Security & Smart Card Forum Discussions

Hello,

I bought a evaluation board iridium 9645 ( IRIDIUM9645TPMI2CTOBO1), with a SLB9645 TPM 1.2, but I can't find any datasheet to plug this board on a raspberry pi 3B (40 pins header).

Could you provide the datasheet? If there is no datasheet, could you tell me what is the interest of the two jumpers, the 28 pins header, the 6 pins headers? The 26 pins header is for raspberry?

Where should I plug it on the header of my raspberry pi 3B, and in what way should I plug it?

Regards,

Nuliel

Show Less

Hello

Having trouble accessing documents and utilities. Get error like unable to authenticate. Tried firefox, chrome and edge same error.

"

Show Less

Hi

I have tested several javacards (Feitian D11CR, Infineon JTOP, G&D Smart Cafe) over T=0 and here is what I have observed.

If applet returns some data in case 4 APDU, the JCRE signals with SW 0x61XX that there is data available which terminal should retrieve using GET RESPONSE APDU.

However, if applet returns some data in case 2 APDU and Le does not match number of bytes to be returned, JCRE signals with error SW 0x6CXX, instructing that the same C-APDU has to be resent with correct Le.

For legacy reasons there are terminals who know how to handle 0x61XX, but fail to handle 0x6CXX response. Is there a way how to force JCRE to handle case 2 APDUs using 0x61XX (GET RESPONSE) omegle voojio method?

Show Less

Hello Everyone,

Can anyone give the support for how to use TPM for storing the secure boot keys in imx6/imx8 series platforms. All the suggestions are highly appreciated. Show Less

i am using optiga trsut B sle95250 fro electronic authentication. i have to write into the non volatile memory of the device
according to the data sheet after successful writing of data . the NVM_ACT bit should be reset. but it doest get reset in my case. that means the NVM is still is progress.
can someone assist me in writing the data to NVM. Show Less

I am using a SLB9670 TPM (Vendor String: 7.40.2098) module to create a duplicate of a key generated in that same TPM, for the sake of clarity:

- TPM_A: The TPM where I created a key.
- TPM_A_KEY: The key generated in TPM_A that I want to create a duplicate of.
- TPM_B: The TPM where I want to import the duplicate.
- TPM_B_KEY: The ECC P-256 key generated in TPM_B which I want to use to wrap the duplicate create in TPM_A of TPM_A_KEY.

As part of this process, I need to import the public part of TPM_B_KEY in TPM_A, for which I use the LoadExternal TPM command, which allows me to load the external public part (TPM2B_PUBLIC), the private part is set to the empty buffer, TPM_B_KEY has the attributes DECRYPT and RESTRICTED.

In the SLB9670 Module I am unable to do this, I receive a 0x101 error (TPM_RC_FAILURE) and the TPM enters into Failure Mode, unable to process any other commands. In the SLM9670 it works OK, same for Microsoft TPM Simulator, I do not receive any other errors. The TPM2B_PUBLIC structure has no errros, it contains the symmetric algo for wrapping, the public components X and Y...

I am using a HMAC session for the command, but without a session it is also possible to reproduce.

I have also noticed that I am able to import keys with SIGN as the only attribute, but if I try to load it with a session it enters into Failure Mode.

I am able to create the duplicate successfully, import it... with the Microsoft TPM Simulator and also with the SLM9670 (Vendor String: 13.11.4555) module, without any changes in the code.

This all seems quite strange, so I am thinking that perhaps this is an errata or undefined behaviour in the SLB9670 chip, and I was wondering if someone at Infineon would be able to look at this. I can provide TCTI communication traces if required, but I think it should be easy to reproduce, just call LoadExternal with a decrypt/restrict ECC NIST P256 key.

Many thanks for your help. Show Less

Hi,
I am playing this example from NordicSemi here:
https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v15.3.0%2Fifx_optiga_custom_example.html&cp=5_1_4_3_1_2

In this example, there is a test regarding key derivation as:

static void uc_key_derivation(void)
{
    optiga_lib_status_t optiga_lib_status;
    uint8_t  info[100] = { 0 };
    uint16_t info_len  = 100;
    uint16_t oid               = 0xF1D0;
    uint8_t  shared_secret[64] = { 0 };

    // Check if key derivation is supported (OPTIGA Trust X after version 1.20.1048)
    optiga_lib_status = optiga_util_read_data(0xE0C2, 0, info, &info_len);
    DEMO_OPTIGA_ERROR_CHECK(optiga_lib_status);

    if (info[25] == 0x10 && info[26] == 0x48) // !!!! THIS CONDITION RETURNS TRUE
    {
        NRF_LOG_INFO("Key derivation not supported!\r\n");
        NRF_LOG_FLUSH();
        return;
    }

As I understand, it checks the fw version of the OptigaX for if key derivation is supported or not. According to the reply of the TrustX device, the function returns with 'Key derivation not supported!' message.
The thing is that, in the datasheet (revision 2.6), it clearly says OptigaX supports key derivation in the first page.

Crypto ToolBox with ECC NIST P256, P384, SHA-256 (sign, verify, key generation, ECDH, key derivation)

I appreciate if anybody has any suggestion with that, if this is the case or not, and how to use key derivation with optigaX.

Best regards,
Vedat Show Less