2.18. Release v02.14.00
¶
2.18.1. File/Folder relocation¶
Renamed DTLS/SSL2 Server and client executables. New names are:
mbedtls_ex_orig_ssl_server2
mbedtls_ex_sss_dtls_client
mbedtls_ex_orig_dtls_server
mbedtls_ex_sss_ssl2_client
Renamed project
greengrass
tosss_pkcs11
Renamed file
greengrass.c
tosss_pkcs11.c
Renamed folders of Reader Library examples.
ex_prepare_MFDFEV2
=>ex_Ev2Prepare_Card
ex_prepare_se05x
=>ex_Ev2Prepare_se05x
2.18.2. Build system changes¶
Extensively revamped
fsl_sss_ftr.h
file for finer control of build configuration selection. This design will be extended extensively in future releases.
On LPC55S with FreeRTOS, using native malloc instead of Heap_4.c for mbedTLS
Compile time asserts added for sizes of structures.
scripts/env_setup.sh
,scripts/env_setup.sh
prints info on which tools are used from which paths.
Changed Applet selection in CMake (See
cmake-option-Applet
cmake-option-Applet). We no longer use nameSE050_A
,SE050_B
orSE050_C
for builds / Applet selection. New names areSE05X_A
,SE05X_B
orSE05X_C
CMake Option
Applet_SE05X_Ver
is no longer used. Instead,cmake-option-SE05X_Ver
cmake-option-SE05X_Ver is introduced for future use.
See
cmake-option-SE05X_Auth
cmake-option-SE05X_AuthFastSCP
is now calledECKey
.AppletSCP
is now calledAESKey
.
2.18.3. New platform support¶
i.MX8 support added (Setup i.MX 8MQuad - MCIMX8M-EVK)
2.18.4. APIs & enum/types Changes¶
Use
Se05x_API_ReadObject_W_Attst()
instead ofsss_se05x_key_store_get_key_attst()
to read with attestation large binary files greater than 500 bytes. See example Reading large binary objects with attestation
For Montgomery curves the key arguments, DH Shared secret and Signature are passed in Little Endian Convention. Refer to SSS api key format (asymmetric keys) for details on Endianness.
sss_derive_key_go()
is deprecated and is replaced bysss_derive_key_one_go()
Added
sss_status_sz()
to convert SSS API Return code to string.
Updated Enumeration from
SE05x_TransientType_t
toSE05x_INS_t
in the following API’s:
Define
T1oI2C_UM1225_SE050
is no longer applicable, useT1oI2C_UM11225_SE05X
instead.
Added SE050 APIs
Se05x_API_CreateCounter
,Se05x_API_SetCounterValue
,Se05x_API_IncCounter
smCom Layer is refactored so that Application send down the connection handles/parameters to lower layer.
e.g. SSCLI and Demos on PC which can take command line argument can now use the I2C device over command line at run time without recompiling the middleware/example.
2.18.5. Functional Changes¶
Extensive support for A71CH.
Added enable pin support for SE05X on Raspberry Pi
Modified SE policy of keymaster HAL in Android
Updated RSA reference key format for Android Key Master. It now uses prefix A5 to import import Key ID 00000001.
2.18.6. New feature support¶
Added tool se05x_setAppletFeatures to configure applet features
Added support to use Platform SCP keys from file system
Added support to retrieve existing certificates in pem format
Added tool to mandate Platform SCP03
Integrated mBED Crypto PSA interface
Added Secure-NonSecure example based on PSA for LPC55S
Added examples of SE05X Import Transient objects, SE05X Export Transient objects, Import External Object Prepare and Import External Object Create
Added example to demonstrate object read with attestation
Added example to demonstrate how timestamp is incremented in SE
Added example to demonstrate how to create APDU buffer to import external key objects.
Lock and unlock secure element using transport key
Upgraded mbedTLS to version 2.16
2.18.7. SSSCLI / PyCLI Changes¶
Added support for ECC ED25519 and MONTH DH 25519 curves
Fixed sign and verify operation for ED25519.
Added API to inject HMAC key
Endianness of ed25519 and mont_dh_25519 keys, signature and shared secret are updated to little endian.
2.18.8. Communication Layer Changes¶
VCOM Interface updates on OSX and PC Linux
Added connection handle in smCom layer. This allows connection data to be passed from application. Tested on windows, raspberry pi and imx platform.
2.18.9. APIs & enum/types Changes¶
Re-Wrote (internal) low level Tx/Rx APIs for APDU TxRx.
DoAPDUTxRx_s_Case2
DoAPDUTx_s_Case3
DoAPDUTxRx_s_Case4
DoAPDUTxRx_s_Case4E
Define
T1oI2C_UM1225_SE05X
is no longer applicable, useT1oI2C_UM11225
instead.
-
SE05x_CryptoModeSubType_t::u8
renamed toSE05x_CryptoModeSubType_t::union_8bit
Endianness of ed25519 and mont_dh_25519 signature and shared secret are updated to little endian.
2.18.10. Examples / DEMO updates¶
Updated Examples:
Section 5.7.2 SE05X Get Info example Updated to show CPLC data.
New Examples:
import-external-obj-create
import-external-obj-create
2.18.11. Documentation Changes¶
Updated notes on
ssscli se05x reset
andSe05x_API_DeleteAll_Iterative()
Updated documentation of SE05X layer of SSS APIs, e.g.
sss_se05x_key_store_load()
now mentions that this API does not do anything special on SE05X.
Updated wifi-eap document.
Changed logging styles and updated misc documentation with the same information.
Added documentation for PKCS#11 standalone library
Updated Greengrass documentation with new PKCS#11 project name
Added documentation for Import External Object example
Extended API Documentation for SE05X Low Level APIs
2.18.12. Other Miscellaneous Changes¶
Bug fix: Remaining cache data and input data handled in sss_cipher_finish API
OPC-UA Example enabled for compilation/running from Raspberry PI
mbedTLS Upgraded to
v02.16.02
Added mbedCrypto for LPC55S / TF-M related work. (Ongoing, NXP Internal work)