NXP already provides all the stuff needed to use the SE050 as a pkcs11 token but documentation is not so easy to understand.
First of all you will have to install all the required packages on raspbian:
sudo apt-get update sudo apt-get install cmake cmake-curses-gui cmake-gui libssl-dev python3-pip libffi-dev sudo apt-get install gnutls-bin sudo apt-get install opensc opensc-pkcs11
The if we consider that you have already downloaded and unzipped the Plug & Trust MW from NXP in the '~/se050_mw' directory (as explained in my previous post), you can type the following commands:
cd ~/se050_mw/simw-top/ python scripts/create_cmake_projects.py cd ~/se050_mw/simw-top_build/raspbian_native_se050_t1oi2c ccmake .
A configuration window should appear, set the following parameters to the given values:
RTOS = Default mbedTLS_ALT = SSS HostCrypto = MBEDTLS
Launch the compilation and wait for a while (-_-) :
cmake --build . sudo make install sudo ldconfig /usr/local/lib export PKCS11_MODULE=/usr/local/lib/libsss_pkcs11.so
Now your SE050 breakout board is ready to bu used as a PKCS11 token. if you list the available PKCS11 slots using pkcs11-tool from OpenSC, you should see the following output:
pkcs11-tool --module $PKCS11_MODULE --list-slots Available slots: Slot 0 (0x1): token label : SSS_PKCS11 token manufacturer : NXP token model : token flags : rng, token initialized hardware version : 3.1 firmware version : 2.16 serial num : pin min/max : 0/10
In a next post, we will see how to use SE050 breakout board through pkcs11-tool.