Difference between revisions of "Crypto chip"
Joost.Weijs (talk | contribs) (→RNG) |
Joost.Weijs (talk | contribs) |
||
| Line 15: | Line 15: | ||
Unless you connect another device to i2c-0 which is bound to this address there is no reason to change the ATSHA204A's address from its default value of <code>0x64</code>. | Unless you connect another device to i2c-0 which is bound to this address there is no reason to change the ATSHA204A's address from its default value of <code>0x64</code>. | ||
| + | == sysfs == | ||
| + | Some functions of the device can be accessed through sysfs: <code>/sys/devices/7000c000.i2c/i2c-0/0-0064</code>. As an example, to read the serial number: | ||
| + | $ cat /sys/devices/7000c000.i2c/i2c-0/0-0064/serialnum | ||
| + | 0123[...] | ||
| + | Other files that are available are: | ||
| + | * <code>configlocked</code>: Returns 1 when the configuration zone is locked, 0 if not yet locked | ||
| + | * <code>configzone</code>: Dumps the chip's configuration zone | ||
| + | * <code>datalocked</code>: Returns 1 when the data zone is locked, 0 if not locked | ||
== RNG == | == RNG == | ||
Revision as of 17:34, 5 November 2021
| Availaible for: | L4T 32.6.1 rev 2.1 and higher |
Introduction
The Open.OC2 board comes with a cryptographic chip, the Microchip ATSHA204A (datasheet). The chip is connected to i2c-0 and by default uses the address 0x64. A driver for this chip (source) is included in the custom Open.OC2 kernel. This driver mostly handles communication with this chip. Below we describe the usage.
i2c
In the device tree it is assumed this chip responds to i2c address 0x64, so if you change that you either have to update the device tree, or load the driver manually:
$ sudo echo atsha204-i2c 0x<<ADDRESS> | sudo tee /sys/class/i2c-adapter/i2c-0/new_device
where you replace <<ADDRESS>> with the hexadecimal value of the new device address.
Unless you connect another device to i2c-0 which is bound to this address there is no reason to change the ATSHA204A's address from its default value of 0x64.
sysfs
Some functions of the device can be accessed through sysfs: /sys/devices/7000c000.i2c/i2c-0/0-0064. As an example, to read the serial number:
$ cat /sys/devices/7000c000.i2c/i2c-0/0-0064/serialnum 0123[...]
Other files that are available are:
configlocked: Returns 1 when the configuration zone is locked, 0 if not yet lockedconfigzone: Dumps the chip's configuration zonedatalocked: Returns 1 when the data zone is locked, 0 if not locked
RNG
The driver plugs the random number generator on the ATSHA204A to /dev/hwrng, which allows to use this chip's RNG for the system.
If the driver is correctly loaded the device should become available, to check:
$ cat /sys/class/misc/hw_random/rng_available atsha-rng
To check which device is currently being used:
$ cat /sys/class/misc/hw_random/rng_current atsha-rng
To change the currently used rng-source write an entry from rng_available to rng_current.
More info is available here.
As a test, to obtain 10 random values, use this command:
$ sudo hexdump -v -n 10 -e '/1 "0x%02X\n"' /dev/hwrng
Note: If the device clearly non-random numbers (0xFF, 0xFF, 0x00, 0x00, 0xFF, 0xFF, etc...) this means the configuration zone has not yet been locked on the ATSHA204A, see section 3.2 in the datasheet. The configuration has to be performed (and locked) before the RNG can be used. Refer to the datasheet for this, and note that the configuration zone can only be locked once per chip.