2.20. Release v02.14.00

2.20.1. File/Folder relocation

  • Renamed DTLS/SSL2 Server and client executables. New names are:

    • mbedtls_ex_orig_ssl_server2

    • mbedtls_ex_sss_dtls_client

    • mbedtls_ex_orig_dtls_server

    • mbedtls_ex_sss_ssl2_client

  • Renamed project greengrass to sss_pkcs11

  • Renamed file greengrass.c to sss_pkcs11.c

  • Renamed folders of Reader Library examples.

    • ex_prepare_MFDFEV2 => ex_Ev2Prepare_Card

    • ex_prepare_se05x => ex_Ev2Prepare_se05x

2.20.2. Build system changes

  • Extensively revamped fsl_sss_ftr.h file for finer control of build configuration selection. This design will be extended extensively in future releases.

  • On LPC55S with FreeRTOS, using native malloc instead of Heap_4.c for mbedTLS

  • Compile time asserts added for sizes of structures.

  • scripts/env_setup.sh, scripts/env_setup.sh prints info on which tools are used from which paths.

  • Changed Applet selection in CMake (See Section 4.7.1 PTMW_Applet). We no longer use name SE050_A, SE050_B or SE050_C for builds / Applet selection. New names are SE05X_A, SE05X_B or SE05X_C

2.20.3. New platform support

2.20.4. APIs & enum/types Changes

  • For Montgomery curves the key arguments, DH Shared secret and Signature are passed in Little Endian Convention. Refer to SSS api key format (asymmetric keys) for details on Endianness.

  • Define T1oI2C_UM1225_SE050 is no longer applicable, use T1oI2C_UM11225_SE05X instead.

  • smCom Layer is refactored so that Application send down the connection handles/parameters to lower layer.

    e.g. SSCLI and Demos on PC which can take command line argument can now use the I2C device over command line at run time without recompiling the middleware/example.

2.20.5. Functional Changes

  • Extensive support for A71CH.

  • Added enable pin support for SE05X on Raspberry Pi

  • Modified SE policy of keymaster HAL in Android

  • Updated RSA reference key format for Android Key Master. It now uses prefix A5 to import import Key ID 00000001.

2.20.6. New feature support

  • Added tool se05x_setAppletFeatures to configure applet features

  • Added support to use Platform SCP keys from file system

  • Added support to retrieve existing certificates in pem format

  • Added tool to mandate Platform SCP03

  • Integrated mBED Crypto PSA interface

  • Added Secure-NonSecure example based on PSA for LPC55S

  • Added examples of SE05X Import Transient objects, SE05X Export Transient objects, Import External Object Prepare and Import External Object Create

  • Added example to demonstrate object read with attestation

  • Added example to demonstrate how timestamp is incremented in SE

  • Added example to demonstrate how to create APDU buffer to import external key objects.

  • Lock and unlock secure element using transport key

  • Upgraded mbedTLS to version 2.16

2.20.7. SSSCLI / PyCLI Changes

  • Added support for ECC ED25519 and MONTH DH 25519 curves

  • Fixed sign and verify operation for ED25519.

  • Added API to inject HMAC key

  • Endianness of ed25519 and mont_dh_25519 keys, signature and shared secret are updated to little endian.

2.20.8. Communication Layer Changes

  • VCOM Interface updates on OSX and PC Linux

  • Added connection handle in smCom layer. This allows connection data to be passed from application. Tested on windows, raspberry pi and imx platform.

2.20.9. APIs & enum/types Changes

  • Re-Wrote (internal) low level Tx/Rx APIs for APDU TxRx.

    1. DoAPDUTxRx_s_Case2

    2. DoAPDUTx_s_Case3

    3. DoAPDUTxRx_s_Case4

    4. DoAPDUTxRx_s_Case4E

  • Define T1oI2C_UM1225_SE05X is no longer applicable, use T1oI2C_UM11225 instead.

  • Endianness of ed25519 and mont_dh_25519 signature and shared secret are updated to little endian.

2.20.11. Documentation Changes

  • Updated documentation of SE05X layer of SSS APIs, e.g. sss_se05x_key_store_load() now mentions that this API does not do anything special on SE05X.

  • Updated wifi-eap document.

  • Changed logging styles and updated misc documentation with the same information.

  • Added documentation for PKCS#11 standalone library

  • Updated Greengrass documentation with new PKCS#11 project name

  • Added documentation for Import External Object example

  • Extended API Documentation for SE05X Low Level APIs

2.20.12. Other Miscellaneous Changes

  • OPC-UA Example enabled for compilation/running from Raspberry PI

  • mbedTLS Upgraded to v02.16.02

  • Added mbedCrypto for LPC55S / TF-M related work. (Ongoing, NXP Internal work)