a shield of sensors that can be attached to any Raspberry Pi Zero, Zero2, 3, 4 and run Ardupilot Firmware.
Project Owner Contributor

OBAL Board - DIY Ardupilot on Linux

mhefnyMHefny

Using lot of modules and peripherals to use all of abilities of LPC NXP MCUs. make it suitable for starting ARM training.
Project Owner Contributor

LPC1788FBD208 training board, Mini Tablet & CAR PC

hosein-movahedian-attarHosein Movahedian Attar

Dive into the world of CircuitPython with the new BPI-PicoW, a new ESP32S3 board released by Banana Pi.
Project Owner Contributor

The BPI-PicoW-S3, A New Player in Town

joey-shyuJoey Shyu

A development board for the ATtiny84a which can be used on a bread board. Just all the basics to run the micronucleus bootloader.
Project Owner Contributor

ATtiny84a tiniest development board

sander-van-de-borSander van de Bor

Does this project spark your interest?

Become a member to follow this project and never miss any updates

Yes, delete it Cancel

Report project as inappropriate

You are about to report the project "SE050 Security Breakout Board", please tell us the reason.

Send message

Your application has been submitted.

Remove Member

Are you sure you want to remove yourself as a member for this project?

Project owner will be notified upon removal.