- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My goal is to use Raspberry Pi 3 Model B+ (RPi) to write hexadecimal keys/numbers into OPTIGA™ Trust X on the Security Shield2Go board, through a Python program. The communication between RPi and Trust X is through the I2C interface.
May I know are there existing libraries to use? If yes, may I know the procedure to use the library and the procedure to complete the whole I2C setup?
Thanks!
Solved! Go to Solution.
- Labels:
-
OPTIGA™ Trust X
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mrashford,
Please refer to python-optiga-trust GitHub repo which contains the python libraries for OPTIGA Trust devices. You can find the setup and working details in the documentation link.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mrashford,
Please refer to python-optiga-trust GitHub repo which contains the python libraries for OPTIGA Trust devices. You can find the setup and working details in the documentation link.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please provide more details about your setup and what all steps you have performed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My setup involves connecting RPi with Trust X using this connection example:
Actual setup:
(Blue Ethernet cable is connected to my laptop)
After cloning python-optiga-trust GitHub repo, I installed optigatrust package and ran the script in the Examples section:
and received this output:
I2C settings on RPi are enabled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To detect the device address of Trust X, please use Infineon specific tools for i2c (link). Generic i2c commands are not supported without this library.
Please confirm if your system is added as a user to the gpio group by using the command 'sudo adduser pi gpio' . If you're not added as a user, you will not have right to access the gpio.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I suppose I have to clone the library and follow Getting Started?
Will I be able to use these tools if I'm coding in Python?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@mrashford wrote:
I suppose I have to clone the library and follow Getting Started
Yes, clone and compile the library. This is required to communicate with optiga trust devices via i2cdetect, i2cget, etc.
@mrashford wrote:Will I be able to use these tools if I'm coding in Python?
This is an independent tool, and it should not disturb the optiga-python library implementation.
NOTE: As mentioned in documentation, add your user to the gpio group (RPi3: via sudo adduser pi gpio). If you're not added as a user, you will not have right to access the gpio.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Suppose I have compiled the library correctly, does this count as communication with Trust X?
If yes, what does "No register input!!" mean?
And how do I use i2cdetect and i2cget commands?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@mrashford wrote:
Suppose I have compiled the library correctly, does this count as communication with Trust X?
If yes, what does "No register input!!" mean?
Can you please tell me when does this message appear after compilation or after i2cdetect? Looks like the code has complied successfully and some issue has occurred after that.
@mrashford wrote:And how do I use i2cdetect and i2cget commands?
Please use the trustx_scan command mentioned in usage. trustx_scan is the alternative for i2cdetect, and it is recommended to use the commands specified in usage.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The message appears together with the detected address and i2c bus number after I run trustx_reg on Geany
Can you show me how to use the commands? I tried using the commands on Linux terminal in the following ways but I get "command not found":
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The trustx_reg command is used to read/write data into registers, so it should be used with one of the available options (-a, -b, -w etc). Refer to below image.
NOTE: Execute all commands from bin directory as seen in image
If the trustx_scan command does not detect the i2c address, execute the trustx_w_addr command to set i2c address and then execute trustx_scan command. Refer to below image.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your directory is shown as i2c-utils-optiga-trust-master because you renamed the directory from i2c-utils-optiga-trust?
The following are my outputs after executing the commands:
Why are the commands not working?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you confirm if the led on Trust X S2GO is activated (should be red), that is the S2GO is powered ON? Can you use shorter cables or make sure that they have a good hardware connection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh yes, now the commands are working.
How do I write data into Trust X?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please refer to the documentation link for details about various objects, metadata and implementation of various functionalities like key pair generation, signature algorithms etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I need to write keys into Arbitrary Data Object memory slots. Do you know which internal register address they reside at? Or how do I write directly to the memory slot number?
Also, are you familiar with SetDataObject command?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As mentioned in Table - 36 (page 94) of solution reference manual, the object IDs (OID) of Arbitrary Data Objects are 0xF1D0 to 0xF1DF and 0xF1E0 to 0xF1E1.
Do you want to generate keys using OPTIGA and then store it in arbitrary data objects or do you want to store external keys in arbitrary data objects?
If you want to store external keys, then refer to the example in the following link.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to store external keys.
Can the secret be as long as what I require?
If I'm writing to F1D0 slot, is app_data.meta and mac variable necessary?
In app_data.meta, is 'type' the secret type and 'execute' the access condition?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can the secret be as long as what I require?
The length of secret should be restricted based on the size of data object. As shown in the following link (also present in Solution reference manual table 29), the size of type 1 arbitrary data objects (0xF1D0 to 0xF1DF) is 100 B and size of type 2 arbitrary data objects (0xF1E0 to 0xF1E1) is 1500 B. You can store the keys in appropriate data objects based on their size.
If I'm writing to F1D0 slot, is app_data.meta and mac variable necessary?
The app_data.meta is used to modify the metadata of the object. Refer to the following link for details regarding metadata.
The mac variable is just to show an example of HMAC generation, it is not required if you do not have HMAC use case.
In app_data.meta, is 'type' the secret type and 'execute' the access condition?
Yes, 'execute' is the access condition and 'type' is used to define the type of data you are storing in arbitrary data objects. As you are storing the secret key in arbitrary data object, you have to set the type to accordingly. Refer the following link for various type definitions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please let us know if your query was resolved.
We will wait for 3 days and then lock this thread. In case your problem is not resolved, please create a new thread and we will be happy to help.