Getting started with the Microchip ATECC608A Secure Element with Windows simulator - FreeRTOS

Getting started with the Microchip ATECC608A Secure Element with Windows simulator

Important

This reference integration is hosted on the Amazon-FreeRTOS repository which is deprecated. We recommend that you start here when you create a new project. If you already have an existing FreeRTOS project based on the now deprecated Amazon-FreeRTOS repository, see the Amazon-FreeRTOS Github Repository Migration Guide.

This tutorial provides instructions for getting started with the Microchip ATECC608A Secure Element with Windows Simulator.

You need the following hardware:

Before you begin, you must configure AWS IoT and your FreeRTOS download to connect your device to the AWS Cloud. See First steps for instructions. In this tutorial, the path to the FreeRTOS download directory is referred to as freertos.

Overview

This tutorial contains the following steps:

  1. Connect your board to a host machine.

  2. Install software on the host machine for developing and debugging embedded applications for your microcontroller board.

  3. Cross-compile an FreeRTOS demo application to a binary image.

  4. Load the application binary image to your board, and then run the application.

Set up the Microchip ATECC608A hardware

Before you can interact with your Microchip ATECC608A device, you must first program the SAMD21.

To set up the SAMD21 XPlained Pro board
  1. Follow the CryptoAuthSSH-XSTK (DM320109) - Latest Firmware link to download a .zip file containing instructions (PDF) and a binary which can be programmed onto the D21.

  2. Download and install the Atmel Studio 7 IDP. Make sure that you select the SMART ARM MCU driver architecture during installation.

  3. Use a USB 2.0 Micro B cable to attach the "Debug USB" connector to your computer, and follow the instructions in the PDF. (The "Debug USB" connector is the USB port closest to the POWER led and pins.)

To connect the hardware
  1. Unplug the micro USB cable from Debug USB.

  2. Plug the mikroBUS XPlained Pro adapter into the SAMD21 board in the EXT1 location.

  3. Plug the ATECC608A Secure 4 Click board into the mikroBUSX XPlained Pro adapter. Make sure that the notched corner of the click board matches with the notched icon on the adapter board.

  4. Plug the micro USB cable into Target USB.

Your setup should look like the following.

Breadboard with USB cable labeled "Target USB", connected to an external device labeled "Connected to EXT 1", notches that match default jumper positions.

Set up your development environment

Sign up for an AWS account

If you do not have an AWS account, complete the following steps to create one.

To sign up for an AWS account
  1. Open https://portal.aws.amazon.com/billing/signup.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

    When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform tasks that require root user access.

AWS sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to https://aws.amazon.com/ and choosing My Account.

Create a user with administrative access

After you sign up for an AWS account, secure your AWS account root user, enable AWS IAM Identity Center, and create an administrative user so that you don't use the root user for everyday tasks.

Secure your AWS account root user
  1. Sign in to the AWS Management Console as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password.

    For help signing in by using root user, see Signing in as the root user in the AWS Sign-In User Guide.

  2. Turn on multi-factor authentication (MFA) for your root user.

    For instructions, see Enable a virtual MFA device for your AWS account root user (console) in the IAM User Guide.

Create a user with administrative access
  1. Enable IAM Identity Center.

    For instructions, see Enabling AWS IAM Identity Center in the AWS IAM Identity Center User Guide.

  2. In IAM Identity Center, grant administrative access to a user.

    For a tutorial about using the IAM Identity Center directory as your identity source, see Configure user access with the default IAM Identity Center directory in the AWS IAM Identity Center User Guide.

Sign in as the user with administrative access
  • To sign in with your IAM Identity Center user, use the sign-in URL that was sent to your email address when you created the IAM Identity Center user.

    For help signing in using an IAM Identity Center user, see Signing in to the AWS access portal in the AWS Sign-In User Guide.

Assign access to additional users
  1. In IAM Identity Center, create a permission set that follows the best practice of applying least-privilege permissions.

    For instructions, see Create a permission set in the AWS IAM Identity Center User Guide.

  2. Assign users to a group, and then assign single sign-on access to the group.

    For instructions, see Add groups in the AWS IAM Identity Center User Guide.

To provide access, add permissions to your users, groups, or roles:

Setting up
  1. Download the FreeRTOS repo from the FreeRTOS GitHub repository.

    To download FreeRTOS from GitHub:

    1. Browse to the FreeRTOS GitHub repository.

    2. Choose Clone or download.

    3. From the command line on your computer, clone the repository to a directory on your host machine.

      git clone https://github.com/aws/amazon-freertos.git -\-recurse-submodules
      Important
      • In this topic, the path to the FreeRTOS download directory is referred to as freertos.

      • Space characters in the freertos path can cause build failures. When you clone or copy the repository, make sure the path that you create doesn't contain space characters.

      • The maximum length of a file path on Microsoft Windows is 260 characters. Long FreeRTOS download directory paths can cause build failures.

      • Because the source code may contain symbolic links, if you're using Windows to extract the archive, you may have to:

        • Enable Developer Mode or,

        • Use a console that is elevated as administrator.

        In this way, Windows can properly create symbolic links when it extracts the archive. Otherwise, symbolic links will be written as normal files that contain the paths of the symbolic links as text or are empty. For more information, see the blog entry Symlinks in Windows 10!.

        If you use Git under Windows, you must enable Developer Mode or you must:

        • Set core.symlinks to true with the following command:

          git config -\-global core.symlinks true
        • Use a console that is elevated as administrator whenever you use a git command that writes to the system (for example, git pull, git clone, and git submodule update -\-init -\-recursive).

    4. From the freertos directory, check out the branch to use.

  2. Set up your development environment.

    1. Install the latest version of WinPCap.

    2. Install Microsoft Visual Studio.

      Visual Studio versions 2017 and 2019 are known to work. All editions of these Visual Studio versions are supported (Community, Professional, or Enterprise).

      In addition to the IDE, install the Desktop development with C++ component. Then, under Optional, install the latest Windows 10 SDK.

    3. Make sure that you have an active hard-wired Ethernet connection.

Build and run the FreeRTOS demo project

Important

The Microchip ATECC608A device has a one time initialization that is locked onto the device the first time a project is run (during the call to C_InitToken). However, the FreeRTOS demo project and test project have different configurations. If the device is locked during the demo project configurations, it will not be possible for all tests in the test project to succeed.

To build and run the FreeRTOS demo project with the Visual Studio IDE
  1. Load the project into Visual Studio.

    From the File menu, choose Open. Choose File/Solution, navigate to the freertos\projects\microchip\ecc608a_plus_winsim\visual_studio\aws_demos\aws_demos.sln file, and then choose Open.

  2. Retarget the demo project.

    The demo project depends on the Windows SDK, but it does not have a Windows SDK version specified. By default, the IDE might attempt to build the demo with an SDK version not present on your machine. To set the Windows SDK version, right-click aws_demos, and then choose Retarget Projects. This opens the Review Solution Actions window. Choose a Windows SDK version that is present on your machine (use the initial value in the drop-down list), and then choose OK.

  3. Build and run the project.

    From the Build menu, choose Build Solution, and make sure the solution builds without errors. Choose Debug, Start Debugging to run the project. On the first run, you need to configure your device interface and recompile. For more information, see Configure your network interface.

  4. Provision the Microchip ATECC608A.

    Microchip has provided several scripting tools to help with the setup of the ATECC608A parts. Navigate to freertos\vendors\microchip\secure_elements\app\example_trust_chain_tool, and open the README.md file.

    Follow the instructions in the README.md file to provision your device. The steps include the following:

    1. Create and register a certificate authority with AWS.

    2. Generate your keys on the Microchip ATECC608A and export the public key and device serial number.

    3. Generate a certificate for the device and registering that certificate with AWS.

    4. Load the CA certificate and device certificate onto the device.

  5. Build and run FreeRTOS samples.

    Re-run the demo project again. This time you should connect!

Troubleshooting

For general troubleshooting information, see Troubleshooting getting started.