OPTIGA™ Trust Forum Discussions
Hello,
I see that optiga has only1 AES key slot (0xE200) but for our use case we need to store at least 5 AES keys in secure storage.
Is there a solution to this? Or any alternative SE?
Thanks
Reference:
https://github.com/Infineon/optiga-trust-m/wiki/Data-and-Key-Store-Overview
Show Less需要推荐一款包含通讯,通过国际标准CCC、ICCE之类的汽车相关认证的用于数字钥匙的加密芯片。(还听到的关键词有:节点SE芯片,master那块)。而官网上security&smart card solutions下的系列很多,不知如何选型,希望能提供一些支持,不胜感激。
Hello Infineon Team
I have connected the Shield2GO OPTIGA TRUST M Security board according to picture https://github.com/Infineon/linux-optiga-trust-m/blob/development_v3/pictures/coonection_diagram1.png (lines VCC, GND, SDA including pull up, SCL including pull up, all other pins are not connected) to a NXP IMX8.
I would have expected now that the chip is recognized on the I2C at the address 0x30 (According to Infineon-OPTIGA_Trust_M-DataSheet-v03_40-EN.pdf page 26). Unfortunately, the chip is not detected.
i2cdetect -y 1
0 1 2 3 4 5 6 7 8 9 a b c d e f
00: -- -- -- -- -- -- -- -- -- -- -- -- --
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
70: -- -- -- -- -- -- -- --
With the Logic analyzer I can record the data on the Shield2Go board. But there I see no reaction of the chip. Is this a correct behavior or have I understood something wrong?
Kind regards
Michael
I hope this post finds you all well. Today, I would like to address a specific topic that has been causing some challenges for users of Red Hat systems who are working with Infineon devices. We have identified certain issues with kernel modules and drivers for Infineon devices, and I would like to open up a discussion to gather insights, experiences, and possible solutions from the community.
Here are some of the key points related to this topic:
-
Identification of the Issue: Users have reported difficulties in properly configuring and utilizing Infineon devices on Red Hat systems due to problems with kernel modules and drivers. These issues have resulted in limited functionality, poor performance, or even complete failure to recognize the devices.
-
Affected Infineon Devices: While the issue is not limited to a specific device, it has been observed across various Infineon hardware components such as security controllers, TPMs (Trusted Platform Modules), smart card readers, and other related devices.
-
Red Hat System Versions: The issues have been reported on different versions of Red Hat systems, including both the Enterprise Linux (RHEL) distribution and the community-driven Fedora project. It is important to note that these problems may not be exclusive to Red Hat, but it is the focus of this discussion.
-
Possible Causes: The problems may stem from compatibility issues between Infineon device firmware, kernel versions, and associated drivers. It is also plausible that some configuration settings or dependencies need to be properly addressed to ensure seamless integration.
Given the importance of Infineon devices in various fields such as security, encryption, and authentication, it is crucial to establish a robust and reliable solution for Red Hat users. Therefore, I invite all community members who have encountered or have insights on these issues to participate in this discussion.
Show LessIs it possible to write a custom private key into one of the private ECC key data objects (OIDs 0xE0F1 - 0xE0F3) on the OPTIGA Trust M V3? If yes, then how and under what conditions? According to the Solution Reference Manual the SetDataObject command is not allowed for the data part of private ECC key data objects.
The use case for storing custom private keys is FIDO batch attestation where a whole batch of devices is loaded with the same private key. For more information see https://www.w3.org/TR/webauthn-2/#sctn-attestation-privacy.
Show LessWe are considering OPTIGA TRUST M SLS32AIA for a new project. The customer requires an active CC EAL4+ certification.
The product page https://www.infineon.com/cms/de/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-trust/optiga-trust-m-sls32aia/ says "High-end security controller with CC EAL6+ (high) certification".
However, I don't find an entry for this product in the common criteria database on https://www.commoncriteriaportal.org/products/ or https://seccerts.org/cc/
Where and how do I get the documents that prove the EAL6+ certification with expiry date?
Show Less
Hi
We'd like to run the SLS 32AIA010MH chip over '1-wire' (using 1-Wire/I2C drivers eg. DS28E18), so there is limited current available.
(1) Does the SLS 32AIA010MH implement
'RSASSA-PSS signature operation defined by RFC 8017 performed with the RSA-2048 bit IDR private key and the SHA-256 hash algorithm' ?
(2) How does this series of chips differ from TPM - do we still effectively have a kind of 'root of trust' feature?
(We were looking at the SLB9673, but the 35mA is too much for 1-wire).
(3) Supply current is shown as 14mA (typ) 'running a typical authentication profile'
(i) What is 'worst-case' supply current - is it possible to estimate?
(ii) How is the 14mA defined, is this an average over the time taken to complete authentication? or Peak instanaeous?
(iii) Are there available typical authentication timings?
(iv) Re: "Supply current can be limited from 6mA to 15mA by software commands" - Is there more information on reduced current modes? Presumuably authentication is slower at 6mA?
(v) Can we start/stop authentication i.e. do the process in "bursts"?
Regards
Stephen
Hello, Is there an IFX part equivalent to STSAFA110S8SPL02?
Dears.
在评估OPTIGA ™Trust M and Trust B,准备对耗材进行加密,有些担心:如果密钥泄露了,如何在硬件不动的情况下 ,靠软件升级来补救?软件升级后,仿品耗材是使用不了的。谢谢。