Home > Hardware, Software management > Secure96 is a 96Boards Mezzanine Expansion Board To Experiment with Hardware Based Security

Secure96 is a 96Boards Mezzanine Expansion Board To Experiment with Hardware Based Security

September 28th, 2017 Leave a comment Go to comments

With the Internet of things booming and taking a more important role in our lives, security will become more and more critical. So far, it has often been an afterthought with modems & routers frequently shipping with default username and password, and getting security right is really hard, as shown by the recent CLKSCREW attack that somehow leverages DVFS to break ARM TrustZone security, and that “is not a software bug, nor a hardware bug, it’s a fundamental part of the energy management design”, so most ARM platforms are vulnerable. Optimal security normally combines software and hardware, so having a platform to experiment with different HW security solutions would be useful, and that’s what Secure96 Mezzanine board for 96Boards aims for.

Secure96 expansion board specifications:

  • Security ICs
    • Microchip Atmel ATSHA204A SHA-based CryptoAuthentication crypto element device
    • Microchip Atmel ATECC508A crypto device with ECDH (Elliptic Curve Diffie–Hellman) key agreement
    • Infineon SLB 9670 TPM 1.2/2.0
  • Storage – EEPROM
  • USB – micro USB port connected to FTDI chip
  • Expansion – 4-pin for I2C, 40-pin header to connect to 96Boards

Launched in 2011, ATSHA204A is used for symmetric authentication with a random number generator, a unique 72-bit serial number, I2C/SWI host interface, 88 bytes used for configuration, 512 bytes used for data, and 64 bytes of OTP storage. It can be used for accessory (battery, cartridge, …)  authentication, secure boot, data integrity verification, and session key exchange. Joakim Bech, Tech Lead for Security Working Group at Linaro, has already published some code to leverage that chip, currently (& temporarily) posted on his own Github, but will be moved to Linaro repo later on.

Click to Enlarge

ATECC508A shares many of the feature of the first chip, but adds asymmetric key pairs. Sadly it requires an NDA to get the datasheet and TRM, It’s supported by the Atmel CryptoAuthLib, so it might be possible to study the code to better understand it. He has not done work on the software part yet for this part. Note that I previously reported about a demo for secure IoT connectivity using ESP8266 + ATECC508A.

Infineon SLB9670 TPM has just been tested with Intel TSS TPM 2.0 resource manager, and the tpm2.0 tools, but again, no software has been implemented for this chip on Secure96 board yet.

Going forward the rough plans are to:

  • Finalize the ATSHA204A implementation
  • Create a library for the ATSHA204A implementation
  • Offline implementation to mimic device behavior (in a Trusted Application in a TEE)
  • Use IC(s) for secure boot on a 96Boards IoT device
  • Get the specification and implement support for ATECC508A
  • TPM chip – Try it out using IMA in Linux & use it to store SSH credentials

You may want to flick through the Linaro Connect presentation slides for more details.

The video has also been uploaded, but the audio is not that clear. Since there’s still quite a lot more work to do, Secure96 mezzanine is not for sale yet, but eventually it should be via 96Boards Mezzanine products page.

  1. September 29th, 2017 at 09:53 | #1

    Charbax also made a video. The price will be around $20, and start selling next month
    https://www.youtube.com/watch?v=JGkl3oC9gtA&feature=youtu.be&a=

  2. john
    October 5th, 2017 at 23:34 | #2

    If the TPM is compliant with the TCG version 2.0 specification, then I think the link in this article is incorrect.

    I think the correct link should be for the Infineon SLB 9670 VQ2.0 FW7.40 SKU instead:
    https://www.infineon.com/cms/en/product/security-and-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/SLB+9670+VQ20+FW740/productType.html?productType=5546d462525dbac401533244509a2733

    Please let us know as soon as we can place our orders. This should be a very popular board to enable security development.

  3. October 6th, 2017 at 09:33 | #3

    @john
    I did not pay attention to that one. Interesting that Infineon has two pages for the exact some chip, but different firmware version.

  4. John
    October 6th, 2017 at 12:55 | #4

    @cnxsoft

    I think there are differences in the chip for each listed SKU on the Infineon product pages. The FW version is obviously important, but each SKU is a different chip independent from FW version.

    The SLB 9670 VQ2.0 is a different chip from SLB 9670 XQ2.0 and both of those chips are different from the SLB 9670 VQ1.2 chip.

    I think we need someone to confirm the exact SKU that is used for the board before we start to order them.

    Also, the link in the slides from the conference is also incorrect.

    Please note that I think it would very useful for a separate version of the board to offer an alternative TPM 2.0 chip using the ST Microelectronics ST33TPHF20SPI for development and testing. Please let us know if you can help us get the TPM 2.0 devices available for us to order soon with the Infineon SKU and also the ST Microelectronics SKU. Thanks!

  1. No trackbacks yet.