In [None]:
%%HTML
<p id = 'heading1_p'> Avnet IoTConnect Cloud - Custom PKI – ATECC608-TFLXTLS </p>
<hr id = 'hline'> </hr> 
<p id = 'heading1_p' style='font-size: 20px; font-weight: bold;'>Introduction</p>
<div id='div_element'>
<p>Transport Layer Security 1.2 (TLS 1.2) has become the de facto standard for connecting embedded systems to a network. While TLS 1.2 is undeniably robust, an embedded system still requires a unique, secure and trusted identity to prevent large-scale remote attacks. </p>
<p>Securing communication with a Cloud service and manipulating keys comes with many challenges: storing and using keys in the microcontroller exposes them, operating systems and software have bugs, the Heartbleed bug for OpenSSL was notable by easily exposing keys. When combined with the TLS 1.2 protocol, Microchip’s ATECC608 Crypto Authentication device offers a unique, trusted, and verifiable identity that can help protect billions of connected devices by physically isolating keys and secrets from the application.​</p>
<p>This use case demonstrates the combination of a Custom PKI infrastructure while leveraging Avnet IoTConnect cloud services.​</p>
</div>

<button class="collapsible" style='font-size: 20px; font-weight: bold;'>Cryptographic Asset list & Use Case implementation</button>
<div class="content">
<div id='content_element'>
<hr id = 'h_content'> </hr> 
<p style="float: left; font-size: 9pt; text-align: center; width: 30%; margin-right: 1%;">
    <img src="assets/images/assets_custompki_avnet.png" alt="Cryptographic Assets" style="height: 35em; width: 100%"><b>Cryptographic Asset list</b></p>
<p style="float: left; font-size: 9pt; text-align: center; 20em; width: 30%; margin-right: 1%;">
    <img src="assets/images/steps_custompki_avnet.png" alt="Use Case Steps" style="height: 20em; width: 100%"><b>Use Case implementation</b></p>
<p style="clear: both;">
</div>
</div>

<p id = 'heading1_p' style='margin-top:40px; font-size: 20px; font-weight: bold;'>Use Case information</p>
<hr id = 'hline'> </hr> 
<div id='div_element'>
<p> The Transaction Diagram represent all steps to be performed to successfully implement the given Use Case, 
during development and after product delivery to the end-user. </p>
<p><strong> For the ease of the execution, when steps are executed from transaction diagram, these are emulated in the Host-PC 
rather than executed in the Host-Microcontroller/Processor from the evaluation kit.</strong> The MPLAB-X project/C Source code includes software code to be executed in your Host-Microcontroller/Processor 
in your embedded project. </p>

<p>Select your Evaluation Kit and proceed as following:</p>
<font color=#0000ff><p>Do not plug EBV-IoT Microchip Secure Shield USB cable yet and set I2C board switch on <b>PROG</b> position. Then plug the board USB cable to your laptop and click on each step to execute the Use Case and provision the Secure Element.<font color=#aaaaaa></p>
<font color=#0000ff><p>Once the use case is completed, I2C board switch must be set on <b>EXT</b> position to allow MCU access to the Secure Element. Then open MPLAB X SAME54 based Project to run a full featured and secured Avnet IoTConnect Cloud demo using onboarded credentials.<font color=#aaaaaa></p>
<font color=#0000ff><p>For more assitance with Avnet IoTConnect Cloud account setup, click button <b>Usecase Help</b> below.<font color=#aaaaaa></p>
</div>


In [None]:
import os
import shutil
from tpds.usecase_diagram import ProtoBoard, UsecaseDiagram
from tpds.tp_utils.tp_settings import TPSettings
from tpds.proto_boards import get_board_path
from IPython.display import display

curr_path = os.path.abspath('')
os.sys.path.extend([os.path.join(curr_path, 'assets', 'python')])
import avnet_iotconnect

tp_settings = TPSettings()
usecase_working_dir = os.path.join(tp_settings.get_base_folder(), 'spg_avnet_iotconnect')
os.makedirs(usecase_working_dir, exist_ok=True)
boards = ProtoBoard(max_width=400)
boards.add_board(
            'EBV-IoT Mchp Secure Shield', 
            os.path.join(get_board_path(), 'EBV-IoT_Mchp_Secure_Shield', 'EBV-IoT_Mchp_Secure_Shield.png'), 
            os.path.join(get_board_path(), 'EBV-IoT_Mchp_Secure_Shield', 'EBV-IoT_Mchp_Secure_Shield.hex'),
            os.path.join(curr_path, 'firmware', 'same54_heracles_iotconnect_tflxtls.X')
)
boards.render_boards(0)

# Copy example hex files to working dir
shutil.copy(os.path.join(curr_path, 'EBV-IoT Secure Kit v1.0_template.json'), usecase_working_dir)

avnet_connection = avnet_iotconnect.AvnetIoTConnectUsecase(boards)
usecase_td = UsecaseDiagram(os.path.join(curr_path, 'assets', 'images', 'td_avnet_iotconnect.png'), working_dir=usecase_working_dir)

generate_resources = usecase_td.add_script(236,70,35,30, avnet_connection.generate_resources)
register_root = usecase_td.add_script(236,123,35,30, avnet_connection.register_root, prereq_scripts = [generate_resources])
verify_cert_chain = usecase_td.add_script(242,286,35,30, avnet_connection.verify_cert_chain, prereq_scripts = [generate_resources])
verify_with_rand_challenge = usecase_td.add_script(242,363,35,30, avnet_connection.verify_SE_with_random_challenge, prereq_scripts = [verify_cert_chain])

usecase_td.add_firmware(boards.get_firmware_project, tp_settings.get_mplab_paths().get('ide_path'))
usecase_td.add_image(717,246,140,30, os.path.join(curr_path, 'assets', 'images', 'c-snippet.png'), 'Code Snippet')
usecase_td.add_link(738,288,110,10,
    'https://github.com/MicrochipTech/cryptoauthlib/blob/af8187776cd3f3faf8bed412eaf6ff7221862e19/lib/atcacert/atcacert_client.c#L111')
usecase_td.add_link(748,350,120,10,
    'https://github.com/MicrochipTech/cryptoauth_trustplatform_designsuite/blob/bcb5b4d8b96465b8082b4930adae866f016c81ac/TrustFLEX/10_cloud_connect/firmware/src/common/cloud_wifi_ecc_process.c#L247')
usecase_td.add_link(351,303,130,10,
    'https://github.com/MicrochipTech/cryptoauth_trustplatform_designsuite/blob/bcb5b4d8b96465b8082b4930adae866f016c81ac/TrustFLEX/10_cloud_connect/firmware/src/common/cloud_wifi_ecc_process.c#L382')
usecase_td.add_usecase_help(os.path.join(curr_path, 'assets', 'Custom PKI Avnet.md'))

display(boards.canvas)
usecase_td.display_canvas()

In [None]:
%%HTML
<button class="collapsible" style='font-size: 20px; font-weight: bold;'>Conclusion</button>
<div class="content">
<div id='content_element'>
<hr id = 'h_content'> </hr> 
<p>Please navigate back to the TrustFlex Secret Exchange page to finalize your IoTConnect Custom PKI Use Case.</p>
<ul><li>You will need to populate slot 10 and 12</li>
<li>Slot 0 (Private Key) is self-generated by the Secure Element at Provisioning stage</li>
<li>Slot 11 (Signer Public Key) will be provisioned by Microchip</li>
</ul>
</div>
</div>