OPTIGA™ Trust Forum Discussions

Hello, when I was reading the public key certificate of 0XE0E0, I found that the reading result had an extra header start with 0xc0. In the ref manual, it can be seen that the header is "TLS identity", but the specific length is not cleared. From the Linux example code, it can be seen that the length is fixed at 9 bytes. My question is as follows:
1. In what scenario is this information typically used
2. Is its length fixed at 9 bytes?

Hello,

I see that optiga has only1 AES key slot (0xE200) but for our use case we need to store at least 5 AES keys in secure storage.

Is there a solution to this? Or any alternative SE?

Thanks

Reference:

https://github.com/Infineon/optiga-trust-m/wiki/Data-and-Key-Store-Overview

Hello,

could you tell me where can download the SCL36 datasheet? 

I want to know work voltage and other feature. 

thanks

Hello Infineon Team

I have connected the Shield2GO OPTIGA TRUST M Security board according to picture https://github.com/Infineon/linux-optiga-trust-m/blob/development_v3/pictures/coonection_diagram1.png (lines VCC, GND, SDA including pull up, SCL including pull up, all other pins are not connected) to a NXP IMX8.
I would have expected now that the chip is recognized on the I2C at the address 0x30 (According to Infineon-OPTIGA_Trust_M-DataSheet-v03_40-EN.pdf page 26). Unfortunately, the chip is not detected.

i2cdetect -y 1
     0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
00:          -- -- -- -- -- -- -- -- -- -- -- -- -- 
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
70: -- -- -- -- -- -- -- --

With the Logic analyzer I can record the data on the Shield2Go board. But there I see no reaction of the chip. Is this a correct behavior or have I understood something wrong?

Kind regards
Michael

Is it possible to write a custom private key into one of the private ECC key data objects (OIDs 0xE0F1 - 0xE0F3) on the OPTIGA Trust M V3? If yes, then how and under what conditions? According to the Solution Reference Manual the SetDataObject command is not allowed for the data part of private ECC key data objects.

The use case for storing custom private keys is FIDO batch attestation where a whole batch of devices is loaded with the same private key. For more information see https://www.w3.org/TR/webauthn-2/#sctn-attestation-privacy.

We are considering OPTIGA TRUST M SLS32AIA for a new project. The customer requires an active CC EAL4+ certification.

The product page https://www.infineon.com/cms/de/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-trust/optiga-trust-m-sls32aia/ says "High-end security controller with CC EAL6+ (high) certification".

However, I don't find an entry for this product in the common criteria database on https://www.commoncriteriaportal.org/products/ or https://seccerts.org/cc/

Where and how do I get the documents that prove the EAL6+ certification with expiry date?

Hi

We'd like to run the SLS 32AIA010MH chip over '1-wire' (using 1-Wire/I2C drivers eg. DS28E18), so there is limited current available.

(1) Does the SLS 32AIA010MH implement
'RSASSA-PSS signature operation defined by RFC 8017 performed with the RSA-2048 bit IDR private key and the SHA-256 hash algorithm' ?

(2) How does this series of chips differ from TPM - do we still effectively have a kind of 'root of trust' feature?

(We were looking at the SLB9673, but the 35mA is too much for 1-wire).

(3) Supply current is shown as 14mA (typ) 'running a typical authentication profile'
(i) What is 'worst-case' supply current - is it possible to estimate?
(ii) How is the 14mA defined, is this an average over the time taken to complete authentication? or Peak instanaeous?
(iii) Are there available typical authentication timings?
(iv) Re: "Supply current can be limited from 6mA to 15mA by software commands" - Is there more information on reduced current modes? Presumuably authentication is slower at 6mA?
(v) Can we start/stop authentication i.e. do the process in "bursts"?

Regards
Stephen