Saturday, February 17, 2018

LoRa Range Issues

(this is a work in progress, published after I lost prior draft :| most recent update: 4:02PST 2/18/2018)

This is a continuation of my previous blog: M5Stack LoRa Range Issues.

When considering performance, be sure to check out this excellent YouTube video: #182 ESP32 Lora Boards: What you need to know before you buy (incl. Antenna knowledge) - thanks Mark West @TheFlyingZephy for pointing this out)

There are a variety of LoRa libraries:

Plus this interesting gist

My LoRa32u4 is using the RadioHead libraries; The M5Stack uses a slightly modified Sandeep library. A pair of LoRa32u4 units work great. A LoRa32u4 sending to M5Stack - not so great. So I'm attempting to use the RadioHead library with the M5Stack.

To install M5Stack library with ability to save in GitHub and submit pull requests. First fork the project to your own GitHub repository. Then clone it to your Arduino library (in my case, gojimmypi user)

cd C:\Users\gojimmypi\Documents\Arduino\libraries\
git clone
:: optionally get RadioHead drivers from Adafruit
:: ren RadioHead RadioHead-stock
git clone

cd C:\Users\gojimmypi\Documents\Arduino\libraries\
mkdir temp-adafruit
cd temp-adafruit
git clone
cd RadioHead
xcopy *.* ..\..\RadioHead\*.* /s /d
:: reminder to delete temp-adafruit

In my case, after the fork from Adafruit, I deleted everything (except hidden .git directory, of course) and copied back the contents of the RadioHead-stock directory so we could use Visual Studio diff (right-click, Compare with Unmodified). Not unexpected, the RadioHead I had was older. So I fetched the Adafruit into a temp directory, then copied it back:


Visual Studio users will be happy to know there's a feature to use File Explorer; right click on the directory and select "open in Visual Studio". With the GitHub extension installed, there's a very nice GUI for GitHub.

To add the RadioHead libraries to an M5 Stack project: vMicro - Add Library - User - RadioHead:

SemTech SX1276/77/78/79 == HopeRF RFM95/96//987/98

Monday, February 12, 2018

M5Stack LoRa Range Issues

Investigating 32u4 to M5Stack LoRa poor range issues; Background information & initial tool setup.

Well, after my last post regarding the fascinating world of FPGA programming, I really thought this next post would continue on that topic. I really want to try out Luke's tiny FPGA board. Alas I've encountered another issue on a project that warrants sharing and someplace for me to keep my notes.


  • Misc details and notes on LoRa
  • VisualMicro ESP32 USB Debugging caused by new driver version
  • NESDR issue with SDR software and driver install
  • LoRa Range issue still unresolved, stay tuned for part 2

Late last year, I finally decided to buy a couple of "DIYmall LoRa32u4 LORA RA-02 Module Development Board Long Range Communication 1KM LiPo Atmega328 SX1278 with IPEX Antenna for Arduino" devices when Amazon had one of their "Lightening Deal of the Day" sales. Not to be confused with LoRaWAN - these are simple serial-type broadcast devices but with very long range. Getting them to talk to each other was ridiculously easy mainly thanks to the great Adafruit Feather 32u4 with LoRa Radio Module tutorial and sample code.

Perhaps there's some software to do LoRaWAN with these (if anyone knows, let me know ) - however I don't have any service providers nearby and the gateways are expensive.

edit 2/18/18: here's a video on creating a LoRa gateway:

By the time my LoRa modules arrived, I had forgotten the title explicitly called out the "RA-02 Module". In hindsight, I'm surprised the Adafruit code worked at all, given their description naming their LoRa device as a Adafruit Feather 32u4 LoRa (RFM9x).  Apparently the RA-02 and RF95 libraries are "close enough" - as my 32u4 appears to have the exact same RA-02 module as used on the M5Stack LoRa module. (I wonder what, exactly is on the Adafruit device?)

Which reminds me: be sure to check the frequency of the respective LoRa devices: they need to match not only each other, but also be allowed in respective county of use!

  (source: RF Wireless World)

After having the proof of concept working with the two 32u4 devices (RadioHead RFM95 libraries)  - which I was able to show them working hundreds of meters apart through very obstructed signal path and certainly not a straight line-of-site (e.g. hill, buildings, trees, etc)... I thought it would be cool to have a display module on one end, controlling the GPIO's on the other.

Some time ago, I had ordered an ESP32-based M5Stack so I decided to use this for a "console" along with their LoRa Module to talk to a very remote 32u4. Seems simple enough in concept, eh? Ha! Nothing is ever as easy as is is supposed to be.

First, the M5Stack core library uses different Sandeep Mistry LoRa drivers. (see also github) Thinking that "LoRa is LoRa", I assumed that they would work together. Indeed the workbench test was a complete success the first time.

However, the first real field test was a disaster. Taking the dog for a walk with an M5Stack connected to USB battery pack in hand, I expected to be tweeting success far from home. I was barely out of WiFi range across the street when the M5Stack stopped receiving messages from the 32u4. Certainly a long way from kilometer LONG Range.

As it turns out, KongDuino recently left a rather interesting blog review of the M5Stack and LoRa modules. It would seem that I'm not the only one with LoRa range problems. If it was easy, it wouldn't be any fun - right?

Note that the 32u4 devices use so little power, that the Anker portable power supply turns off after a few minutes - perhaps thinking nothing is actually connected. Perhaps a USB hub or something might help for a road trip with it.

I've posted my code on GitHub under a project called LoRa-GPIO. This is a pitiful hack of sample code, but an otherwise operational proof of concept of the 32u4 transmitting a signal for the M5Stack to receive and display.

So to investigate the range issues, we'll need some tools such as break-point debugging and signal analysis.

Note for anyone using VisualMicro for development (like me). If any problems are encountered debugging the ESP32, be sure to check the CP210x USB driver version - particularly just after Windows Updates. There's apparently a known problem with recent drivers not working, Simply select (or install as needed) an older version to fix:

Ok, so anytime there's a signal transmission issue at hand, it is helpful to have some visualization tools. I have the inexpensive Nooelec Smart SDR on hand.

See Using SDR Sharp Quick Start Guide. Download Windows SDR Package from  Need to disable new security feature that prohibits unsigned drivers.

bcdedit /set testsigning on

Reboot. To turn off:
bcdedit /set testsigning off

Even running zadig as administrator, I was unable to change drivers. So ok, I guess I needed to download new driver installer from the Nooelec Getting Started.  Windows is brutal; it completely removed the prior SDR drivers I had installed and working. Grr,,,

SDR Sharp had complained about the Visual Studio 2015 C++ runtime not being able to be installed (I have Visual Studio 2017 installed)... so rather than fuss with that, I installed the CubicSDR 0.2.2 software also located at the bottom of the Nooelec Getting Started with NESDR page.

Note there's an entire CubicSDR web site, and the most recent version appears to be v0.2.3 released in January of this year (2018) complete with source code on GitHub.

Once finally installed, the LoRa signal can be visualized:

So, ok.. I've fussed with Visual Studio debugging, SDR software install, and typing up all these notes and most of the day has flown by. No progress today on the actual problem of poor LoRa range. Clearly a part two is due and coming soon...

Saturday, February 3, 2018

First FPGA Test Drive with Altera Cyclone IV

I decided to finally learn how to program an FPGA! Here are some first impressions and notes to self for future reference.


  • Blaster drivers need to be manually installed from C:\intelFPGA_lite\17.1\quartus\drivers
  • Cyclone IV board is EP4CE6E22C8; do not use default "auto device" (for Pin Planner) 
  • Verilog file added manually, module name must match file name and is case sensitive
  • Source files in the project are "Design Entities"
  • Do not insert to remove the USB Blaster ribbon cable while the device is powered on.
  • Download vendor board files here
  • JTAG programming of FPGA is temporary and lost upon power cycle

I ordered my first FPGA board - the Altera Cyclone IV EP4CE6 FPGA Development Kit and USB Blaster from the Numon Electric Cyberport Store on Aliexpress thanks to inspiration by Amitesh. He did all the footwork to find what seems to be the coolest Cyclone FPGA board that can still be programmed with the free version software. (note the really cool GX version with Nios processor needs software costing thousands of dollars)

If you order the board from Numon Electric, they have a download available on one-drive that includes a ton of really great documentation, sample code, and more. The file is called "RZ301 EP4CE6 development" however the contents of that zip file consist of mainly a single file "Altera Cyclone IV board V3.0.rar". Windows users will be annoyed that there's no native tool to easily extract RAR files. Having a linux VM or WSL will be handy here. The latest version of winzip also appears to now support RAR extraction.

Overall I was quite happy with the responsive customer service, prompt delivery, and quality of my new FPGA board. If you look close at the picture of my board, the actual silkscreen quality is much better than shown: the blur is from the poor picture.

While awaiting delivery of my Cyclone, I found this other tiny, inexpensive FPGA created by Luke Valenty. Note that if you order on the tinyfpga store web site, you can pay with Amazon, without having the hassle of creating an account, etc. This board is so cool, I think I will have a separate blog about it later.

Surprisingly, my Cyclone board arrived relatively quickly in only about 2 weeks! (the estimate at order time was 19 to 39 days)

In order to program the Cyclone board, the Altera Quartus Prime Lite software is needed. Unlike some other programs, installation was quick and easy.

IMPORTANT: Do not insert to remove the USB Blaster ribbon cable while the device is powered on. There was an included warning that the board would likely be damaged. I did not test this.

The USB Blaster was not Plug-N-Play, and Quartus Prime did not see it:

A quick google search indicated that the drivers need to be manually installed; instructions copied from Altera site here for reference:
The Altera On-Board USB-Blaster II cable appears as Altera USB-Blaster (unconfigured) when first attached to your system. After it has been configured by the Quartus Prime software, it will appear as Altera USB-Blaster II (JTAG interface) and then Altera USB-Blaster II (SystemConsole interface). You might need to install drivers for each of these interfaces; follow the steps below to install the drivers.

You must have system administration (Administrator) privileges to install the USB-Blaster and USB-Blaster II download cable driver.

Driver Installation for Altera USB-Blaster

  1. Plug the USB-Blaster download cable into your PC. The Found New Hardware dialog box appears.
  2. Select Locate and install driver software (recommended).
  3. Select Don't search online.
  4. When you are prompted to Insert the disc that came with your USB-Blaster, select I don’t have the disc. Show me other options.
  5. Select Browse my computer for driver software (advanced) when you see the Windows couldn’t find driver software for your device dialog box.
  6. Click Browse, and browse to the <Path to Quartus Prime installation>\drivers\usb-blaster directory.
    • Note: Do not select the x32 or x64 directories.
  7. Click OK.
  8. Select the Include subfolders option, and click Next.
  9. If you are prompted Windows can’t verify the publisher of this driver software, select Install this driver software anyway in the Window Security dialog box. The installation wizard guides you through the installation process.
  10. When The software for this device has been successfully installed dialog box appears, click Close.
  11. To complete your installation, set up programming hardware in the Quartus Prime software.

Driver Installation for Altera USB-Blaster II

  1. Plug the USB-Blaster II cable into your PC.
  2. Open the Device Manager, and right-click on the Unknown device under the Other devices branch.
  3. Select Update Driver Software.
  4. Select Browse my computer for driver software.
  5. Enter the location of the Quartus Prime software USB-Blaster II driver files directory (<Path to Quartus Prime installation>\drivers\usb-blaster-ii) in the Search for driver software in this location field.
  6. Click Next.
  7. Click Install in the Would you like to install this device software? Windows security dialog box.
  8. Close the Update Driver Software - Altera USB-Blaster II (Unconfigured) successful installation notification. The Device Manager now shows a new branch called JTAG cables with an Altera USB-Blaster II (Unconfigured) node.
  9. Open the Quartus Prime Programmer. Within a few seconds, the JTAG cables branch displays two nodes: Altera USB-Blaster II (JTAG interface) and Altera-USB Blaster II (System Console interface).

The pin-out of the USB Blaster cable is such that it can be used for three different programming modes: AS, PS and JTAG, as shown in this pin definition table from the Intel FPGA USB Download Cable User Guide:

The important thing to note here is that programming via JTAG is temporary! My board came pre-programmed with something that cycles though the 4 LED's on the board. There's always a little fear of sending a new program that toasts your new FPGA (yes, this is absolutely possible!). So it is cool that upon power cycle, the original config is loaded back into the FPGA to confirm all us well. Fortunately my first program actually worked the very first time!

As with all development environments, Quartus has its own annoyances. I found it very difficult to simply: File - Create New Project and get something to actually work without a bit of fussing.

The first annoyance is the default directory. For example, in Visual Studio, the IDE is smart enough to know to actually create a directory for your project. Any you only need to type it once. Here, the default directory is the IDE, and projects are created there unless explicitly stated in THREE places. So the new Project Wizard starts here:

Be sure to append a project name to the directory:

Or better yet, I keep all my project in c:\workspace\ in this case for the new myFPGAgizmo project:

You can set the default location in: Tools - Options - General - Default File Location.

I created an empty project...

and did not add any design files...

This next step is important... the default device is set to "Auto". What this does is completely disables the Pin Planner feature needed later, giving an error:
Cannot display Pin Planner the current Compiler settings assign an AUTO device.
For a newbie like me.. the solution was not very obvious. To avoid this, change the default at new project time to EP4CE6E22C8

The tools are left as default:

On the final Project Wizard page, the summary is shown:

Tada! All done, right? Nope. The "Wizard" still does not actually complete a project.

Double-click on "myFPGAgizmo" to edit the code, and a nice, less-than-intuitive error pops up:
Can't find design entity "myFPGAgizmo".
Not exactly to most intuitive error message for a newbie. 

Good luck finding "Add Design Entity" in the menu. Here, you just need to know that a new Design File needs to be manually added (why the wizard does not do this, I do not know).

So from what I can tell:  a source "File" == "Design Entity".

File - New - Verilog HDL File:

Quartus does not give you an opportunity to name this file when it is first created. Only at save time will it prompt to give it a new name. Visual Studio users will not be impressed.

Now another important note: The name of the module MUST MATCH the name of the "top level" file name, and it is case sensitive. The "top level design entity" is that file first listed. You just need to know this. Otherwise the Quartus software gives the less-than-intuitive error message:
Top level design entity "myFPGAgizmo" is undefined 
Here the "myFPGAgimoName" needs to be the same as the file name "myFPGAgizmo":

So after dealing with those annoyances the learning curve, I was finally able to write some Verilog that I found in another tutorial (see page 14):

module myFPGAgizmo (x1, x2, f); 
  input x1, x2; 
  output f; 
  assign f = (x1 & ~x2)|(~x1 & x2); 

This is where things get interesting. It is one thing to write some code, but getting it to interface to the real world is what makes it fun! Normally I/O is abstracted through complex device drivers and API calls. However, it does not get much more direct in FPGA programming, as the actual pins on the chip are assigned to variables in our code! Even better, there's no bizarre renumbering that I find ridiculously frustrating in the world of Arduino programming. There's a single pin number. Ahhh. What bliss.

As can be seen in the schematic, Pin 87 is LED4, and Pins 88 and 89 are tied to keys (button switches) KEY1 and KEY2 (but yes, instead labeled S1 and S2 on the board). Yes, those are the actual pins numbers on the Cyclone IV - pins 87, 88, and 89. No big deal, right? Well, sure - but apparently not all engineers agree. Just google "pin numbering arduino" to see how many hours have been lost to frustrating abstracted re-numbering.

Once code is entered, it is compiled using the menu: Processing - Start Compilation. When the pins are not actually assigned, there will be a compiler warning:

Critical Warning (169085): No exact pin location assignment(s) for 3 pins of 3 total pins. For the list of pins please refer to the I/O Assignment Warnings table in the fitter report.
Click on Assignments - Pin Planner. (recall above, we explicitly assigned our chip part number, otherwise this feature is not available).  If you double-click in the Location column, a drop-down list will appear:

We need to assign the pins to keys and LED as shown in the schematic:

Simply close the Pin Planner and compile again. We're ready to send the FPGA code to our device!

Note the USB Blaster connection in the very first picture on this page.

Click Tools - Programmer. If the currently selected hardware says "No Hardware", click the "Hardware Setup" button (make sure your device is plugged inn, and drivers installed)....

In this case, I selected the USB Blaster by double-clicking on it.

To send the FPGA code to the device, select "Processing - Start" (or simply press the "Start Button"). If successful, there will be an indication in the progress box:

That's it! There's now an XOR gate programmed in the FPGA. Press S1 or S2 to have the LED got out. Press both or leave both unpressed and the LED1 will be illuminated. Cool.

Note we've programmed the FPGA via the JTAG connector on the board. When the board is power cycled, we'll lose these changes and the board will revert back to vendor ship default.

Note that if you find cheap Cyclone boards on flea bay, the most recent version of Quartus does NOT support the older chips! I sadly learned this after buying a cheap, bare-bones Cyclone II and then noticed it was not listed as a device option in the Quartus IDE. The latest version supporting the Cyclone II is Quartus version 13.0sp1 from 2013. (I wonder if side-by-side installs are supported? I didn't try)

Here's a chart of supported devices vs Quartus versions specifically the Cyclone series:

That's it for now... send me a message on twitter if you have any feedback / suggestions / notice any typos.

Resources, Inspiration, Credits, and Other Links:

Monday, January 1, 2018

Sino:bit Test drive & attempt to single-step debug with OpenOCD and GDB

Sino:bit - Arduino, OpenOCD and GDB?

A little while back, I responded to an offer to get a free Sino:bit from the nice folks at Elecrow. Well, it was not completely free; I paid $4 for shipping from China, as it was not really practical for me to pick it up. ;)

In case you've not heard - this is the Chinese version of the BBC Micro:bit - or more precisely, based on the Calliope mini, which is based on the Micro:bit. Me... I'm in favor of pretty much any technology that may help inspire the next generation of programmers.

Although there are a variety of ways to program this device, I followed along with the Adafruit instructions to use the Arduino IDE (and/or the VisualMicro add-in for Visual Studio).

Initial programming was really quite easy. There was one little instruction missing from the Adafruit site. Hopefully they will notice my tweet and make the correction. In short, the Arduino HT1632 libraries need to be manually added. So if you see an error like this:

...then simply add the library:

I like to turn on verbose compiling and uploading:

When doing so, a successful upload will look like this:

In particular, I noticed that a forked version of Open OCD is used to upload the sketch. The first thing that comes to mind when mentioning OpenOCD, is of course GDB! So I thought I'd see if I could get some single-step debugging working without the need for a potentially expensive hardware debugger.

One line to notice during the verbose compile / upload is the last line of the compile. Note that a unique directory is created for the binaries. In my case: ~\arduino_build_91191

The full line from my Arduino IDE looked like this:

C:\Users\gojimmypi\AppData\Local\Arduino15\packages\sandeepmistry\tools\openocd\0.10.0-dev.nrf5/bin/openocd.exe -d2 -f interface/cmsis-dap.cfg -c ; -f target/nrf51.cfg -c program {{C:\Users\GOJIMM~1\AppData\Local\Temp\arduino_build_91191/sinobit.ino.hex}} verify reset; shutdown; 

In order to launch OpenOCD to simply listen, and not upload - minor modifications are needed. Remove everything after and including the "-c program":

C:\Users\gojimmypi\AppData\Local\Arduino15\packages\sandeepmistry\tools\openocd\0.10.0-dev.nrf5/bin/openocd.exe -d2 -f interface/cmsis-dap.cfg -c ; -f target/nrf51.cfg  

Upon launching this in a DOS window, the resulting output looks like this:

Note that OpenOCD will not exit. It is waiting and listening for a GDB connection.

In my case, I could not find a suitable Windows GDB executable. So I ventured into the land of WSL - specifically Ubuntu. (I also wrote a little blog on OpenOCD on WSL Ubuntu). Once a local Ubuntu is installed an operational, GDB can be added:

sudo apt-get install gdb
Note that in WSL Ubunto, there's no C:\ drive and the slashes all go in the opposite directions. I went to my specific directory created by the Arduino IDE:

cd /mnt/c/Users/gojimmypi/AppData/Local/Temp/arduino_build_91191

GDB is launched like this:
gdb -d ./ -d /mnt/c/Users/gojimmypi/AppData/Local/arduino15/packages/sandeepmistry/hardware/nRF5/0.4.0/cores/nRF5 -f sinobit.ino.elf

If all goes well, when GDB is running and accepting commands, if will look something like this in the WSL Ubuntu window:

Due to the oddities of Windows vs Linux, I first ran these commands:

# C:\ is found in /mnt/c
set substitute-path c:/ /mnt/c

# There was an odd case problem in Arduino15 vs arduino15
set substitute-path /mnt/c/Users/gojimmypi/AppData/Local/Arduino15/ /mnt/c/Users/gojimmypi/AppData/Local/arduino15/

# make really sure the current directory is used
directory ./

Then connect:
target remote localhost:3333
monitor reset init

The resulting GDB window in Ubuntu should look something like this:

The OpenOCD DOS window should have updated, and look something like this, showing the successful connection:

At this point, things are really exciting! Ready to debug? Sadly, no. Typing the GDB "step" command results in the dreaded message:

Cannot find bounds of current function

I also tried to use the VisualMicro add-in for Visual Studio, no joy there, either:

Although it certainly works to compile and upload code in "release" (no single-step debugging) mode:

@TheFlyingSephyr also suggested trying the Embedded Studio IDE with the Segger hardware debugger. Perhaps another blog for another day...

On a side note, it might me interesting to peek at the elf file:

sudo apt-get install binutils
readelf -a /mnt/c/Users/gojimmypi/AppData/Local/Temp/arduino_build_91191/sinobit.ino.elf

In the end, it seems that you simply can't get to there from here when attempting to debug a "soft device".  :| If you have any ideas, please leave a comment or send me a message at gmail.

UPDATE: I've had a few replies regarding other debugging options. In particular a tweet from Tomas indicating that perhaps Mbed tools might help. Indeed there's some interesting info that shows using arm-none-eabi-gdb and pyOCD. Although I was able to get that toolchain installed and working:

I was not able to actually get single-step debugging working (nor does the Mbed instruction page indicate this is even possible). Note the error:

(gdb) step
Cannot insert hardware breakpoint 0.
Could not insert hardware breakpoints:
You may have requested too many hardware breakpoints/watchpoints.

As show here:

Another more promising method (although considerably more complex and potentially expensive) - would be the hardware debugging method using JTAG. One of the key things needed here is of course is how to connect the debugger. Many thanks to Elecrow for the prompt reply on twitter for information on the Sino:bit JTAG pins:

What you cannot immediately see from the silkscreen is that those are pads and not through-holes. Another item on my wish list for version 2! (ok, let's make the proper wish: how about a actual header for JTAG connector!)

I'll create another blog page for the Sino:bit JTAG. My first attempt will be using my $2 Blue Pill STM32F103 board converted to a Black Magic Probe.

Overall the Sino:bit seems very cool, despite the problems with OpenOCD and GDB. It would be awesome if some sort of single-step debugging was possible - bit that certainly is not a showstopper. Most people, certainly not beginners - would never even attempt this type of debugging. Other changes I would make would be having a less intensely bright power LED, and making the 12 x 12 grid of LED's multi-color.

Resources, Inspiration, Credits, and Other Links:

Tuesday, October 24, 2017

ATECC508A Embedded Crypto - AWS costs

TL;DR;  Dont leave running!

In my previous post, I wrote about my first impressions setting up AWS.

This is just a quick blog post to show my crazy AWS charges after just a few days. Actually, not so much the cost, but the number of messages:

Note that my AWS IoT monitor has recorded less than 20 connections.

Also on that page, just a bit further down - shows I've only published a few hundred messages:

And only 2 rules executed:

Yet somehow, I've been charged for hundreds of thousands of "messages". The curious thing, is they are listed under the "Shadow Message".

So ok - 2 bucks is not a big deal... but scale that for more devices and more than a few days - and the costs get out of hand really rather quickly.

I've posted a message on the AWS forum requesting help in understanding these charges. I'm wondering if simply launching the shadow monitoring page... if there's perhaps there are repeated messages from the browser to my device such as this shadow monitor:
I've contacted AWS billing, but they have "limited access" to give me any more details as to exactly how those hundreds of thousands of messages occurred.

Fortunately, the folks at Microchip are super responsive. I had an answer within hours! (Thanks, Ben!) The forum answer copied here:

The demo GUI (, polls the GetThingShadow ( API function to show the current shadow state. However, if left running, its polling period of 500ms could incur a lot of messages.

This polling method was not intended to be an example of how an IoT system would interact with the devices, but just a quick and easy way to display the state. Typically, one would use the IoT rules engine to trigger other actions within AWS:
We're looking into changing how this script works so leaving it running doesn't create so many messages.

So the super important take-away here is to NOT leave the running (at least not until updated)! At 500ms intervals (2 per second), that would be 31*24*60*60*2 = 5,356,800 messages per month! Even at $5 per million messages, that's $30 a month just to leave the diagnostic app running.

Stay tuned... I'm now digging into the RTOS code which is really quite interesting :)

Saturday, October 14, 2017

ATECC508A Embedded Crypto - Next Impressions setting up AWS

The state of Internet of Things (IoT) Security is a disaster. Hardly a day goes by without news that some new product is discovered to also have some ridiculously glaring security problem. There's a potential solution: a "security in a chip" device for less that a buck, that could seriously change the landscape of IoT security.

In my previous post, I took the MicroChip AT88CK590 for a brief initial test drive. Although cool in concept, I was initially frustrated and underwhelmed. I didn't even get around to posting my experience for a couple of months. (in part, as I never actually got it doing what I wanted) Note that was with completely different eval hardware.

This time around I am looking at the much more elaborate Zero Touch Secure Provisioning Kit for AWS IoT. Be sure to pay attention to the "-B" suffix. A similar part number at mouser is marked as "End of Life: Scheduled for obsolescence and will be discontinued by the manufacturer." You can try this link to see if they eventually carry the update.

 AT88CKECC-AWS-XSTK-B, image from MicroChip

However, when I did finally post that blog page and tweeted it - I got the attention of the folks at MicroChip. In particular their response regarding the a new and interesting crypto chip AWS walk-through that I had not seen:

I starts out really quite interesting! The steps are very clearly documented regarding all the (less-than-intuitive) AWS setup details. At the end of the story though, right before the culmination of anticipated technical details, it abruptly ends. I was really hoping for a code walk-through as well. Alas there was just a single "Explore" bullet item:
  • "Firmware that comes in the ZIP to see how the ARM SAM G55 communicates with the secure element (ATECC508A) and the Wi-Fi module WINC1500"
So, ok. I'm good with doing my own code analysis. Sometimes the comments are better than an external document walk-through anyhow.

There are a ton of links throughout the rather long instruction set. By the time you get to the end when reading, perhaps the Zero Touch Secure Provisioning Kit Software Files was missed way up at step 2. I had see that, even clicked on it. But it initially looks like an ad, complete with the "Buy It Now" button in the upper right corner. But the software is there! Scroll to the bottom and click the "Getting Started" tab:

Then click on the "Get the necessary code HERE" link:

I would have included the link, but it goes to a wonky "Software Copyright" page where you need to provide a name, email, company info. You can however, then immediately download the software. (unlike some sites where you need to wait for confirmation email, bla, bla).

I had a very difficult time with this: several times when I downloaded the file, it was less than 50KB and windows reported that it was correupt when trying to open it. Fortunately my twitter thread ended up with an offer to talk with someone at MicroChip! Later that day I had a great phone conversation with a rep from MicroChip that completely re-invigorated my interest in their crypto chip! He also helped with the download. What worked for me is copying the (apparently time-sensitive) link to clipboard... closing google chrome... and then pasting into a new chrome instance. I think there may have simply been a problem with the timing/loading of the javascript for the page. In any case the file starts downloading immediately. It is about 13MB in size.

The two main components of the zip are the (1) python scripts for setting up AWS and (2) a SAMG55 Atmel Studio Project called AWS_IoT_Zero_Touch_SAMG55.atsln

It is unfortunate that the code is "protected" behind a copyright notice. It really belongs as open source on github. Hopefully MicroChip will change that soon.

I suspect the folks at AWS are really quite happy to see they are the only IoT service listed! lol

The microchipdeveloper site is of course still a work in progress. I hope to see a lot more providers in the future. I've always been wanting to use AWS for my MQTT data anyhow: In part, well, it is MY data. I had tried the very easy to use - but some time back it was offline for a long stretch. (granted it was still beta) But also - it has limitations on number of devices (5) or pay $120/year for up to 60 devices (not yet available), and show stopper: the data was out of my control. The cool thing about was that I could use insecure MQTT of plain HTTP with my ESP8266 (well, duh, back to the proliferation of insecure IoT, eh?) AWS is definitely more challenging in not even allowing anything but a secure connection.

One thing to point out about installing AWS CLI for Windows is that at the end of install, nothing happens. No new icons, no message of completion. Nothing. For me, the "AWS Tools for Windows" listed under Amazon Web Services in Windows 10 start menu - was something I installed last year.

To confirm AWS CLI installed correctly, simply pop into a DOS window and type "AWS":

Microsoft Windows [Version 10.0.15063]
(c) 2017 Microsoft Corporation. All rights reserved.

usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:

  aws help
  aws <command></command> help
  aws <command></command> <subcommand> help
aws: error: too few arguments


The Python install is a little tricky for me. I already had V2.7 installed (for something that explicitly wanted that version)... and to add V3.6.3 to my path... well, I'm sure I'll bump into that at some unexpected point in the future. This is a good reason to perhaps have a VM for each development environment.

The comment "May take a while to install." should not be underestimated for the pip install step! They should change the text to: "Takes a ridiculously long time, and may seem to stop at times!" lol!

Another place to note a possible problem is on creating roles in Section III. I think the AWS console changed a little since the MicroChip instructions were created. Here's my AWS Console:

Note the "AWS Service" is selected (no radio button) and the service is called simply "Lambda" (not AWS Lambda). Next Step is actually labeled "Next: Permissions"

The final resultant JITR policy also looks a bit different from the walk-through.

My function "Author from Scratch" was also a bit different than instructions:


What I saw:

And here's what my actual code looks like in the function:

The instructions refer to "Rules"... it is now called "Act". Note there's an identical icon, just a different name (instructions on left; my AWS console on right):

The instructions also show running a python script as easily as if it were a batch file. I needed to use the word "python" before the script name:

I received an annoying error:

I wasted a ton of time before I realized somehow Windows 10 "set time automatically" was turned off! Argh! So a click of an option setting and VOILA! Success.

<happy dance>!!</happy dance>

Next, I will finally take a look at the code!

Check out my next post on my first bizarre AWS costs.

LoRa Range Issues

(this is a work in progress, published after I lost prior draft :| most recent update: 4:02PST 2/18/2018) This is a continuation of my pre...