dsPIC33CK512MPT608 Provision Prototyping

Summary

The dsPIC33CK512MPT608 Provision Prototyping code example shows how to configure the CryptoAuthentication Library (CAL) in MCC Melody to enable prototype provisioning within Trust Platform Design Suite (TPDS).

The dsPIC33CK512MPT608 device is a System in Package (SiP) containing a Hardware Security Module TA100 internally connected to the microcontroller over a SPI bus.

Related Documentation

• MCC Melody CryptoAuthenticaton Library Release Notes
• CryptoAuthentication Library GitHub
• Secure Element Provision Prototyping Documentation

Software Used

• MPLAB® X IDE 6.20 or newer (https://www.microchip.com/MPLABXIDE)
• MPLAB® XC-DSC Compiler 3.00 or a newer compiler (https://www.microchip.com/xcdsc)
• MPLAB® Code Configurator (MCC) Plugin 5.5.1 or newer (https://www.microchip.com/mcc)
• MPLAB® Code Configurator (MCC) Core 5.7.1 or newer (https://www.microchip.com/mcc)
• MPLAB® Code Configurator (MCC) Melody 2.7.1 or newer (https://www.microchip.com/melody)
• Crypto Authentification Library 5.8.0 or newer (https://www.npmjs.com/package/@mchp-mcc/crypto-authentication-library)
• Trust Anchor Library 1.2.0 or newer
• Trust Platform Design Suite 2.3.9 or newer (https://www.microchip.com/tpds)

Hardware Used

• Explorer 16/32 Board (https://www.microchip.com/dm240001-2)
• dsPIC33CK512MPT608 PIM (https://www.microchip.com/ev10h29a)
• MPLAB® ICD 4 In-Circuit Debugger (https://www.microchip.com/dv164045) or MPLAB® PICkit™ 5 In-Circuit Debugger (https://www.microchip.com/PG164150) or MPLAB® PICkit™ 4 In-Circuit Debugger (https://www.microchip.com/PG164140)

Prerequisites

The Secure Document Extranet (SDE) is a platform available through the myMicrochip portal that allows users to access secure documents. Follow the directions found in the SDE User Guide to get access to the SDE.

NOTE: This project requires a non-public version of TA100 support.

1. Follow the steps found in the "Request Access to Information About Specific Products" section of the SDE User Guide to request secure documents on myMicrochip.

2. The items that are needed are covered under an NDA and need to be requested. The following need to be requested:

   • TA100-TCSM TPDS configurator (see "TPDS Setup")
     • This configurator allows for TPDS to communicate and configure a TA100 secure element.
   • TA-Lib-MCC
     • Allows for the inclusion of Trust Anchor configuration in the MCC Melody CryptoAuthentication Library module.
   • TA100 Documentation
     • Provides information about the TA100 secure element.

NOTE: The TA100 Documentation is not required, but it is a great resource on the TA100 secure element. It is highly recommended to request access to this document when working with the TA100.

Setup

Hardware Setup

1. Connect the In-Circuit Debugger to the board.

2. Connect the board to the computer using a USB cable, connecting to the Serial port.

   

TPDS Setup

The Trust Platform Design Suite is an onboarding tool used for our security-related solutions. It is used to configure and generate provisioning information for secure elements like a Trust Anchor device through its configurators. TPDS can be used to prototype provision to quickly provision a secure element for testing purposes. Once users are ready to move to production, TPDS can be used to create a provisioning package with dummy keys that must be exchanged with Microchip support for an actual secure package.

1. Install TPDS (https://www.microchip.com/tpds).

2. In order to provision the Trust Anchor element, an extension is required to enable Kit Protocol over UART. This allows TPDS to communicate with the hardware and the secure elements. Follow the instructions found in the "Trust Platform Design Suite Installation" section of the CAL release notes to download and install the extension.

NOTE: TPDS needs to be restarted before the changes are applied.

TALib Setup

1. Install TA-Lib-MCC by following the steps in the Installing MPLAB® Code Configurator Melody Trust Anchor Library section of the CAL Release Notes.

Running the Demo

1. Launch the MPLAB® X IDE and load the "dsPIC33CK512MPT608_provision_prototyping.X" project.

2. Launch MCC Melody.

3. Right-click on the "Generate" button and select the "Force Update on All" option. This will generate files for the MCC Melody Trust Anchor Library that we added to the project in the TALib Setup step.

   

4. Click the "Generate" button. The CAL files should generate successfully.

   

5. When the merge window pops up, select the "Replace All" option to accept all changes.

   

6. Make and program the device.

TPDS

1. Launch the Trust Platform Design Suite.

2. Select the "Configurators" tab at the top.

   

3. Select the TA100 Configurator under the TrustCUSTOM Section.

4. Update the Device Configuration Options:

   • Package Option: 8 Pin SOIC
   • I/O Type: SPI Interface
   • Config Memory Lock: Unchecked
   • Setup Lock: Unchecked
   

5. Click "Generate Provisioning Package"

   

   • Successful generation will result in the following popup:

     

6. Click "Provision Prototype Samples"

   

   • Successful provisioning will result in the following popup:

     

Appendix

MPLAB® X IDE Setup for New Projects

1. Launch MPLAB® X IDE.

2. Create a new project with the dsPIC33CK512MPT608 as the device.

3. Open MCC Melody.

4. Add the Crypto Authentication Library (CAL).

   

5. Open the Easy View to see the CAL settings.

6. In the "Device" dropdown, select "Internal Secure Subsystem."

   

7. The "Communication Peripheral" should be locked as "SPI." Select a SPI PLIB in the "SPI Host Dependency" dropdown.

   

   

8. Toggle the "Enable Kit Protocol" option so that Kit Protocol is selected.

   

9. Set the UART pins.

   • U3RX: RD2
   • U3TX: RD1

   

10. Click the "Generate" button. The CAL files should generate successfully.

    

11. Make and program the device.

12. Follow the steps listed under "Running the Demo -> TPDS" to provision prototypes.