OPTIGA Trust M performance degradation

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
MaxMartin
Level 3
Level 3
First like received First like given 25 sign-ins

Hello everyone,

I have a question about how to correctly use the OPTIGA Trust M.
I have developped my own PAL and I have been working with the OPTIGA Trust M for 3 months now.
So far, everything is great, I am able to perfom unitary tests provided in the GitHub repository without any issue.
The reset pin of the Trust M is driven by my host processor, and the VDD pin is directly connected to power, so I only do hard resets when I unplug my board.

However, I recently encountered an issue while using the Trust M. Indeed, in order to test the load of work it can handle, I have created a test where the Trust M has to perform 100 AES-128 bit operations, meaning 100 key generations, encryptions and decryptions.
The first 20 - 30 operations are fast and work as expected, but then the responsiveness of the Trust M drops completely and it takes several seconds to perform any operations.
I tried stopping generating keys, opening and closing one or several applications, triggering the reset pin between each operation, but I still get that behavior from the Trust M.

What is even more interesting is that, in order to reset everything, I sometimes unplug my board from the power, but the behavior of the Trust M sometimes remains really slow, sometimes goes back to normal.

I have checked documentations but I haven't seen anything related to performance other then unitary benchmarks.

Is that behavior normal or is there something I am doing wrong ?

Regards,

Maxime

0 Likes
1 Solution
ShivaSai_S
Moderator
Moderator
Moderator
25 replies posted 25 likes received First like given

Hi @MaxMartin ,

There is nothing I can do with my current OPTIGA Trust M chip to disable the Security Monitor, right?

-> Yes , unfortunately there is no way to disable security monitor in your case.

Is there anything I can do to reduce this delay, such as sending specific I2C transactions for a given time that would not trigger the Security Monitor and thus reduce the delay ?

->If you can reduce the number of secure operations such that the Security Event Counter(SEC) value is below 128, there will be no induced delay. In case there are more secure operations such that SEC > 127, there will be delay.

On the host side if you manage to delay I2c transactions using timers, such that the SEC<128 there will be no delay. 

Thanks,

Shiva Sai

View solution in original post

0 Likes
6 Replies
Sharath_V
Moderator
Moderator
Moderator
First comment on blog 250 sign-ins 100 replies posted

This is an expected behavior and is also documented in the reference manual under "Security Monitor".

Please go through this blog to understand more in detail and get back to us if you need any further clarification.

0 Likes

Hello @Sharath_V,

Thank you for your answer. It indeed seems to be my problem, as the security monitor deliberetaly slows down communication speed.

The documentation you provided says it is possible to disable the behavior by setting tmax to 0.

I understood that the Security Monitor Configuration is located at the OID 0xE0C9 and that the first byte (offset 0x0) had to be modified to change the value of tmax. However I didn't understand the condition "LcsO < 7" to modify that value. I have tried to directly access it with a optiga_util_write_data but it doesn't seem to work.

Do you have a hint or example of how it should be done ?

Thank you,

Regards

0 Likes
ShivaSai_S
Moderator
Moderator
Moderator
25 replies posted 25 likes received First like given

Hi,

 

The condition Lcso <7 implies you can't change the data in the OID unless Lcso for the object is less than 7. The Lcso value can be observed when you read metadata of the object. In case of Security monitor Config object 0xE0C9, the data in this OID can be changed only when Lcso <7 ie., not in operational state. The chips available in the market have the Security Monitor Configuration object set to operational (LcsO = 7), otherwise it would be a security risk.

 

The security monitor configuration  can be changed for a standard Trust M v3 request with a MoQ, an OPTIGA Trust Configurator can help to prepare a configuration. In your case, currently you cannot change the t_max as you have a default market chip and Security Monitor Config object 0xE0C9 is already in operational state (LcsO = 7). So, you can initially raise a custom order with a MoQ with Lcso of Security Monitor Configuration object OID 0xE0C9 less than 7  and change the t_max of Security Monitor Configuration object OID 0xE0C9 and further after testing change the Lcso to operational state (Lcso=7).

Thanks,

Shiva Sai

0 Likes

Hello @ShivaSai_S,

Thank you for your answer. So, if I understand correctly, there is nothing I can do with my current OPTIGA Trust M chip to disable the Security Monitor, right?

This is not directly a problem for me, but I would like to know if there is anything I can do when I see the delay starting to increase in I2C transactions. I currently have a test that is redundant, but if I try to create a test that is more diverse, I still have the consequences of the high delay of the previous test. Is there anything I can do to reduce this delay, such as sending specific I2C transactions for a given time that would not trigger the Security Monitor and thus reduce the delay ?

Regards,

Maxime

0 Likes
ShivaSai_S
Moderator
Moderator
Moderator
25 replies posted 25 likes received First like given

Hi @MaxMartin ,

There is nothing I can do with my current OPTIGA Trust M chip to disable the Security Monitor, right?

-> Yes , unfortunately there is no way to disable security monitor in your case.

Is there anything I can do to reduce this delay, such as sending specific I2C transactions for a given time that would not trigger the Security Monitor and thus reduce the delay ?

->If you can reduce the number of secure operations such that the Security Event Counter(SEC) value is below 128, there will be no induced delay. In case there are more secure operations such that SEC > 127, there will be delay.

On the host side if you manage to delay I2c transactions using timers, such that the SEC<128 there will be no delay. 

Thanks,

Shiva Sai

0 Likes
ShivaSai_S
Moderator
Moderator
Moderator
25 replies posted 25 likes received First like given

Hi @MaxMartin ,

Please let us know if your query was resolved.

0 Likes