Merge pull request #10 from pennam/config

pennam · web-flow · commit 0a93443c422b · 2024-03-19T08:51:49.000+01:00
Add example for ATECCX08 configuration and locking
diff --git a/examples/CertificateSigningRequest/CertificateSigningRequest.ino b/examples/CertificateSigningRequest/CertificateSigningRequest.ino
@@ -4,7 +4,7 @@
   This sketch can be used to generate a CSR for a private key
   generated in an ECC508/ECC608 or SE050 crypto chip slot.
 
-  If the ECC508/ECC608 is not configured and locked it prompts
+  If the SecureElement is not configured and locked it prompts
   the user to configure and lock the chip with a default TLS
   configuration.
 
diff --git a/examples/ConfigurationLocking/ConfigurationLocking.ino b/examples/ConfigurationLocking/ConfigurationLocking.ino
@@ -0,0 +1,111 @@
+/*
+  Configure and Lock your ATECCX08 SecureElement
+
+  This sketch can be used to apply default configuration and lock
+  yout ATECCX08 Secure Element.
+  Default configuration can be found here:
+  https://github.com/arduino-libraries/ArduinoECCX08/blob/master/src/utility/ECCX08DefaultTLSConfig.h
+
+  SE050 do not have EEPROM configuration and do not need to be locked
+  to work correctly. secureElement.locked() always returns true for SE050
+  and the sketch does nothing.
+
+  The circuit:
+  - A board equipped with ECC508 or ECC608 or SE050 chip
+
+  This example code is in the public domain.
+*/
+
+#include <Arduino_SecureElement.h>
+
+void setup() {
+  Serial.begin(9600);
+  while (!Serial);
+
+  SecureElement secureElement;
+
+  if (!secureElement.begin()) {
+    Serial.println("No SecureElement present!");
+    while (1);
+  }
+
+  String serialNumber = secureElement.serialNumber();
+
+  Serial.print("SecureElement Serial Number = ");
+  Serial.println(serialNumber);
+  Serial.println();
+
+  if (!secureElement.locked()) {
+    String lock = promptAndReadLine("The SecureElement on your board is not locked, would you like to PERMANENTLY configure and lock it now? (y/N)", "N");
+    lock.toLowerCase();
+
+    if (!lock.startsWith("y")) {
+      Serial.println("Unfortunately you can't proceed without locking it :(");
+      while (1);
+    }
+
+    if (!secureElement.writeConfiguration()) {
+      Serial.println("Writing SecureElement configuration failed!");
+      while (1);
+    }
+
+    if (!secureElement.lock()) {
+      Serial.println("Locking SecureElement configuration failed!");
+      while (1);
+    }
+
+    Serial.println("SecureElement locked successfully");
+    Serial.println();
+  } else {
+#if defined(SECURE_ELEMENT_IS_ECCX08)
+    Serial.println("SecureElement already locked!");
+    Serial.println();
+#else
+    Serial.println("SecureElement does not need to be locked!");
+    Serial.println();
+#endif
+  }
+
+}
+
+void loop() {
+  // do nothing
+}
+
+String promptAndReadLine(const char* prompt, const char* defaultValue) {
+  Serial.print(prompt);
+  Serial.print(" [");
+  Serial.print(defaultValue);
+  Serial.print("]: ");
+
+  String s = readLine();
+
+  if (s.length() == 0) {
+    s = defaultValue;
+  }
+
+  Serial.println(s);
+
+  return s;
+}
+
+String readLine() {
+  String line;
+
+  while (1) {
+    if (Serial.available()) {
+      char c = Serial.read();
+
+      if (c == '\r') {
+        // ignore
+        continue;
+      } else if (c == '\n') {
+        break;
+      }
+
+      line += c;
+    }
+  }
+
+  return line;
+}
diff --git a/examples/RandomNumber/RandomNumber.ino b/examples/RandomNumber/RandomNumber.ino
@@ -1,9 +1,13 @@
 /*
-  secureElement Random Number
+  SecureElement Random Number
 
   This sketch uses the ECC508/ECC608 or SE050 to generate a random number
   every second and print it to the Serial Monitor
 
+  If the SecureElement is not configured and locked the ConfigurationLocking
+  example should be used before running this sketch to setup the chip with a
+  default TLS configuration.
+
   Circuit:
    - A board equipped with ECC508 or ECC608 or SE050 chip
 
@@ -19,12 +23,12 @@ void setup() {
   while (!Serial);
 
   if (!secureElement.begin()) {
-    Serial.println("Failed to communicate with ECC508/ECC608!");
+    Serial.println("Failed to communicate with SecureElement!");
     while (1);
   }
 
   if (!secureElement.locked()) {
-    Serial.println("The ECC508/ECC608 is not locked!");
+    Serial.println("The SecureElement is not locked!");
     while (1);
   }
 }
@@ -35,4 +39,3 @@ void loop() {
 
   delay(1000);
 }
-
diff --git a/examples/SelfSignedCertificate/SelfSignedCertificate.ino b/examples/SelfSignedCertificate/SelfSignedCertificate.ino
@@ -4,7 +4,7 @@
   This sketch can be used to generate a self signed certificate
   for a private key generated in an ECC508/ECC608 or SE050 crypto chip slot.
 
-  If the crypto chip is not configured and locked it prompts
+  If the SecureElement is not configured and locked it prompts
   the user to configure and lock the chip with a default TLS
   configuration.
 
@@ -145,4 +145,4 @@ String readLine() {
   }
 
   return line;
-}
+}
