Secure Element Phase 2: Unlocked Hardware Testing #88
Description
Overview
Test ATECC608B integration with real hardware in unlocked/development state before permanent lock.
Prerequisites
- Phase 1 complete (Secure Element Phase 1: Mock Mode Implementation #81 - Mock Mode)
- M5Stack Crypto Unit hardware available (2-3 units recommended)
Hardware Configuration
// M5Stack Crypto Unit (Port A)
static ATCAIfaceCfg cfg_atecc608_i2c = {
.iface_type = ATCA_I2C_IFACE,
.devtype = ATECC608B,
.atcai2c.address = 0x35, // M5Stack Crypto Unit
.atcai2c.bus = 1, // I2C_NUM_1 = Port A (GPIO 2/1)
.atcai2c.baud = 100000,
.wake_delay = 1500,
.rx_retries = 20,
};Trust&GO Slot Assignments
M5Stack Crypto Unit uses Trust&GO - slots 0-3 are pre-provisioned and locked.
| Slot | Trust&GO Usage | Our Usage |
|---|---|---|
| 0-3 | Pre-provisioned (locked) | DO NOT USE |
| 4 | Available | SE_SLOT_MASTER_KEY |
| 5 | Available | SE_SLOT_DEVICE_ID |
| 6 | Available | SE_SLOT_PIN_HMAC |
| 7 | Available | SE_SLOT_COUNTER |
| 8-15 | Available | Future use |
Implementation Tasks
1. I2C Bus Initialization
// Port A separate from BSP internal I2C
#define PORT_A_SDA GPIO_NUM_2
#define PORT_A_SCL GPIO_NUM_1
i2c_config_t port_a_conf = {
.mode = I2C_MODE_MASTER,
.sda_io_num = PORT_A_SDA,
.scl_io_num = PORT_A_SCL,
.sda_pullup_en = GPIO_PULLUP_ENABLE,
.scl_pullup_en = GPIO_PULLUP_ENABLE,
.master.clk_speed = 100000,
};
i2c_param_config(I2C_NUM_1, &port_a_conf);
i2c_driver_install(I2C_NUM_1, I2C_MODE_MASTER, 0, 0, 0);2. Device Detection Test
int se_detect(void) {
uint8_t revision[4];
ATCA_STATUS status = atcab_init(&cfg_atecc608_i2c);
if (status != ATCA_SUCCESS) return -1;
status = atcab_info(revision);
ESP_LOGI(TAG, "ATECC608B revision: %02x%02x%02x%02x",
revision[0], revision[1], revision[2], revision[3]);
return (status == ATCA_SUCCESS) ? 0 : -1;
}3. Slot Read/Write Validation
- Write test patterns to slots 4-7
- Read back and verify
- Test boundary conditions
4. Counter Operations
- Increment counter, verify monotonic
- Test counter limits
- Verify counter survives power cycle
Acceptance Criteria
- I2C communication established at 0x35
- Device info/revision readable
- Slots 4-7 read/write verified
- Counter increment works correctly
- Same tests pass that passed on mock
- No writes to slots 0-3 (Trust&GO protected)
Related
- Phase 1: Secure Element Phase 1: Mock Mode Implementation #81 (Mock Mode)
- Phase 3: Secure Element Phase 3: Production Lock Configuration #89 (Production Lock Configuration)