GridTrust PUF Setup

GridTrust PUF Setup

 

The PUF utilized by the GridTrust framework is an SRAM PUF found on the LPC55S69 microprocessor. Our PUF usage utilizes two bare-metal scripts.

First, an enrollment script is run to initialize the PUF and store a chosen counter and AES key value. Second, an operational script is flashed to the device’s memory to deploy the PUF board.

Source Code

GitHub Link

Devices Utilized

LPCXpresso55S69 Development Board

Computer Running Windows 10

Software Utilized

MCUXpresso SDK and IDE

Setup

The PUF setup first enrolls a desired AES key and a 128-bit counter onto the LPC55S69 microprocessor. These steps are accomplished with the MCUXpresso SDK, available from NXP.

PUF authentication is achieved by synchronization between the counter on the server and the counter on the PUF.

PUF Board Jumper Configuration

    • Jumper on J7
    • Jumper on J6 set to FS
    • Jumper on P4 set to 3.3V
    • Jumper on J3 set to Loc
    • No other jumpers
  1. Install MCUXpresso SDK and IDE
    • The IDE is the graphical user interface for loading projects and programming the board, the SDK consists of backend software and device drivers for the board (we used SDK_2.x_LPCXpresso55S69 version 2.16.000)
    • The latest MCUXpresso IDE requires a Windows computer, it will not work on the Fedora machines
  2. Load the enroll project found on GitHub (.zip file)
  3. Change the counter and AES key values (or keep the defaults) found in the sources/enroll.c file
    • The default key is 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
    • The default counter is 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    • Found on lines 60 and 63 of enroll.c
    • Note: these values use the same endianness as those stored in the server PostgreSQL database
  4. Build the enroll project and run the program on the PUF board
    • In MCUXpresso, you can load the projects from GitHub using File -> Open Projects from File System -> Archive
    • Connect the PUF to the computer running MCUXpresso using a USB cable
    • Ensure that the cable is connected to the “debug link” USB-C port on the PUF board
    • In MCUXpresso, click on the Enroll project folder in the Project Explorer tab
    • In the Quickstart Panel (underneath the Project Explorer tab), press “Debug with LinkServer Probes” and wait for the debugging to complete
    • Once debugging is complete, terminate the debug session
  5. Load the encrypt_ctr project found on GitHub (.zip file)
    • Follow the same substeps as above, except using the Encrypt_ctr project rather than Enroll
    • All you need to do differently is click on the Encrypt_ctr project folder in the Project Explorer tab on the left of the IDE
    • Once “Debug with LinkServer Probes” is run, the program is already flashed onto the board
    • Do not run the project (the Run button in MCUXpresso), otherwise, the counter on the board will be incremented and out-of-sync with the counter on the server
  6. Reconnect the board to the native or interface device computer with a USB connection
    • Ensure that the cable is connected to the “debug link” USB-C port on the PUF board
    • The PUF board uses flash memory, so its programmed state is persistent even when the board is powered off (which is why we can program the PUF on a Windows computer and then reconnect it to the Fedora computer)
  7. Repeat steps for each additional PUF board