A Hands-On Look at the Cypress PSoC64 Standard Secure kitFollow article
A hardware introduction before setting up the development environment, and an example that provides seamless Amazon Web Services integration.
The Cypress PSoC 64 Standard Secure - AWS MCU is based on the Cypress PSoC 6 line of high-performance, low power microcontrollers featuring out-of-box security functionality aimed at IoT applications. Benefiting from a dual-CPU architecture with heaps of application flash and SRAM, up to 100 GPIOs, Cypress CapSense technology built-in, and plenty of other peripherals.
The Cypress PSoC 64 Standard Secure - AWS Wi-Fi BT Pioneer kitincludes all the necessary components to get started developing applications for the microcontroller.
The package contents includes the evaluation board itself, a quick start guide, an AWS credits promotional code, six jumper wires and a USB micro-B cable.
There is a reasonable number of microcontroller IO broken out to headers, including an Arduino Uno R3 compatible header which helps enable rapid prototyping thanks to the vast array of Arduino “shields”. Other onboard peripherals include two user LEDs and an RGB LED, two user buttons, a potentiometer and finally, a microSD card holder, amongst others.
A CapSense slider and two buttons are also included which makes getting started with CapSense technology easy. As this is a design provided by Cypress, it should make troubleshooting CapSense easy.
Operational voltage of the microcontroller is configurable, with jumpers to select between 1.8V, 2.5V and 3.3V.
Also included is a KitProg3 onboard programmer which offers USB-UART and USB-I2C bridge functionality — providing an army of useful debugging tools.
The block diagram of the evaluation kit shows all the various features and peripherals and how they’re connected, and how the on-board power supplies are routed.
Stickers across the board also provide pinouts detailing how parts are connected together, and on the back of the board there is a large pinout table that shows off peripheral pin assignments.
Further details on the board can be found in the kit guide.
A Feature Rich Microcontroller
A block diagram of the Cypress PSoC 64 Standard Secure - AWS can be seen above and the key features are listed below:
- Dual CPU architecture - 150MHz Arm Cortex-M4 (non-secure processing environment) and a 100MHz Arm Cortex-M0+ (configured with a root-of-trust and secure processing environment)
- 2MB Flash, 1MB SRAM
- SDHC controller supporting SD/SDIO/eMMC interfaces
- Programmable analogue and digital blocks
- Full-speed USB
- Serial memory interface supporting on-the-fly encryption/decryption
- Industry leading capacitive-sensing technology with Cypress CapSense
- Digital audio interface with two PDM channels and two I2S channels
- Segment LCD drive with support for up to 101 segments
Another notable set of features about the microcontroller is the security functionality available out-of-box, including an isolated root-of-trust, a PSA level 2 compliant secure execution environment and a pre-built trusted firmware secure processing environment, amongst other things. As this microcontroller is aimed at use with Amazon Web Services, the security features are configured with this in mind.
Comprehensive Software Support From ModusToolbox
Cypress, in partnership with Amazon Web Services, have produced a Getting Started guide for use with the kit. As the microcontroller has to be “claimed” there is no pre-built out-of-box example for the device, instead, you have to build this once claimed.
The first step in the guide is to set up an AWS account with the requisite IAM user and permissions to be able to access AWS IoT and FreeRTOS cloud services.
To create an IAM user, AWS has a guide located here that details how to create IAM users and groups. It is worth reading, as the guide contains a lot of important points to note, and details about best practices — such as why to use IAM rather than the AWS account root user. In this example, we will use the “Administrator” IAM user that the tutorial creates, for simplicity.
Now that we have created the Administrator user, we can attach the correct policies specified in the “Getting Started with FreeRTOS” guide (linked from the main Getting Started guide) — these are “AmazonFreeRTOSFullAccess” and “AWSIoTFullAccess”. To do this, navigate to the IAM Manager → Users, then the correct user, then click “Add permission”.
We can now search for the permissions and assign them to the user. As we now have a user with the correct permissions setup, we can move onto registering the board with AWS IoT.
Registering The Board
To speed up the process, we can use the “Quick Connect” workflow that is located in the “FreeRTOS console”.
The first step is to open the FreeRTOS console, and you will be presented with a list of predefined configurations. Conveniently, the configuration for our Cypress board is listed at the top, so we click on “Quick connect” and follow the guide.
As we want to use the Eclipse-based IDE with the Cypress ModusToolbox environment, we pick the “Eclipse IDE for ModusToolbox” option under “Development Tools”.
The rest of the configuration can be left as default, then the “Download and Create” option is picked. This will start a download of a ZIP archive, and also move onto a page where the device certificates are created. We accepted the defaults here again, and clicked “Download” to download another ZIP archive containing the certificates of the device.
Now we can return to the original guide, and carry on from “Setting up the development environment”.
Installing ModusToolbox requires account creation on the Cypress website, so this is the first step. Following which the installation is the same as for any other Windows software . There is also a patch available on the Cypress website, which was installed.
Provisioning The Board
Now that we have the tools installed, we need to refer to the provisioning guide PDF document, that details our next steps. Provisioning is an important step that involves injecting secure assets - such as the keys and security policies we generated in AWS - into our microcontroller.
This requires the installation of Python 3.7 or later — in our case we already had this done and the guide details how to do this on Windows, Mac OS X and Linux.
As we are doing this on a Windows system, the “libusb” library also has to be installed (Linux users should already have libusb available). This involves downloading the compiled libusb v1.0.21 DLL and putting it next to the Python executable. Another thing to note, depending on the age of the board, is that it may require the older version of the “cysecuretools” — this will be noted in the output from the command.
In our case, the older version of the “cysecuretools” were required, which then wanted OpenSSL installed as “pip” could not find the OpenSSL library on our system — meaning that compilation of the cryptography library could not happen. Once OpenSSL was installed, the cryptography library would compile. How to install OpenSSL is covered under the cryptography library documentation.
Building the Examples
Now that we have all the prerequisites out of the way, we can compile and install one of the demonstration applications on the board.
One point worthy of note is that the project generated by the AWS “Quick Connect” workflow does not currently build a complete project that includes all the necessary FreeRTOS components — meaning that these have to be downloaded separately.
The secure boot certificates generated in the Provisioning The Board step will also need to be copied across to the newly cloned FreeRTOS Git repository into the same location within the folder structure — this should be “vendors/cypress/MTB/psoc6/psoc64tfm/security/keys”. If this step is not done, the project will fail to build due to the lack of code signing keys.
To start, open a serial terminal and connect it to the KitProg3 serial port (in our case COM13). The settings for the serial port are 115200, 8n1.
We need to open the Eclipse IDE for ModusToolbox and then create or choose a workspace. In our case, we created a new workspace as we do not have an existing one.
Now we are presented with the default Eclipse window, with no open project. To get started with the project, we headed to File → Import, then expand the General category and pick “Existing Project into Workspace”.
Selecting the folder where we have just cloned the AWS FreeRTOS repository a number of potential projects are then listed — uncheck all but the project that contains the name of the evaluation board.
As the project was imported without any issues, we can now proceed to adding the WiFi credentials and building the application. One important point to note is that ModusToolbox does not like spaces in the project file path, so you might need to move the project to another location.
With the project imported into the Eclipse workspace the next step is to configure credentials used to connect to AWS. The steps to successfully do this are located in this part of the First Steps guide, but boil down to modifying the “demos/include/aws_clientcredential.h” and “demos/include/aws_clientcredential_keys.h” files.
To build the application, head to the lower left-hand corner (assuming the default Eclipse layout) to the “Quick Panel”, then click “Build aws_demos Application”. The first build does take a little bit, so you might have enough time to grab a cup of coffee whilst waiting.
Once the application has built, click the “aws_demos Pogram (KitProg3)” button in the quick panel. This should start to launch the executable on the microcontroller and you should see debug output appearing in the serial console.
To view the output of the demo the AWS IoT Dashboard provides a web-based MQTT client. This is available once logged into the dashboard by navigating to the “Test” option in the left-hand menu. For the subscription topic, this should be set to “thing-name/example/topic” — in our case this is “Cypress-CY8CKIT064S0S24343W-Example/example/topic” and then press “Subscribe to topic”.
As can be seen above, the demo application is successfully running and printing “Hello world” via MQTT.
Other demonstration applications are also included in the code bundle, but this is left as an exercise for the reader to have a play with.
To Wrap Up
In this article, we have taken a look at the Cypress PSoC64 Standard Secure kit and the plethora of features the PSoC 6 microcontroller includes, looked at the AWS IoT ecosystem and how easy it is to use, and then generated certificates, provisioned the evaluation board and compiled a demonstration application that shows the use of AWS FreeRTOS and MQTT.