Crypto chip

From Take-Air Wiki
Jump to navigation Jump to search
Availaible in upcoming release

Introduction

The Open.OC2 board comes with a cryptographic chip, the Microchip ATSHA204A (datasheet). The chip is connected to i2c-0 and by default uses the address 0x64. A driver for this chip (source) is included in the custom Open.OC2 kernel. This driver mostly handles communication with this chip. Below we describe the usage.


sysfs

Some functions of the device can be accessed through sysfs: /sys/devices/7000c000.i2c/i2c-0/0-0064. As an example, to read the serial number: 

$ cat /sys/devices/7000c000.i2c/i2c-0/0-0064/serialnum
0123[...]

Other files that are available are:

  • configlocked: Returns 1 when the configuration zone is locked, 0 if not yet locked
  • configzone: Dumps the chip's configuration zone
  • datalocked: Returns 1 when the data zone is locked, 0 if not locked

RNG

The driver plugs the random number generator on the ATSHA204A to /dev/hwrng, which allows to use this chip's RNG for the system. If the driver is correctly loaded the device should become available, to check: 

$ cat /sys/class/misc/hw_random/rng_available 
atsha-rng

To check which device is currently being used: 

$ cat /sys/class/misc/hw_random/rng_current
atsha-rng

To change the currently used rng-source write an entry from rng_available to rng_current. More info is available here.

As a test, to obtain 10 random values, use this command: 

$ sudo hexdump -v -n 10 -e '/1 "0x%02X\n"' /dev/hwrng

Note: If the device clearly non-random numbers (0xFF, 0xFF, 0x00, 0x00, 0xFF, 0xFF, etc...) this means the configuration zone has not yet been locked on the ATSHA204A, see section 3.2 in the datasheet. The configuration has to be performed (and locked) before the RNG can be used. Refer to the datasheet for this, and note that the configuration zone can only be locked once per chip, see section 2.1.4.

Full functionality

The driver generates a device /dev/atsha0. The user can use this device to send direct commands to the chip (see datasheet for details). The driver handles the communication layer, such as waking up the device, adding the message length and the crc, etc. The commands must be in the format: 

[Opcode (1 byte)][Param1 (1 byte)][Param2 (2 bytes)][[Data (x bytes)]]

Data is optional. The data must be written in one shot.

After write the driver will also automatically handle the read due to the specific timing constraints of the ATSHA204A. This data is cached until the user reads the data. When reading from /dev/atsha0 the user receives only the relevant messages, and not the communication-specific data such as length-byte and crc.

Changing i2c-address

In the device tree it is assumed this chip responds to i2c address 0x64, so if you change that you either have to update the device tree, or load the driver manually: 

$ sudo echo atsha204-i2c 0x<<ADDRESS> | sudo tee /sys/class/i2c-adapter/i2c-0/new_device

where you replace <<ADDRESS>> with the hexadecimal value of the new device address. Unless you connect another device to i2c-0 which is bound to this address there is no reason to change the ATSHA204A's address from its default value of 0x64.

Retrieved from "https://docs.takeairrobotics.com/index.php?title=Crypto_chip&oldid=512"