Skip to content
This repository has been archived by the owner on Jun 27, 2023. It is now read-only.

Infineon/optiga-trust-m2-id2

Repository files navigation

EN | 中文

OPTIGA™ Trust M2 ID2 Software Framework

Quick navigation

Security Chip

Description

This repository contains a target-agnostic Software Framework for the OPTIGA™ Trust M2 ID2 security chip. It is a base for other application notes.

Summary

The OPTIGA™ Trust M2 ID2 is a security solution based on a secure microntroller. devices might come provisioned on demand. The generic device contains a unique AES (ALI ID2 specific) symmetric key and a device ID. OPTIGA™ Trust M2 ID2 enables easy integration in Alibaba Cloud IoT.

Key Features and Benefits

  • High-end security controller
  • Common Criteria Certified EAL6+ (high) hardware
  • Turnkey solution
  • Up to 10kB user memory
  • PG-USON-10-2 package (3 x 3 mm)
  • Temperature range (−40°C to +105°C)
  • I2C interface with Shielded Connection (encrypted communication)
  • Cryptographic support:
    • RSA® up to 2048
    • AES key up to 256 , HMAC up to SHA512
    • TLS v1.2 PRF and HKDF up to SHA512
  • Crypto ToolBox commands for SHA-256, RSA® Feature, AES, HMAC and Key derivation
  • Alibaba Cloud IoT connectivity
  • Configurable device security monitor, 4 Monotonic up counters
  • Protected(integrity and confidentiality) update of data, key and metadata objects
  • Hibernate for zero power consumption
  • Lifetime for Industrial Automation and Infrastructure is 20 years and 15 years for other Application Profiles

OPTIGA™ Trust M feature comparison table

Features Supported Curve/Algorithm API Command V1 M2 ID2 V3
ECC ECC NIST P256/384
ECC NIST P521, ECC Brainpool P256/384/512 r1
RSA RSA® 1024/2048
Key Derivation TLS v1.2 PRF SHA 256
TLS v1.2 PRF SHA 384/512
HKDF SHA-256/384/512
AES Key size - 128/192/256 (ECB, CBC, CBC-MAC, CMAC)
Random Generation TRNG, DRNG, Pre-Master secret for RSA® Key exchange
HMAC HMAC with SHA256/384/512
Hash SHA256
Protected data (object) update (Integrity) ECC NIST P256/384
RSA® 1024/2048
Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing
ECC NIST P521,
ECC Brainpool P256/384/512 r1
Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing
Protected Data/key/metadata update (Integrity and/or confidentiality) ECC NIST P256/384/521
ECC Brainpool P256/384/512 r1
RSA® 1024/2048
Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing

Get Started

Evaluation kit

The Alibaba Cloud IoT with OPTIGA™ Trust M2 ID2 Application Note shows how to start working with the evaluation kit.

Software Framework overview

Documentation

For high level description and some important excerpts from the documentation please refer to Wiki page

Other downloadable PDF documents can be found below:

  1. OPTIGA Trust M2 ID2 V2 Datasheet v2.10 (PDF)
  2. OPTIGA Trust M2 ID2 V2 Solution Reference Manual v2.15 (PDF)
  3. Infineon I2C protocol specification v2.03 (PDF)

Board assembly recommendations

If you are planning to integrate OPTIGA™ Trust M in your PCB design have a look at the recommendations found here (external, opens in the same tab).

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

License

This project is licensed under the MIT License - see the LICENSE file for details

About

OPTIGA™ Trust M2 ID2 Software Framework

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •