Get started with EdgeLockTM SE050 support packageGet started with EdgeLockTM SE050 support package Rev. 1.2 — 23 April 2020 Application note 534212 Document information Information

AN12394Get started with EdgeLockTM SE050 support packageRev. 1.2 — 23 April 2020 Application note534212

Document informationInformation Content

Keywords EdgeLock SE050, Plug & Trust secure element

Abstract This document is the entry point for getting familiar with EdgeLock SE050support package contents and how to get started with them.

NXP Semiconductors AN12394Get started with EdgeLockTM SE050 support package

AN12394 All information provided in this document is subject to legal disclaimers. © NXP B.V. 2020. All rights reserved.

Application note Rev. 1.2 — 23 April 2020534212 2 / 30

Revision historyRevision historyRevisionnumber

Date Description

1.0 2019-07-26 First document release

1.1 2020-01-27 Added EdgeLock product naming and other minor corrections. Updated EdgeLock SE050use case section.

1.2 2020-04-23 Fixed broken link in page 17




1 About EdgeLock SE050 support package

The EdgeLock SE050 support package is a comprehensive set of resources thatsimplifies design-in and reduces time to market. It offers libraries for different MCUs,integration with the most common OSs including Linux, Windows, RTOS and Android.It also includes example codes for major use cases, extensive application notes andcompatible development kits for i.MX, LPC and Kinetis microcontrollers.

Figure 1. EdgeLock SE050 security IC

The EdgeLock SE050 support package is prepared to demonstrate the latest IoTsecurity use cases such as secure connection to public/private clouds, device-to-deviceauthentication or protection of sensor data, among many others. You can leverageEdgeLock SE050 support package to simplify the implementation of strong securitymechanisms to meet the ever-increasing demand for easy-to-design and scalable IoTsecurity.




2 Get resources

This section details the required resources to get started with EdgeLock SE050 supportpackage and how to obtain them.

2.1 Get your EdgeLock SE050 Arduino compatible development kitThe EdgeLock SE050 Arduino compatible development kit (OM-SE050ARD) is theflexible and easy-to-use development kit for evaluation of the EdgeLock SE050 Plug &Trust product family. It can be used via the Arduino interface compatible to any boardfeaturing an Arduino compatible header, including many i.MX, LPC and Kinetis® boards,or via a direct I2C connection.

The first step to get started with EdgeLock SE050 support package is to get yourEdgeLock SE050 Arduino compatible development kit. To order one:

1. Go to EdgeLock SE050 Arduino compatible development kit. Scroll down and click onBuy direct button as shown in Figure 2:

https://www.nxp.com/products/identification-security/authentication/se050-arduino-compatible-development-kit:OM-SE050ARD?lang=en&lang_cd=en&




Figure 2. Go to EdgeLock SE050 Arduino compatible development kit website

2. You might be asked to sign-in with your account at the NXP website. If you do nothave an account, click on Register Now as shown in Figure 3:




Figure 3. Register your NXP account

3. If you already have an account, you can directly type your (1) email address, (2)password and (3) click sign-in button as shown in Figure 4:

Figure 4. Sign-in in NXP website

4. After signing-in, you will enter in the your shopping basket. Enter the number ofEdgeLock SE050 Arduino compatible development kits to order (1), and click onProceed to Checkout button (2) as shown in Figure 5




Figure 5. Update your shopping basket

5. You will be asked to fill in your billing and shipping address as well as the projectdetails as shown in Figure 6:

Figure 6. Fill in address and project details

6. Review your order request, enter your payment details and proceed to checkout asshown in Figure 7.




Figure 7. Proceed to checkout

In a few days, you will receive the boards at your shipping address.

2.2 Get your MCU/MPU boardThe EdgeLock SE050 is designed to be used as a part of an IoT system. It works as anauxiliary security device attached to a host controller. The host controller communicateswith EdgeLock SE050 through an I²C interface with the host controller being the masterand the EdgeLock SE050 being the slave.

You can use any of the boards listed in Table 1 to evaluate EdgeLock SE050 featuresor to try out the demos and examples included in the EdgeLock SE050 Plug & Trustmiddleware.

Note: Besides the mandatory connection to the host controller, the EdgeLock SE050device can optionally be connected to a sensor node or similar element througha separate I²C interface. In this case, the EdgeLock SE050 device is the masterand the sensor node the slave. Lastly, EdgeLock SE050 has a connection for anative contactless antenna, providing a wireless interface to an external device like asmartphone.

Table 1. Evaluation MCU/MPU boards detailsPart number 12NC Description Picture

IMXRT1050-EVKB 935363526598 MIMXRT1050-EVK lowcost evaluation kit forCortex-M7

https://www.nxp.com/MIMXRT1050-EVK




Part number 12NC Description Picture

FRDM-64F 935326293598 Freedom developmentplatform for KinetisK64, K63 and K24MCUs

MCIMX6UL-EVKB 935328353598 i.MX6UltraLite

evaluation kit

LPC55S69-EVK 935377412598 LPCXpresso55S69

Development Board

The next step to get started with EdgeLock SE050 support package is to get your MCU/MPU board. To order one:

1. Choose one of the MCU/MPU boards indicated in Table 1.2. Go to the MCU/MPU board webpage. You can also use the links in Table 13. Scroll down and click on Buy direct button. As an example, Figure 8 shows the Buy

direct button option for ordering a MIMXRT1050-EVK low cost evaluation kit forCortex-M7.

Figure 8. Get your MCU/MPU board

https://www.nxp.com/FRDM-K64F

https://www.nxp.com/support/developer-resources/software-development-tools/i.mx-developer-resources/i.mx6ultralite-evaluation-kit:MCIMX6UL-EVK

https://www.nxp.com/products/processors-and-microcontrollers/arm-based-processors-and-mcus/general-purpose-mcus/lpc5500-cortex-m33/lpcxpresso55s69-development-board:LPC55S69-EVK?lang=en&lang_cd=en&




4. Use the web form to proceed with your board order request. If you need more detailsabout the ordering procedure, more details are provided in Section 2.1

2.3 Get EdgeLock SE050 Plug & Trust middlewareThe EdgeLock SE050 Plug & Trust middleware is a single software stack designed tofacilitate the integration of NXP security ICs into your microcontroller or microprocessorsoftware. This middleware has built-in cryptographic and device identity features,abstracts the commands and communication interface exposed by NXP security ICs,and it is directly accessible from stacks like OpenSSL, mbedTLS or other cryptographiclibraries. In addition, it includes code examples for quick integration such as TLS andcloud service onboarding. It also comes with support for various NXP MCU / MPUplatforms and can be ported to multiple host platforms and host operating systems.

The EdgeLock SE050 Plug & Trust middleware is publicly available. To download it:

1. Go to EdgeLock SE050 webpage.2. On the top bar menu, click on Tools & Software tab.3. Scroll down to the Embedded Software section. Select the EdgeLock SE050 Plug

& Trust middleware according to the board you selected in Section 2.2 and clickDownload button as shown in Figure 9

Figure 9. Select EdgeLock SE050 Plug & Trust middleware package

4. The Download Manager will open and your download will start as shown in Figure 10.Wait a few seconds until the package has downloaded in your laptop.

https://www.nxp.com/products/identification-security/authentication/edgelock-se050-plug-trust-secure-element-family-enhanced-iot-security-with-maximum-flexibility:SE050




Figure 10. Download EdgeLock SE050 Plug & Trust middleware




3 Get to know the EdgeLock SE050 Arduino compatible development kit

The EdgeLock SE050 support package includes reference material to get to know theEdgeLock SE050 Arduino compatible development kit and how to use it. To get familiarwith it:

1. Order your EdgeLock SE050 Arduino compatible development kit sample asexplained in Section 2.1.

2. Shortly, you should soon receive in your shipping address a EdgeLock SE050Arduino compatible development kit package in a carton box similar to Figure 11:

Figure 11. Go to EdgeLock SE050 Arduino compatible development kitwebsite

3. Open the box and find a short quick start guide like the one shown in Figure 12. Thisleaflet provides a first overview to OM-SE050ARD pin description and configuration.




Figure 12. Quick start guide leaflet

4. For additional details, the AN12395 SE050 OM-SE050ARD development kit is thereference documentation for the EdgeLock SE050 Arduino compatible developmentkit. It describes the board and details how to use its jumpers to configure the differentcommunication options with the EdgeLock SE050 security IC.

https://www.nxp.com/docs/en/application-note/AN12395-OM-SE050ARD_hardware_overview.pdf




4 Run your first EdgeLock SE050 project example

The EdgeLock SE050 support package includes a set of simple software examples thatdemonstrate some basic interaction with EdgeLock SE050 (e.g. for signature generation /verification, data encryption / decryption, hashing, etc). These software examples arethe best way to get your development environment ready. You only need a few minutesto run these software examples using any of the MCU/MPU board listed in Section 2.2.Follow these steps to run your first example with SE050:

1. Order your EdgeLock SE050 Arduino compatible development kit sample asexplained in Section 2.1.

2. Order your MCU/MPU sample as explained in Section 2.2.3. Download EdgeLock SE050 Plug & Trust middleware as explained in Section 2.3.4. Follow the instructions provided in the EdgeLock SE050 Quick start guides to

prepare your laptop, prepare your board and execute EdgeLock SE050 Plug & Trustmiddleware MCUXpresso project examples.a. If you use FRDM-K64F as your MCU/MPU, check AN12396 Quick start guide with

Kinetis K64.

Figure 13. OM-SE050ARD board connected to FRDM-K64F

b. If you use i.MX6UltraLite as your MCU/MPU, check AN12397 Quick start guidewith i.MX6UltraLite.

https://www.nxp.com/docs/en/application-note/AN12396-Quick_start_guide_kinetis_k64.pdf

https://www.nxp.com/docs/en/application-note/AN12396-Quick_start_guide_kinetis_k64.pdf

https://www.nxp.com/docs/en/application-note/AN12397-Quick_start_guide_i.mx6ultralite.pdf

https://www.nxp.com/docs/en/application-note/AN12397-Quick_start_guide_i.mx6ultralite.pdf




Figure 14. OM-SE050ARD board connected to i.MX6UltraLite

c. If you use i.MX RT1050 as your MCU/MPU, check AN12450 Quick start guide withi.MX RT1050.

Figure 15. OM-SE050ARD board connected to i.MX RT1050

d. If you use LPC55S69 as your MCU/MPU, AN12450 Quick start guide toLPC55S69 .

https://www.nxp.com/docs/en/application-note/AN12450.pdf







Figure 16. OM-SE050ARD board connected to LPC55S69

e. In addition, these software examples are also available as Microsoft Visual studioprojects, check AN12398 Quick start guide to SE050 Visual Studio projects fordetails on how to run them.

Figure 17. OM-SE050ARD board running Visual Studio projects

https://www.nxp.com/docs/en/application-note/AN12398-Quick_start_guide_se050_vs_projects.pdf




5 Evaluate EdgeLock SE050 use cases

The EdgeLock SE050 support package includes sample code examples for the latestIoT security use cases. These sample code examples are the ideal resource to evaluateand learn how to leverage EdgeLock SE050 to implement high-performance for the IoTecosystem.

5.1 Secure cloud onboardingThe EdgeLock SE050 is designed to provide a tamper-resistant platform to safely storecredentials needed for device authentication and registration to public or private clouds.EdgeLock SE050 helps to set up a trusted TLS connection to onboard devices to thecloud without writing security code or exposing credentials or keys.

Figure 18. Secure cloud onboarding with EdgeLock SE050

The EdgeLock SE050 support package comes with proof of concept example codefor major cloud providers including AWS IoT Core platform, Google Core IoT platform,Azure IoT Hub platform and IBM Watson IoT platform. These software examples arethe best way to evaluate and learn how to leverage EdgeLock SE050 for secure cloudonboarding. Follow these steps to run the secure cloud onboarding demo examples:

1. Get EdgeLock SE050 support package resources and prepare developmentenvironment. For that, follow the instructions provided in Section 4

2. Check the instructions provided in the following documents to setup the cloud accountand register credentials, provision keys in your OM-SE050ARD board and execute thesample project:a. If AWS IoT Core is your cloud service provider, check AN12404 EdgeLock SE050

for secure connection to AWS IoT Core.b. If Google Core IoT is your cloud service provider, check AN12401 EdgeLock

SE050 for secure connection to GCP.c. If Azure IoT Hub is your cloud service provider, check AN12402 EdgeLock SE050

for secure connection to Azure IoT Hub.d. If IBM Watson IoT is your cloud service provider, check AN12403 EdgeLock

SE050 for secure connection to IBM Watson IoT.

5.2 Sensor data protectionThe EdgeLock SE050 is designed to be used as a companion chip to any type of MCUor MPU and sensors can be directly connected to it using an I2C master interface. TheEdgeLock SE050 allows you to set up a secure, end-to-end connection from the sensoror actuator to your local IoT gateway or cloud-based service, protecting the interfacebetween the sensor and the security IC. As such, EdgeLock SE050 helps you to providea higher level of security in your IoT system by:



https://www.nxp.com/docs/en/application-note/AN12401-SE050_secure_connection_google_cloud_iot_core.pdf

https://www.nxp.com/docs/en/application-note/AN12401-SE050_secure_connection_google_cloud_iot_core.pdf

https://www.nxp.com/docs/en/application-note/AN12402-SE050_secure_connectiom_azure_iot_hub.pdf

https://www.nxp.com/docs/en/application-note/AN12402-SE050_secure_connectiom_azure_iot_hub.pdf






• Preventing data manipulation: The data extracted by the sensor is collected privatelyand cannot be manipulated.

• Authenticating the sensor: The system authenticates the sensor as a proof of origin.• Providing end-to-end security: The data collected over the private sensor can be

encrypted and securely transferred to your gateway or cloud for further treatment andanalysis.

Figure 19. Secure cloud onboarding with SE050

The EdgeLock SE050 comes with a sample code that demonstrates how to leverageEdgeLock SE050 for sensor data protection. The instructions to execute this samplecode are provided in AN12449 - Sensor data protection with EdgeLock SE050.

5.3 Device-to-device authenticationThe EdgeLock SE050 provides a trust anchor at the silicon level, providing a tamper-resistant platform capable of securely storing keys and credentials needed to verify theauthenticity of an IoT device and a server.

Figure 20. Device-to-device authentication

The exchange and verification of digital certificates is the basis of the authenticationprocess. Check AN12399 SE050 for device-to-device authentication for more detailson how to leverage EdgeLock SE050 to implement a strong mutual authenticationmechanisms using digital certificates.

5.4 Secure access control in industrial IoTThe EdgeLock SE050 can be used as a secure access module to increase the security ofyour IoT-enabled card reader for physical or logical access. In this context, the EdgeLockSE050 can be used by a card reader to setup a secure transaction with MIFAREDESFire EV2 contactless cards. On the one hand, the EdgeLock SE050 stores theMIFARE secret key, authenticates the MIFARE DESFire EV2 and exports the MIFAREsession key to the host MCU. In turn, the host MCU implements the MIFARE applicationlogic and handles the MIFARE DESFire EV2 command set and secure messaging.


https://www.nxp.com/docs/en/application-note/AN12399-SE050_device_to_device_authentication.pdf




As such, EdgeLock SE050 helps you to provide a higher level of security in your accesscontrol system by:

• Protecting the master keys: The master keys used for card authentication areprotected inside the EdgeLock SE050 and can not be read or manipulated.

• Authenticating the card: EdgeLock SE050 supports the authentication protocol andthe session key generation algorithm of MIFARE DESFire EV2 card.

• Performing securely related commands: EdgeLock SE050 supports secure keychange or key diversification of MIFARE DESFire EV2 cards

Figure 21. Secure access module

The EdgeLock SE050 Plug & Trust middleware comes with a sample code thatdemonstrates how to leverage EdgeLock SE050 as a secure access module. Theinstructions to execute this sample code are provided in AN12569 - EdgeLock SE050 forsecure access control in Industrual IoT.

5.5 Wi-Fi credential protectionThe EdgeLock SE050 allows you to authenticate devices attempting to connect to a Wi-Fi router or wireless LAN network, securing access to restricted networks. The EdgeLockSE050 implements WPA-PSK and WPA-EAP-TLS security protocols.

In this case, the Wi-Fi module leverages on EdgeLock SE050 to safely store thepassword (in case of WPA-PSK protocol) or the private key and certificate (in caseof WPA-EAP-TLS authentication), and to derive the session keys required for dataexchange which are generated during the Wi-Fi connectionsetup.

Figure 22. Wi-Fi credential protection






An application note with more details on how to leverage EdgeLock SE050 to securelyauthenticate to a Wi-Fi network will be published soon.

5.6 Late-stage configurationThe EdgeLock SE050 comes with integrated a fully compliant ISO/IEC14443 Ainterface, which allows you to perform secure and convenient late stage parameterconfiguration of industrial IoT devices in the field.

In this scenario, the host is able to read the data written by the NFC device into theEdgeLock SE050 shared file system. Similarly, the NFC device reads the answer writtenby the host MCU into the EdgeLock SE050 shared file system. As such, the SE050 actslike a bridge between the IoT device and the contactless reader.

Figure 23. Late-stage parameter configuration

An application note with more details on how to leverage EdgeLock SE050 for secureand convenient late stage parameter configuration will be published soon.

5.7 Blockchain ID authenticationEdgeLock SE050 can support blockchain applications by providing a unique identifier.The EdgeLock SE050 features are relevant for blockchain applications as cryptographyis needed is to build identifiers, addresses and sign transactions requests. The EdgeLockSE050 secures storage of the blockchain ID and the credentials of the device. The UIDwill be used to identify the device where the transaction is originated. The key pair insidethe EdgeLock SE050 is used to sign the transaction.

Figure 24. Authentication in blockchain

The EdgeLock SE050 Plug & Trust middleware comes with a sample code thatdemonstrates how to leverage EdgeLock SE050 for authentication in blockchain. The




instructions to execute this sample code are provided in a document that will soon bepublished.




6 Get to know EdgeLock SE050 Plug & Trust middleware

The EdgeLock SE050 Plug & Trust middleware exposes an API called Secure SubSystem (SSS), which supports the access to the cryptography and identity features ofSE050 variants A, B and C, A71CH and A71CL security ICs. Figure 25 is a simplifiedrepresentation of the layers and components which EdgeLock SE050 Plug & Trustmiddleware is made of:

Figure 25. NXP Plug & Trust middleware block diagram

6.1 Building and compiling EdgeLock SE050 Plug & Trust middlewareThe EdgeLock SE050 Plug & Trust middleware is delivered with the CMake files thatinclude the set of directives and instructions describing the project's source files andtargets. The CMake files allow developers to build EdgeLock SE050 middleware in theirtarget platform, enable or disable features or change setting flags, among others. TheCMake-based option is provided for developers familiar with it or willing to run exactly thesame project example on PC/Windows/Linux and embedded targets.

The project options settings can be specified dynamically using the CMake GUI byselecting the flag choices, clicking configure and generate buttons. Figure 26 shows aCMake GUI screenshot with the EdgeLock SE050 project options.




Figure 26. CMake options

6.2 Code documentationThe code documentation provided as part of EdgeLock SE050 Plug & Trust middlewarepackage is an HTML file created using the Sphinx documentation generator tool. Theprimary audience of this HTML documentation are programmers, developers, systemarchitects and system designers. It includes:

• Technical API reference guide.• Instructions to compile and build EdgeLock SE050 Plug & Trust middleware.• Instructions to run the ssscli tool. See Section 6.3 for more details.• Developer guides to execute the demo and examples.

To open the HTML documentation:

1. Download EdgeLock SE050 Plug & Trust middleware as explained in Section 2.3.2. Unzip the EdgeLock SE050 Plug & Trust middleware package.3. In the unzipped package, go to simw-top\doc\ folder.4. Double click in the index.html file.




5. A browser with the documentation landing page will opened as shown in Figure 27:

Figure 27. HTML code documentation

6. From the same browser, you can navigate through the different document sectionsusing the left-hand side menu or the hyper-linked table of contents shown in thecenter. For instance, to check the SSS APIs description, click on Section 7. SSSAPIs on the left hand side menu as shown in :Figure 28

Figure 28. SSS API description




6.3 EdgeLock SE050 ssscli toolThe ssscli is a command line tool able to insert keys and credentials inside the SE050security IC during evaluation, development and testing phases. The ssscli tool iswritten in Python and supports complex provisioning scripts to be run on Windows, Linux,OS X and other embedded devices.

The EdgeLock SE050 Plug & Trust middleware code documentation provides detailedusage examples of the ssscli tool. To find these usage examples:

1. Download EdgeLock SE050 Plug & Trust middleware as explained in Section 2.3.2. Unzip the EdgeLock SE050 Plug & Trust middleware package.3. Go to simw-top\doc\ folder.4. Double click in the index.html file.5. Click on Section 10 CLI tool and then click on the Section 10.6 Usage

examples as shown in Figure 29

Figure 29. ssscli documentation

6. You will see a new page with examples describing how to use ssscli tool for the mostcommon operation




Figure 30. ssscli usage examples

6.4 Porting EdgeLock SE050 Plug & Trust middleware to your targetplatformThe EdgeLock SE050 Plug & Trust middleware comes with support for various NXPMCU / MPU platforms and can be ported to multiple host platforms and host operatingsystems. If your host MCU/MPU that you use is not listed in Section 2.2, the instructionsto port the EdgeLock SE050 Plug & Trust middleware to other platforms are providedin AN12448 EdgeLock SE050 Plug & Trust middleware middleware porting guidelines. This document will give an overview of the files of the EdgeLock SE050 Plug & Trustmiddleware that require being modified and step-by-step instructions on how to do it.

https://www.nxp.com/docs/en/application-note/AN12488-SE050_middleware_porting_guidelines.pdf




7 Legal information

7.1 DefinitionsDraft — The document is a draft version only. The content is still underinternal review and subject to formal approval, which may result inmodifications or additions. NXP Semiconductors does not give anyrepresentations or warranties as to the accuracy or completeness ofinformation included herein and shall have no liability for the consequencesof use of such information.

7.2 DisclaimersLimited warranty and liability — Information in this document is believedto be accurate and reliable. However, NXP Semiconductors does notgive any representations or warranties, expressed or implied, as to theaccuracy or completeness of such information and shall have no liabilityfor the consequences of use of such information. NXP Semiconductorstakes no responsibility for the content in this document if provided by aninformation source outside of NXP Semiconductors. In no event shall NXPSemiconductors be liable for any indirect, incidental, punitive, special orconsequential damages (including - without limitation - lost profits, lostsavings, business interruption, costs related to the removal or replacementof any products or rework charges) whether or not such damages are basedon tort (including negligence), warranty, breach of contract or any otherlegal theory. Notwithstanding any damages that customer might incur forany reason whatsoever, NXP Semiconductors’ aggregate and cumulativeliability towards customer for the products described herein shall be limitedin accordance with the Terms and conditions of commercial sale of NXPSemiconductors.

Right to make changes — NXP Semiconductors reserves the right tomake changes to information published in this document, including withoutlimitation specifications and product descriptions, at any time and withoutnotice. This document supersedes and replaces all information supplied priorto the publication hereof.

Suitability for use — NXP Semiconductors products are not designed,authorized or warranted to be suitable for use in life support, life-critical orsafety-critical systems or equipment, nor in applications where failure ormalfunction of an NXP Semiconductors product can reasonably be expectedto result in personal injury, death or severe property or environmentaldamage. NXP Semiconductors and its suppliers accept no liability forinclusion and/or use of NXP Semiconductors products in such equipment orapplications and therefore such inclusion and/or use is at the customer’s ownrisk.

Applications — Applications that are described herein for any of theseproducts are for illustrative purposes only. NXP Semiconductors makesno representation or warranty that such applications will be suitablefor the specified use without further testing or modification. Customersare responsible for the design and operation of their applications andproducts using NXP Semiconductors products, and NXP Semiconductorsaccepts no liability for any assistance with applications or customer productdesign. It is customer’s sole responsibility to determine whether the NXPSemiconductors product is suitable and fit for the customer’s applicationsand products planned, as well as for the planned application and use of

customer’s third party customer(s). Customers should provide appropriatedesign and operating safeguards to minimize the risks associated withtheir applications and products. NXP Semiconductors does not accept anyliability related to any default, damage, costs or problem which is basedon any weakness or default in the customer’s applications or products, orthe application or use by customer’s third party customer(s). Customer isresponsible for doing all necessary testing for the customer’s applicationsand products using NXP Semiconductors products in order to avoid adefault of the applications and the products or of the application or use bycustomer’s third party customer(s). NXP does not accept any liability in thisrespect.

Export control — This document as well as the item(s) described hereinmay be subject to export control regulations. Export might require a priorauthorization from competent authorities.

Evaluation products — This product is provided on an “as is” and “with allfaults” basis for evaluation purposes only. NXP Semiconductors, its affiliatesand their suppliers expressly disclaim all warranties, whether express,implied or statutory, including but not limited to the implied warranties ofnon-infringement, merchantability and fitness for a particular purpose. Theentire risk as to the quality, or arising out of the use or performance, of thisproduct remains with customer. In no event shall NXP Semiconductors, itsaffiliates or their suppliers be liable to customer for any special, indirect,consequential, punitive or incidental damages (including without limitationdamages for loss of business, business interruption, loss of use, loss ofdata or information, and the like) arising out the use of or inability to usethe product, whether or not based on tort (including negligence), strictliability, breach of contract, breach of warranty or any other theory, even ifadvised of the possibility of such damages. Notwithstanding any damagesthat customer might incur for any reason whatsoever (including withoutlimitation, all damages referenced above and all direct or general damages),the entire liability of NXP Semiconductors, its affiliates and their suppliersand customer’s exclusive remedy for all of the foregoing shall be limited toactual damages incurred by customer based on reasonable reliance up tothe greater of the amount actually paid by customer for the product or fivedollars (US$5.00). The foregoing limitations, exclusions and disclaimersshall apply to the maximum extent permitted by applicable law, even if anyremedy fails of its essential purpose.

Translations — A non-English (translated) version of a document is forreference only. The English version shall prevail in case of any discrepancybetween the translated and English versions.

Security — While NXP Semiconductors has implemented advancedsecurity features, all products may be subject to unidentified vulnerabilities.Customers are responsible for the design and operation of their applicationsand products to reduce the effect of these vulnerabilities on customer’sapplications and products, and NXP Semiconductors accepts no liability forany vulnerability that is discovered. Customers should implement appropriatedesign and operating safeguards to minimize the risks associated with theirapplications and products.

7.3 TrademarksNotice: All referenced brands, product names, service names andtrademarks are the property of their respective owners.




TablesTab. 1. Evaluation MCU/MPU boards details ................ 8




FiguresFig. 1. EdgeLock SE050 security IC ............................ 3Fig. 2. Go to EdgeLock SE050 Arduino compatible

development kit website ....................................5Fig. 3. Register your NXP account ...............................6Fig. 4. Sign-in in NXP website ..................................... 6Fig. 5. Update your shopping basket ........................... 7Fig. 6. Fill in address and project details ......................7Fig. 7. Proceed to checkout ......................................... 8Fig. 8. Get your MCU/MPU board ................................9Fig. 9. Select EdgeLock SE050 Plug & Trust

middleware package ....................................... 10Fig. 10. Download EdgeLock SE050 Plug & Trust

middleware ...................................................... 11Fig. 11. Go to EdgeLock SE050 Arduino compatible

development kit website ..................................12Fig. 12. Quick start guide leaflet .................................. 13Fig. 13. OM-SE050ARD board connected to FRDM-

K64F ................................................................14Fig. 14. OM-SE050ARD board connected to

i.MX6UltraLite .................................................. 15

Fig. 15. OM-SE050ARD board connected to i.MXRT1050 ............................................................15

Fig. 16. OM-SE050ARD board connected toLPC55S69 ....................................................... 16

Fig. 17. OM-SE050ARD board running Visual Studioprojects ............................................................16

Fig. 18. Secure cloud onboarding with EdgeLockSE050 ..............................................................17

Fig. 19. Secure cloud onboarding with SE050 ............. 18Fig. 20. Device-to-device authentication ...................... 18Fig. 21. Secure access module ....................................19Fig. 22. Wi-Fi credential protection .............................. 19Fig. 23. Late-stage parameter configuration .................20Fig. 24. Authentication in blockchain ............................20Fig. 25. NXP Plug & Trust middleware block diagram ...22Fig. 26. CMake options ................................................ 23Fig. 27. HTML code documentation ............................. 24Fig. 28. SSS API description ........................................24Fig. 29. ssscli documentation .......................................25Fig. 30. ssscli usage examples .................................... 26


Please be aware that important notices concerning this document and the product(s)described herein, have been included in section 'Legal information'.

© NXP B.V. 2020. All rights reserved.For more information, please visit: http://www.nxp.comFor sales office addresses, please send an email to: [email protected]

Date of release: 23 April 2020Document identifier: AN12394

Document number: 534212

Contents1 About EdgeLock SE050 support package ........ 32 Get resources ......................................................42.1 Get your EdgeLock SE050 Arduino

compatible development kit ............................... 42.2 Get your MCU/MPU board ................................ 82.3 Get EdgeLock SE050 Plug & Trust

middleware .......................................................103 Get to know the EdgeLock SE050 Arduino

compatible development kit .............................124 Run your first EdgeLock SE050 project

example ..............................................................145 Evaluate EdgeLock SE050 use cases ............. 175.1 Secure cloud onboarding .................................175.2 Sensor data protection .................................... 175.3 Device-to-device authentication .......................185.4 Secure access control in industrial IoT ............ 185.5 Wi-Fi credential protection ...............................195.6 Late-stage configuration .................................. 205.7 Blockchain ID authentication ........................... 206 Get to know EdgeLock SE050 Plug & Trust

middleware .........................................................226.1 Building and compiling EdgeLock SE050

Plug & Trust middleware ................................. 226.2 Code documentation ........................................236.3 EdgeLock SE050 ssscli tool ............................ 256.4 Porting EdgeLock SE050 Plug & Trust

middleware to your target platform .................. 267 Legal information ..............................................27

Documents

Get started with EdgeLockTM SE050 support packageGet started with EdgeLockTM SE050 support package Rev. 1.2 — 23 April 2020 Application note 534212 Document information Information