EN | 中文
This repository contains a target-agnostic Software Framework for the OPTIGA™ Trust M2 ID2 security chip. It is a base for other application notes.
The OPTIGA™ Trust M2 ID2 is a security solution based on a secure microntroller. devices might come provisioned on demand. The generic device contains a unique AES (ALI ID2 specific) symmetric key and a device ID. OPTIGA™ Trust M2 ID2 enables easy integration in Alibaba Cloud IoT.
- High-end security controller
- Common Criteria Certified EAL6+ (high) hardware
- Turnkey solution
- Up to 10kB user memory
- PG-USON-10-2 package (3 x 3 mm)
- Temperature range (−40°C to +105°C)
- I2C interface with Shielded Connection (encrypted communication)
- Cryptographic support:
- RSA® up to 2048
- AES key up to 256 , HMAC up to SHA512
- TLS v1.2 PRF and HKDF up to SHA512
- Crypto ToolBox commands for SHA-256, RSA® Feature, AES, HMAC and Key derivation
- Alibaba Cloud IoT connectivity
- Configurable device security monitor, 4 Monotonic up counters
- Protected(integrity and confidentiality) update of data, key and metadata objects
- Hibernate for zero power consumption
- Lifetime for Industrial Automation and Infrastructure is 20 years and 15 years for other Application Profiles
Features | Supported Curve/Algorithm | API Command | V1 | M2 ID2 | V3 |
---|---|---|---|---|---|
ECC | ECC NIST P256/384 | ✓ | ✓ | ||
ECC NIST P521, ECC Brainpool P256/384/512 r1 | ✓ | ||||
RSA | RSA® 1024/2048 | ✓ | ✓ | ✓ | |
Key Derivation | TLS v1.2 PRF SHA 256 | ✓ | ✓ | ✓ | |
TLS v1.2 PRF SHA 384/512 | ✓ | ✓ | |||
HKDF SHA-256/384/512 | ✓ | ✓ | |||
AES | Key size - 128/192/256 (ECB, CBC, CBC-MAC, CMAC) | ✓ | ✓ | ||
Random Generation | TRNG, DRNG, Pre-Master secret for RSA® Key exchange | ✓ | ✓ | ✓ | |
HMAC | HMAC with SHA256/384/512 | ✓ | ✓ | ||
Hash | SHA256 | ✓ | ✓ | ✓ | |
Protected data (object) update (Integrity) | ECC NIST P256/384 RSA® 1024/2048 Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing |
✓ | ✓ | ✓ | |
ECC NIST P521, ECC Brainpool P256/384/512 r1 Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing |
✓ | ✓ | |||
Protected Data/key/metadata update (Integrity and/or confidentiality) | ECC NIST P256/384/521 ECC Brainpool P256/384/512 r1 RSA® 1024/2048 Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing |
✓ | ✓ |
The Alibaba Cloud IoT with OPTIGA™ Trust M2 ID2 Application Note shows how to start working with the evaluation kit.
For high level description and some important excerpts from the documentation please refer to Wiki page
Other downloadable PDF documents can be found below:
- OPTIGA Trust M2 ID2 V2 Datasheet v2.10 (PDF)
- OPTIGA Trust M2 ID2 V2 Solution Reference Manual v2.15 (PDF)
- Infineon I2C protocol specification v2.03 (PDF)
If you are planning to integrate OPTIGA™ Trust M in your PCB design have a look at the recommendations found here (external, opens in the same tab).
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
This project is licensed under the MIT License - see the LICENSE file for details