Skip to content

essential-contributions/secure-elements

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
PCBs
PCBs
 
 
contracts
contracts
 
 
crates
crates
 
 
embeded
embeded
 
 
hardware
hardware
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

Secure Elements

Cross-vendor tooling for secure elements, focused on three things:

  • probing real hardware from a Raspberry Pi or Linux host,
  • extracting manufacturer-provisioned identity material,
  • verifying attestation material and device signatures in Rust.

The repository combines low-level transport code with higher-level verification logic so the same project can cover hardware bring-up, certificate parsing, and challenge/response attestation flows.

Repository layout

  • embeded/src/chips: C drivers for each secure element family.
  • embeded/src/include: shared transport and platform headers.
  • embeded/raspberry_pi: Raspberry Pi/Linux demo binary plus I2C and logging helpers.
  • crates/verification-guest: core verification and certificate parsing logic intended for deterministic/provable environments.
  • crates/verification: host-facing Rust wrapper crate with verification tests.
  • hardware/README.md: comparison table and sourcing notes for candidate chips.
  • contracts/p256.sol: Solidity helper for RIP-7212 P-256 verification flows.

Implementation status

Manufacturer Chip C driver status Rust verification status
STMicroelectronics STSAFA110 SPL02 detection, DER certificate read, digest signing sample certification verification covered in crates/verification
Microchip ATECC608C-TNG detection, certification blob read, digest signing sample certification verification covered in crates/verification
NXP SE050C2HQ1Z01 detection, attested object + certificate read, digest signing sample certification verification covered in crates/verification
Infineon SLS32AI010MHK detection, certificate read, digest signing sample certification verification covered in crates/verification

The Raspberry Pi demo and the Rust verification path currently cover the same four chip families. The verification coverage is backed by test vectors in crates/verification/src/lib.rs.

Raspberry Pi demo

Prerequisites:

  • Linux with I2C enabled; the demo expects /dev/i2c-1.
  • gcc, pkg-config, and the libgpiod development package.

Build the demo:

cd embeded/raspberry_pi
make

Run it:

./se

The demo probes each supported chip, attempts to read certificate or certification data, and requests a P-256 digest signature where that path is implemented.

Rust workspace

Build everything:

cargo build --workspace

Run the verification tests:

cargo test -p verification

The Rust side is split intentionally:

  • verification-guest contains the chip-specific parsing and verification logic.
  • verification provides the host crate and sample verification tests for the currently supported certification formats.

Verification flow

At a high level, the intended attestation flow is:

  1. detect the chip and read its manufacturer-provisioned identity material,
  2. parse chip-specific certificate or certification blobs,
  3. validate the chain against pinned manufacturer roots,
  4. ask the chip to sign a challenge digest,
  5. verify the returned signature against the validated device public key.

Security notes

  • Treat this repository as work in progress.
  • Make root key pinning, certificate policy, and revocation handling explicit before production use.
  • Perform independent review and hardware validation before using any of this in a high-assurance system.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages