ATECC608 USB dongle
This project is an USB dongle for connecting a Microchip Crypto Authentication chips to a PC.
What are these crypto ICs?
The Crypto Authentication chips is a series of cheap (less than a euro in single quantities) cryptographic chips from Microchip, designed to run as secure enclaves in equally inexpensive consumer electronics such as IoT devices.
This series include:
- The ATECC608A, a pretty capable device which has AES, SHA256, HMAC, EC, DRBG and TRNG.
- The ATECC508A, an older version of the ATECC608A.
- The ATSHA204 which does SHA and HMAC only.
- The deprecated ATAES132, which does AES only.
As opposed to most companies which require signing a NDA for accesing the documentation, Microchip has shared all the required documentation to use them. They even have a public, open source cryptography library called cryptoauthlib.
Their availability, pricing and documentation make them a pretty nice device for securing critical information on a server or a PC, such as the HTTPS or SSH private keys.
However, while the chips are easy to come by, there seems to be no free, open-source design to use them on a PC. The only official solutions are large, bulky development kits which of course are not suitable for end usage.
This dongle attempts to solve that problem, by providing a small, easy to build USB dongle made using dirty common and cheap off-the-shelf parts. While it uses SMD parts, I’ve intentionally used relatively large parts whereas possible so it can be easily assembled and soldered by hand.
WARNING: This project requires a CryptoAuthentication device that uses the SWI protocol (part number is ATxxx-xxxxZ), instead of I2C (part number is ATxxx-xxxA). An I2C device cannot be configured to use SWI, and vice-versa.
The dongle is extremely simple, and has the bare minimum to work. It is designed around the CH340G USB-UART interface made by WCH (U1). Having a built-in voltage regulator, all it needs is a single 12MHz crystal (X1).
While the USB-UART IC has a full-duplex interface with separate TXD and RXD pins, the Crypto Authentication devices expect communication to happen over a single I/O pin called SWI.
The task of converting the full-duplex interface to the half-duplex interface is accomplished by the non-inverting buffer IC (U3) and a pull-up resistor (R1).
The board also provides an LED controllable by the secure element’s GPIO pin (LED2). If the GPIO pin wants to be used as a sense pin and the LED interferes, it can be disabled without desoldering anything just by cutting the LY (LED Yes) and bridging LN (LED No).
Finally, the H1 header is a debug header which exposes the 5V, SWI, GPIO and ground signals.
Most of the parts come from LCSC, except for the Crypto Authentication IC which is not available from them, and comes from MicrochipDirect instead.
|U2||ATECC608A CryptoAuthentication IC|
|U3||MC74VHC1G07 Non-inverting open-collector buffer|
|Q1||Generic NPN transistor|
|C1,C2||20pF ceramic capacitor|
|C3,C4||100nF MLC capacitor|
|C5||22uF MLC capacitor|
|USB1||USB-A 2.0 male|
|H1||4x1 male pin header|
The total cost is about 3€ per dongle in small quantities, including the cost of making the PCBs. The complete part list with LCSC and MicrochipDirect part numbers can be downloaded from the EasyEDA project below.
This project is available at EasyEDA where you can freely look, modify and download the schematic, Gerber files or bill of materials.
For now, I have not yet had time to adapt the Microchip library to this dongle, which means there’s zero software for it. Sorry.