OpenSK icon indicating copy to clipboard operation
OpenSK copied to clipboard

Published 20 hours ago verified publisher icon google

Why Nordic?

Open tcurdt opened this issue 4 years ago • 7 comments

It would be great to outline in the README why these two boards were picked. And whether it should also work on other boards (and which).

tcurdt avatar Jan 31 '20 12:01 tcurdt

We selected the Nordic chip because it natively supports secure cryptographic acceleration, supports the three transport protocols described in the FIDO2 specification (USB, NFC and BLE) and has affordable development boards that are readily available for people interested in contributing to the project. On top of that it was already supported by Tock OS, which made the development faster.

As explained in #3 supporting a custom board design around the same chip is fairly easy to do. Supporting another chip than the Nordic nRF52840 is also possible but requires more work (e.g. implementing the USB interface on Tock OS for the chip).

jmichelp avatar Jan 31 '20 15:01 jmichelp

Thanks! I think it would be super helpful to have this in README or some FAQs.

tcurdt avatar Jan 31 '20 15:01 tcurdt

It appears to me that the actual ARM CryptCell 310 specifications are not publicly available, and it is therefore not possible to support it with open source software.

brouhaha avatar Jan 31 '20 18:01 brouhaha

It appears to me that the actual ARM CryptCell 310 specifications are not publicly available, and it is therefore not possible to support it with open source software.

You can find Nordic's manual for it here: https://infocenter.nordicsemi.com/topic/ps_nrf52840/cryptocell.html?cp=4_0_0_5_5

Several examples are in the SDK: https://infocenter.nordicsemi.com/topic/sdk_nrf5_v16.0.0/crypto_examples.html?cp=7_1_4_3

solder-soldier avatar Feb 11 '20 00:02 solder-soldier

I'm well aware of that manual, which confirms exactly what I said: "The CRYPTOCELL state is controlled via a register interface. The cryptographic functions of CRYPTOCELL are accessible by using a software library provided in the device SDK, not directly via a register interface."

Neither Nordic nor ARM provide documentation for the registers, just the proprietary closed-source binary library. As I said, it appears to not be possible to support the CryptoCell 310 with open source software.

brouhaha avatar Feb 11 '20 00:02 brouhaha

Looks like the CRYPTOCELL 312 SDK is open source. Maybe it can be adapted for the 310?

https://github.com/ARM-software/cryptocell-312-runtime

marcan avatar Mar 12 '20 10:03 marcan

That's what I've been using since August to talk to the CryptoCell.

There are a few differences between CC310 and CC312 though which need to be addressed. My current understanding is that the CC310 is a striped down version of CC312 (e.g. no AES192 and no AES256) that is flavored for IoT (i.e. it contains additional registers compared to the CC312).

jmichelp avatar Mar 13 '20 10:03 jmichelp

It is now possible to use OpenSK as a library. While the API is still not fixed, people are actively working on new Env implementations. There is a separate issue for the Cryptocell, so I'm closing this issue.

kaczmarczyck avatar Nov 09 '23 10:11 kaczmarczyck