OPTIGA™ Trust M Security Controller
Infineon Technologies
Key Features
- High-end security controller
- Common Criteria Certified EAL6+ (high) hardware
- Turnkey solution
- Up to 10kB user memory
- PG-USON-10-2,-4 package (3 x 3 mm)
- Standard & Extended temperature ranges
- I2C interface with Shielded Connection (encrypted communication)
- Cryptographic support:
- ECC: NIST curves up to P-521, Brainpool r1 curve up to 512
- RSA® up to 2048
- AES key up to 256, HMAC up to SHA512
- TLS v1.2 PRF and HKDF up to SHA512
- OPTIGA™ Trust M Software Framework on Github - github.com/Infineon/optiga-trust-m
- Crypto ToolBox commands for SHA-256, ECC and RSA® Feature, AES, HMAC and Key derivation
- Configurable device security monitor, 4 Monotonic up counters
- Protected (integrity and confidentiality) update of data, key and metadata objects
- Hibernate for zero power consumption¹
- Lifetime for Industrial Automation and Infrastructure is 20 years and 15 years for other Application Profiles
Benefits
- Protection of IP and data
- Protection of business case and corporate image
- Safeguarding of quality and safety
Applications
- Industrial control and building automation
- Consumer electronics and Smart Home
- Drones
About this document
Scope and purpose
This Datasheet provides information to enable integration of a security device, and includes package, connectivity and technical data.
Intended audience
This Datasheet is intended for device integrators and board manufacturers.
Product Variants
Table 1: Products for V1
| Sales Code | Temperature range | Package | Description | Evaluation Kit |
|---|---|---|---|---|
| OPTIGAT™ Trust M SLS 32AIA010MH | -40°C to +105°C Extended Temperature Range (ETR) | PG-USON-10-2,-4 | Embedded security solution for connected devices | XMC4800 IoT Connectivity Kit connected to the OPTIGAT™ Trust M to connect to the outside world |
| OPTIGAT™ Trust M SLS 32AIA010MS | -25°C to +85°C Standard Temperature Range (STR) | PG-USON-10-2,-4 | Embedded security solution for connected devices | XMC4800 IoT Connectivity Kit connected to the OPTIGAT™ Trust M to connect to the outside world |
Table 2: Products for V3
| Sales Code | Temperature range | Package | Description | Evaluation Kit |
|---|---|---|---|---|
| OPTIGAT™ Trust M SLS 32AIA010ML | -40°C to +105°C Extended Temperature Range (ETR) | PG-USON-10-2,-4 | Embedded security solution for connected devices | XMC4800 IoT Connectivity Kit connected to the OPTIGAT™ Trust M to connect to the outside world. |
| OPTIGAT™ Trust M SLS 32AIA010MK | -25°C to +85°C Standard Temperature Range (STR) | PG-USON-10-2,-4 | Embedded security solution for connected devices | XMC4800 IoT Connectivity Kit connected to the OPTIGAT™ Trust M to connect to the outside world. |
Infineon and its distribution partners offer a wide range of customization options (e.g. X.509 certificate generation and key provisioning) for the security chip. For details on offered solutions (like OPTIGA™ Trust M Express), selection guide and orders, please see the following page: www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-trust/optiga-trust-m-sls32aia/
Technical Data Overview
Table 3: Features
| Features | Supported Curve/Algorithm | ToolBox commands | V1 | V3 |
|---|---|---|---|---|
| ECC | ECC NIST P256/384 | Sign, Verify, Key generation, and ECDH(E) | ✔️ | ✔️ |
| ECC NIST P521, ECC Brainpool P256/384/512 r1 | Sign, Verify, Key generation, and ECDH(E) | ✔️ | ✔️ | |
| RSA® | RSA® 1024/2048 | Sign, Verify, Key generation, Encrypt and Decrypt | ✔️ | ✔️ |
| Key Derivation | TLS v1.2 PRF SHA 256 | TLS PRF using SHA 256 | ✔️ | ✔️ |
| TLS v1.2 PRF SHA 384/512 | TLS PRF using SHA 256/384/512 | ✔️ | ✔️ | |
| HKDF SHA-256/384/512 | HKDF using SHA256/384/512 | ✔️ | ✔️ | |
| AES | Key size - 128/192/256 (ECB, CBC, CBC-MAC, CMAC) | Key generation, Encrypt and Decrypt | ✔️ | ✔️ |
| Random generation | TRNG, DRNG, Pre-Master secret for RSA® Key exchange | Generate random | ✔️ | ✔️ |
| HMAC | HMAC with SHA256/384/512 | HMAC generation and Verification | ✔️ | ✔️ |
| Hash | SHA 256 | Hash generation | ✔️ | ✔️ |
| Protected data (object) update (Integrity) | ECC NIST P256/384 RSA® 1024/2048 Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing | Secure data object update | ✔️ | ✔️ |
| ECC NIST P521, ECC Brainpool P256/384/512 r1 Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing | Secure data object update | ✔️ | ✔️ | |
| Protected Data/key/metadata update (Integrity and/or confidentiality) | ECC NIST P256/384/521 ECC Brainpool P256/384/512 r1 RSA® 1024/2048 Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing | Secure data/key object update and metadata update for Data/key object | ✔️ | ✔️ |
System Block Diagram
The following figure depicts the system block diagram for OPTIGA™ Trust M.
[Diagram: A block diagram showing the interaction between a Local Host and the OPTIGA™ Trust M. The Local Host includes Application, OPTIGA™ Trust M Host Library (CRYPT, UTIL, CMD, COMMS), and Platform Abstraction Layer (PAL). The OPTIGA™ Trust M includes Arbitrary Data Objects, Monotonic Counters, X.509 certificates, Trust Anchors, ECC keys, RSA keys, Platform Binding Secret, and Crypto Functions. An I2C interface with Shielded Connection connects the two.]
The System Block Diagram is explained below for each layer.
1. Local Host
- Local Host Application – This is the target application which utilizes OPTIGA™ Trust M for its security needs.
- OPTIGA™ Trust M Host Library
- CRYPT – Provides APIs to perform cryptographic functionalities. Any TLS stack can be integrated on Local Host as part of 3rd party Crypto Library to offload crypto operations to OPTIGA™ Trust M.
- UTIL – Provides APIs such as read/write, protected update of data, metadata, key objects and open/close application (e.g. Hibernate).
- CMD - Provides APIs to send and receive commands (Section 6) to and from OPTIGA™ Trust M.
- COMMS – Provides wrapper APIs for communication (optional encrypted communication using Shielded Connection) with OPTIGA™ Trust M which internally uses Infineon I2C Protocol (IFX I2C).
- PAL – A layer that abstracts platform specific drivers (e.g. I2C, Timer, GPIO, platform crypto library etc.).
2. OPTIGA™ Trust M
- Arbitrary Data Objects – The target application can store up to 4.5kB (~4600 bytes) of data into OPTIGA™ Trust M. The data could be additional Trust Anchors, certificates and shared secret.
- Monotonic Counters - Provides 4 monotonic counting data objects (up counters). These can be used as general purpose counter or as linked counter to other objects.
- X.509 – Up to 4 X.509 based Certificates can be stored.
- Keys - Up to 4 ECC, 2 RSA and 1 AES based keys can be stored.
- Secret - 1 Platform binding secret can be stored.
- Trust Anchors – 3 slots, for Mutual Authentication (TLS/DTLS) and Firmware Updates can be stored.
- Crypto Functions - OPTIGA™ Trust M provides cryptographic functions that can be invoked via local host.
Note: Unique AES key, ECC/RSA private keys and X.509 Certificates – During production at Infineon fab, unique asymmetric keys (private and public) are generated and symmetric key/shared secrets are provisioned. The public key is signed by customer specific CA and the resulting X.509 certificate issued is securely stored in the OPTIGA™ Trust M. Special measures are taken to prevent the leakage and modification of private key/shared secret material at the Common Criteria Certified production site.
Interface and Schematics
The following figure illustrates how to integrate OPTIGA™ Trust M with your local host.
[Diagram: A schematic showing the integration of OPTIGA™ Trust M with a local host using an I2C interface. Components include VCC, GND, SCL, SDA, and the TRUST M chip. Pull-up resistors are shown on SCL and SDA lines.]
Note: The OPTIGA™ Trust M can be integrated with IFX I2C reset option as soft reset (IFX_I2C_SOFT_RESET), or hardware reset. Value of the pullup resistors depend on the target application circuit and the target I2C frequency.
3.1 System Integration Schematics with Hibernation support
The following figure illustrates how to integrate OPTIGA™ Trust M with hibernation, with local host GPIO used as VCC.
[Diagram: A schematic showing the integration of OPTIGA™ Trust M with hibernation, using a local host GPIO as VCC. Components include VCC, GND, SCL, SDA, RST, and the TRUST M chip. A host GPIO is connected to control VCC. Pull-up resistors are shown on SCL and SDA lines.]
Note: The Host GPIO pin must have sufficient current to drive the supply current, as per Table 11. Value of the pullup resistors depend on the target application circuit and the target I2C frequency.
If the host GPIO doesn't supply sufficient current to OPTIGA, additional MOSFET switching circuitry is needed to control the power supply (VCC). The below circuit diagrams depicts the options to control the power supply (VCC) using GPIO from Host with the switching logic.
[Diagram: A schematic showing the integration of OPTIGA™ Trust M with hibernation, using a single MOSFET controlled by a host GPIO to switch the VCC. Components include VCC, GND, SCL, SDA, RST, TRUST M chip, FDN304P MOSFET, and pull-up resistors.]
Note: Due to the single P channel MOSFET (FDN304P) behavior, GPIO must be connected and drive the pin to LOW to enable the VCC supply to OPTIGA™ Trust M. This adaption must be done in the optiga host library (ifx_i2c.c), refer 11.1.1 for details. Value of the pullup resistors depend on the target application circuit and the target I2C frequency.
[Diagram: A schematic showing the integration of OPTIGA™ Trust M with hibernation, using two MOSFETs controlled by a host GPIO to switch the VCC. Components include VCC, GND, SCL, SDA, RST, TRUST M chip, FDN304P MOSFET, BSS138N MOSFET, and pull-up resistors.]
Note: Value of the pullup resistors depend on the target application circuit and the target I2C frequency. If GPIO pin is connected, set the GPIO pin to HIGH to enable the VCC to OPTIGA™ Trust M.
Description of packages
This chapter provides information on the package types and how the interfaces of each product are assigned to the package pins. For further information on compliance of the packages with European Parliament Directives, see "RoHS Compliance" on Page 25. For details and recommendations regarding the assembly of packages on PCBs, please see the following: www.infineon.com/cms/en/product/technology/packages/
4.1 PG-USON-10-2,-4
The package dimensions (in mm) of the controller in PG-USON-10-2,-4 packages are given below.
[Diagram: Mechanical dimensions of the PG-USON-10-2,-4 package, showing length, width, height, lead pitch, and marking indicators. Dimensions are in millimeters.]
The following figure shows the PG-USON-10-2,-4 in top view:
[Diagram: Top view of the PG-USON-10-2,-4 package, indicating pin numbers and their functions: GND, n.c., SDA, n.c., n.c., n.c., n.c., SCL, RST, VCC. An exposed pad for thermal dissipation is also shown.]
4.2 Production sample marking pattern
The following figure describes the productive sample marking pattern on PG-USON-10-2,-4.
[Diagram: Frontside and backside marking pattern for the PG-USON-10-2,-4 package. Frontside shows a dot indicating pin 01, followed by LOT CODE, SERIAL NUMBER, and H/E indicator. Backside shows the package outline.]
The black dot indicates pin 01 for the chip. The following Table 5 describes the sample marking pattern:
Table 5: Marking table for PG-USON-10-2,-4 packages
| Indicator | Description |
|---|---|
| LOT CODE ZZ | Defined and inserted during fabrication |
| H/E | Indicates the Certifying Authority Serial Number / SKU#, e.g. "00" would mean "SKU#00" |
| H = "Halogen-free", E = "Engineering samples" This indicator is followed by "YYWW", where YY is the "Year" and WW is the "Work Week" of the production. This is inserted during fabrication. Engineering samples have "E YYWW" and productive samples have "H YYWW" |
Indicator Convention: T&#$@ where: T indicates the OPTIGA Trust family, & indicates the product is a Trust M controller, # indicates the controller is a STR (S) variant, $ specifies the OPTIGA™ Trust M release version number, @ specifies the software version. Example: "TMS10" means 'OPTIGA™ Trust M', 'STR variant', 'release version 1', 'software version 0'.
Table 6: Contact definitions and functions of PG-USON-10-2,-4 packages
| Pin | Type | Function |
|---|---|---|
| 01 | GND | Supply voltage (Ground) |
| 02 | NC | Not connected / Do not connect externally |
| 03 | I/O | Serial Data Line (SDA) |
| 04 | NC | Not connected / Do not connect externally |
| 05 | NC | Not connected / Do not connect externally |
| 06 | NC | Not connected / Do not connect externally |
| 07 | NC | Not connected / Do not connect externally |
| 08 | I/O | Serial Clock Line (SCL) |
| 09 | IN | Active Low Reset (RST) |
| 10 | PWR | Supply voltage (Vcc) |
Technical Data
This section summarizes the technical data of the product. It provides the operational characteristics as well as the electrical DC and AC characteristics.
5.1 I2C Interface Characteristics
Table 7: I2C Operation Supply and Input Voltages
| Parameter | Symbol | Values (Min.) | Values (Typ.) | Values (Max.) | Unit | Note or Test Condition |
|---|---|---|---|---|---|---|
| Supply voltage | VCC_I2C | 1.62 | - | 5.5 | V | Overall functional range |
| SDA, SCL input voltage | VIN_I2C | -0.3 | - | VCC_I2C + 0.5 or 5.5¹ | V | VCC_I2C is in the operational supply range |
| -0.3 | - | 5.5 | V | VCC_I2C is switched off |
¹ Whichever is lower
5.1.1 I2C Standard/Fast Mode Interface Characteristics
For operation of the I2C interface, the electrical characteristics are compliant with the I²C bus specification Rev. 4 for "standard-mode" (fSCL up to 100 kHz) and "fast-mode" (fSCL up to 400 kHz), with certain deviations as stated in the table below.
Note: TA as given for the operating temperature range of the controller unless otherwise stated.
Table 8: I2C Standard Mode Interface Characteristics
| Parameter | Symbol | Values (Min.) | Values (Typ.) | Values (Max.) | Unit | Note or Test Condition |
|---|---|---|---|---|---|---|
| SCL clock frequency | fSCL | 0 | - | 100 | kHz | |
| Input low-level voltage | VIL | -0.3 | 0 | 0.3 * VCC_I2C | V | |
| Low-level output voltage | VOL1 | 0 | - | 0.4 | V | Sink current 3 mA; VCC_I2C ≥ 2.7 V Sink current 2 mA; VCC_I2C < 2.7 V |
| Low-level output current | IOL | 3 | - | - | mA | VOL = 0.4 V; VCC_I2C ≥ 2.7 V VOL = 0.4 V; VCC_I2C < 2.7 V |
| Output fall time from ViHmin to Vilmax (at device pin) | tof | - | - | 250 | ns | Cb ≤ 400 pF; VCC_I2C ≥ 2.7 V Cb ≤ 200 pF; VCC_I2C < 2.7 V |
| Capacitive load for each bus line | Cb | - | - | 400 | pF | VCC_I2C ≥ 2.7 V 200 VCC_I2C < 2.7 V |
5.1.2 I2C Fast Mode Plus Interface Characteristics
For operation of the I2C interface, the electrical characteristics are compliant with the I²C bus specification Rev. 4 for "fast mode plus" (fSCL up to 1 MHz), with certain deviations as stated in the table below.
Note: TA as given for the operating temperature range of the controller unless otherwise stated.
Table 9: I2C Fast Mode Interface Characteristics
| Parameter | Symbol | Values (Min.) | Values (Typ.) | Values (Max.) | Unit | Note or Test Condition |
|---|---|---|---|---|---|---|
| SCL clock frequency | fSCL | 0 | - | 400 | kHz | |
| Input low-level voltage | VIL | -0.3 | - | 0.3* VCC_I2C | V | |
| Low-level output voltage | VOL1 | 0 | - | 0.4 | V | Sink current 3 mA; VCC_I2C ≥ 2.7 V Sink current 2 mA; VCC_I2C < 2.7 V |
| Low-level output current | IOL | 3 | - | - | mA | VOL = 0.4 V; VCC_I2C ≥ 2.7 V VOL = 0.4 V; VCC_I2C < 2.7 V |
| Output fall time from ViHmin to Vilmax (at device pin) | tof | 20* | - | 250 | ns | Cb ≤ 400 pF; VCC_I2C ≥ 2.7 V Cb ≤ 200 pF; VCC_I2C < 2.7 V |
| Capacitive load for each bus line | Cb | 15² | - | 400 | pF | VCC_I2C ≥ 2.7 V 200 VCC_I2C < 2.7 V |
5.1.2 I2C Fast Mode Plus Interface Characteristics
For operation of the I2C interface, the electrical characteristics are compliant with the I²C bus specification Rev. 4 for "fast mode plus" (fSCL up to 1 MHz), with certain deviations as stated in the table below.
Note: TA as given for the operating temperature range of the controller unless otherwise stated.
Table 10: I2C Fast Mode Plus Interface Characteristics
| Parameter | Symbol | Values (Min.) | Values (Typ.) | Values (Max.) | Unit | Note or Test Condition |
|---|---|---|---|---|---|---|
| SCL clock frequency | fSCL | 0 | - | 1000 | kHz | |
| Input low-level voltage | VIL | -0.3 | - | 0.3* VCC_I2C | V | |
| Low-level output voltage | VOL1 | 0 | - | 0.4 | V | Sink current 3 mA; VCC_I2C ≥ 2.7 V Sink current 2 mA; VCC_I2C < 2.7 V |
| Low-level output current | IOL | 3 | - | - | mA | VOL = 0.4 V; VCC_I2C ≥ 2.7 V VOL = 0.4 V; VCC_I2C < 2.7 V |
| Output fall time from ViHmin to Vilmax (at device pin) | tof | 20* | - | 120 | ns | Cb ≤ 150 pF |
| Capacitive load for each bus line | Cb | 15¹ | - | 150 | pF |
5.1.3 Electrical Characteristics
Note: TA as given for the operating temperature range of the controller unless otherwise stated. All currents flowing into the controller are considered positive.
5.1.3.1 DC Electrical Characteristics
TA as given for the controller's operating ambient temperature range unless otherwise stated. All currents flowing into the controller are considered positive.
Table 11: Electrical Characteristics
| Parameter | Symbol | Values (Min.) | Values (Typ.) | Values (Max.) | Unit | Note or Test Condition |
|---|---|---|---|---|---|---|
| Supply voltage | Vcc | 1.62 | - | 5.5 | V | Overall functional range |
| VCC_I2C | 1.62 | - | 5.5 | V | Supply voltage range for operation of I2C | |
| Supply current¹ | ICCAVG | - | 14.0 | - | mA | While running a typical authentication profile |
| Supply current, in sleep mode | Iccs3 | - | 70 | 100 | μΑ | TA = 25°C; VCC_I2C = 3.3 V; I2C ready for operation (no bus activity), all other inputs at Vcc, no other interface activity |
| RST input low voltage | VIL | -0.3 | - | 0.3* Vcc | V | IIL = -50 µA to +20 μΑ |
| RST input high voltage | VIH | 0.7* Vcc | - | Vcc + 0.3 | V | IIL = -50 µA to +20 μΑ |
| Hibernate current | - | - | <2.5 | μΑ | Vcc = 0 V, GND = 0 V, RST = 0 V, SCL= 3.3 V and SCL = 3.3 V |
¹ Supply current can be limited from 6mA to 15mA by software commands.
5.1.3.2 AC Electrical Characteristics
TA as given for the controller's operating ambient temperature range unless otherwise stated. All currents flowing into the controller are considered positive.
Table 12: AC Characteristics
| Parameter | Symbol | Values (Min.) | Values (Typ.) | Values (Max.) | Unit | Note or Test Condition |
|---|---|---|---|---|---|---|
| Vcc rampup time | tVCCR | 1 | - | 1000 | µs | 400 mV to 90% of Vcc target voltage ramp |
The Vcc ramp is depicted in Figure 9. 90% of the target supply voltage must be reached within tVCCR after it has exceeded 400 mV. Moreover, its variation must be kept within a ±10% range.
[Diagram: A graph showing the VCC voltage ramp-up over time, illustrating the 400 mV threshold, 90% target voltage, and tVCCR time.]
5.1.4 Start-Up of I2C Interface
There are 2 variants possible for performing the startup procedure:
- Startup after power-on
- Startup for warm resets
5.1.4.1 Startup after Power-On
The activation of the I2C interface after power-on needs the following reset procedure.
- VCC is powered up and the state of the SDA and SCL line are set to high level during power-up.
- The first transmission may start at the earliest tstartup after power-up of the device.
The following figure shows the startup timing of the I2C interface for this case.
[Diagram: Timing diagram showing VCC, SCL, RST, and SDA signals during startup after power-on. It illustrates power-up, startup phase, and bus-idle state.]
5.1.4.2 Startup for Warm Resets
When using the reset signal for triggering a warm reset after power-on, the activation of the I2C interface needs the following reset procedure:
- VCC remains powered up.
- The terminal stops I2C communication. SDA and SCL lines are set to high level before RST is set to low level.
- After its falling edge, RST has to be kept at low level for at least t₁. At the latest t2 after the falling edge of RST, the terminal must set RST to high level.
- The first transmission may start at the earliest tstartup after the rising edge of RST.
The following figure shows the timing for this startup case.
[Diagram: Timing diagram showing VCC, SCL, RST, and SDA signals during startup after a warm reset. It illustrates reset detection, warm reset, and startup phases.]
Note: If NVM programming was requested prior to the reset, tSTARTUP will be extended from a typical value of 15 ms to a maximum of 20 ms.
Table 13: Startup of I2C Interface After Power-On
| Parameter | Symbol | Values (Min.) | Values (Typ.) | Values (Max.) | Unit | Note or Test Condition |
|---|---|---|---|---|---|---|
| Startup time | tSTARTUP | 15 | - | - | ms |
Table 14: Startup of I2C Interface for Warm Resets¹
| Parameter | Symbol | Values (Min.) | Values (Typ.) | Values (Max.) | Unit | Note or Test Condition |
|---|---|---|---|---|---|---|
| Startup time | tSTARTUP | 15 | - | - | ms | |
| Rise time | tr | - | - | 1 | µs | From 10% to 90% of signal amplitude |
| Fall time | te | - | - | 1 | µs | From 10% to 90% of signal amplitude |
| Reset detection | t₁ | - | 10 | - | µs | |
| Reset low | 10 | - | 2500 | μς |
¹ Reset triggered by software (without power off/on cycle)
OPTIGA™ Trust M External Interface
6.1 Commands
This section provides short description of the commands exposed by the OPTIGA™ Trust M security chip and mapping of these commands w.r.t Use Cases.
Table 15: Command table
| Command Name | Description | V1 | V3 |
|---|---|---|---|
| OpenApplication | Command to launch an application | ✔️ | ✔️ |
| CloseApplication | Command to close/hibernate an application | ✔️ | ✔️ |
| GetDataObject | Command to get (read) a data object | ✔️ | ✔️ |
| SetDataObject | Command to set (write) a data object | ✔️ | ✔️ |
| SetObjectProtected | Command to set (write) data protected (integrity protection) | ✔️ | ✔️ |
| SetObjectProtected | Command to set (write) data/key objects and its metadata protected (integrity protection, confidentiality) | ✔️ | ✔️ |
| GetRandom | Command to generate a random stream | ✔️ | ✔️ |
| CalcHash | Command to calculate a Hash | ✔️ | ✔️ |
| CalcSign | Command to calculate a signature | ✔️ | ✔️ |
| VerifySign | Command to verify a signature | ✔️ | ✔️ |
| CalcSSec | Command to execute a Diffie-Hellmann key agreement | ✔️ | ✔️ |
| DeriveKey | Command to derive keys | ✔️ | ✔️ |
| GenKeyPair | Command to generate public/private key pairs | ✔️ | ✔️ |
| EncryptAsym | Command to encrypt (Asymmetric) a message | ✔️ | ✔️ |
| DecryptAsym | Command to decrypt (Asymmetric) a message | ✔️ | ✔️ |
| EncryptSym | Command to encrypt (Symmetric) a message | ✔️ | ✔️ |
| DecryptSym | Command to decrypt (Symmetric) a message | ✔️ | ✔️ |
| GenSymKey | Command to generate a symmetric key | ✔️ | ✔️ |
Table 16: Mapping of commands with Use cases
| Use Case | OPTIGA™ Trust M commands used |
|---|---|
| Secure Communication with (D)TLS | GetRandom, CalcHash, CalcSign, VerifySign, CalcSSec, DeriveKey, GenKeyPair, EncryptAsym and DecryptAsym |
| Datastore (user memory ~ 4.5kB) | GetDataObject and SetDataObject |
| Symmetric key attestation, Security Tokens | EncryptSym and DecryptSym¹ |
| Secure Firmware Update | SetObjectProtected command |
| Secure update of Trust Anchors and Keys on Security Chip | VerifySign and DeriveKey |
¹ EncryptSym and DecryptSym is supported only in v3
² Secure key update is supported only in v3
6.2 Crypto Performance
The performance metrics for various schemes are provided by the Table 18 below. If not particularly mentioned, the performance is measured @ OPTIGA™ Trust M I/O interface with:
- I2C FM (400KHz)
- Without power limitation
- @ 25°C
- VCC = 3.3V
- RSA Signature scheme: RSA SSA PKCS#1 v1.5 without hashing
- ECDSA Signature scheme: ECDSA FIPS 186-3 without hashing
- Encryption/Decryption scheme: RSAES PKCS#1 v1.5
- Hash scheme: SHA256
- Key Derivation scheme: TLS v1.2 PRF SHA256, HKDF SHA256
- RSA Key size: 2048 bits
- ECC Key size: 256 bits (NIST P-256)
- AES Key size: 128 bits
Table 17: Crypto performance for V1
| Scheme | Algorithm | Performance in ms¹ | Performance with Shielded Connection in ms¹ | Notes |
|---|---|---|---|---|
| Calculate signature | ECDSA | 60 | 65 |
|
| RSA | ~310 | 315 |
|
|
| Verify signature | ECDSA | 85 | 90 |
|
| RSA | 45 | 55 |
|
|
| Diffie-Hellman key agreement | ECC | 60 | 65 | Based on ephemeral key pair |
| Key pair generation | ECC | ~75 | 80 | Generate 256 bit ECC key pair |
| RSA | 2900² | 2910 | Generate 2048 bit RSA key pair | |
| Encryption | RSA | ~30 | ~45 | Encrypt 127 bytes |
| Decryption | RSA | ~310 | 320 | Decrypt 127 bytes |
| Key derivation | PRF as per TLS v1.2 | ~50 | 55 |
|
| Hash calculation | SHA256 | 12 Kbyte/s | 11 Kbyte/s | In blocks of 1280 bytes |
¹Minimum Execution of the entire sequence in milli seconds, except the External World timings
²RSA key pair generation performance is not predictable and typically have a variation in performance. This could be significantly higher or lower as the one specified in the table which is an average value over collected samples.
Table 18: Crypto performance for V3
| Scheme | Algorithm | Performance in ms¹ | Performance with Shielded Connection in ms¹ | Notes |
|---|---|---|---|---|
| Calculate signature | ECDSA | 65 | 70 |
|
| RSA | ~310 | 320 |
|
|
| Verify signature | ECDSA | 85 | 95 |
|
| RSA | 40 | ~50 |
|
|
| Diffie-Hellman key agreement | ECDH | 60 | 65 | Based on ephemeral key pair |
| Key pair generation | ECC | ~55 | 60 | Generate 256 bit ECC key pair in session |
| RSA | 2900² | 2910 | Generate 2048 bit RSA key pair | |
| Encryption | RSA | ~40 | 50 | Encrypt 127 bytes |
| Decryption | RSA | 315 | 325 | Decrypt 127 bytes |
| Encryption | AES-128 | ~28 | 35 | Encrypt 256 bytes, ECB mode |
| Decryption | AES-128 | ~35 | ~42 | Decrypt 256 bytes, ECB mode |
| Key derivation | PRF as per TLS v1.2 | ~50 | ~55 |
|
| Key derivation | HKDF with SHA256 | ~ 130 | 135 | Using a pre-shared secret from a data object |
| HMAC | HMAC with SHA256 | ~90 | ~95 | Using a pre-shared secret from a data object and 128 bytes of input data |
| Hash calculation | SHA256 | ~ 15 Kbyte/s | 14 Kbyte/s | In blocks of 1280 bytes |
¹ Minimum Execution of the entire sequence in milli seconds, except the External World timings
² RSA key pair generation performance is not predictable and typically have a variation in performance. This could be significantly higher or lower as the one specified in the table which is an average value over collected samples.
Security Monitor
The Security Monitor is a central component which enforces the security policy of the OPTIGA™ Trust M. It consumes security events sent by security aware parts of the OPTIGA™ Trust M embedded SW and takes actions accordingly as specified in Security Policy below.
7.1 Security Events
The events below actively influence the security monitor.
Table 19: Security Events
| Event | Description |
|---|---|
| Decryption Failure | This event occurs in case a decryption and/or integrity check of provided data lead to a failure during protected update. |
| Key Derivation | This event occurs in case the DeriveKey command gets applied on a persistent data object (not volatile data object as session context). In that case the persistent data object gets used as pre-shared secret. |
| Private Key Use | This event occurs in case the internal services are going to use an OPTIGA™ Trust M hosted private key. |
| Secret Key Use | This event occurs in case the internal services are going to use a OPTIGA™ hosted secret (symmetric) key (once per respective command), except temporary keys from session context are used. |
| Suspect System Behavior | This event occurs in case the embedded software detects inconsistencies with the expected behavior of the system. Those inconsistencies might be redundant information which doesn't fit to their counterpart. |
7.2 Security Policy
Security Monitor judges the notified security events regarding the number of occurrence over time and in case those violate the permitted usage profile of the system takes actions to throttle down the performance and thus the possible frequency of attacks.
The permitted usage profile is defined as:
- tmax is set to 5 seconds (± 5%)
- A Suspect System Behavior event is never permitted and will cause setting the Security Event Counter (SEC) to its maximum (= 255).
- One protected operation (refer to Table 19) events per tmax period.
In other words it must not allow more than one out of the protected operations per tmax period (worst case, ref to bullet 3. above). This condition must be stable, at least after 500 uninterrupted executions of protected operations.
For more information, please refer to Solution Reference Manual document available as part of the package.
RoHS Compliance
On January 27, 2003 the European Parliament and the council adopted the directives:
- 2002/95/EC on the Restriction of the use of certain Hazardous Substances in electrical and electronic equipment ("RoHS")
- 2002/96/EC on Waste Electrical and Electrical and Electronic Equipment ("WEEE")
Some of these restricted (lead) or recycling-relevant (brominated flame retardants) substances are currently found in the terminations (e.g. lead finish, bumps, balls) and substrate materials or mold compounds.
The European Union has finalized the Directives. It is the member states' task to convert these Directives into national laws. Most national laws are available, some member states have extended timelines for implementation. The laws arising from these Directives have come into force in 2006 or 2007.
The electro and electronic industry has to eliminate lead and other hazardous materials from their products. In addition, discussions are on-going with regard to the separate recycling of certain materials, e.g. plastic containing brominated flame retardants.
Infineon Technologies is fully committed to giving its customers maximum support in their efforts to convert to lead-free and halogen-free¹ products. For this reason, Infineon Technologies' "Green Products" are ROHS-compliant.
Since all hazardous substances have been removed, Infineon Technologies calls its lead-free and halogen-free semiconductor packages "green." Details on Infineon Technologies' definition and upper limits for the restricted materials can be found here.
The assembly process of our high-technology semiconductor chips is an integral part of our quality strategy. Accordingly, we will accurately evaluate and test alternative materials in order to replace lead and halogen so that we end up with the same or higher quality standards for our products.
The use of lead-free solders for board assembly results in higher process temperatures and increased requirements for the heat resistivity of semiconductor packages. This issue is addressed by Infineon Technologies by a new classification of the Moisture Sensitivity Level (MSL). In a first step the existing products have been classified according to the new requirements.
[Image: A visual representation of lead-free and halogen-free components, with "green product compliant" logo.]
¹Any material used by Infineon Technologies is PBB and PBDE-free. Plastic containing brominated flame retardants, as mentioned in the WEEE directive, will be replaced if technically/economically beneficial.
Appendix A – Infineon I2C Protocol Registry Map
OPTIGA™ Trust M supports IFX I2C v2.01 and is implemented as I2C slave, which uses different address locations for status, control and data communication registers. These registers with description are outlined below in the following table.
Table 20: IFX I2C Registry Map Table
| Register Address | Name | Size in Bytes | Description | Master Access |
|---|---|---|---|---|
| 0x80 | DATA | - | This is the location where data shall be read from or written to the I2C slave | Read / Write |
| 0x81 | DATA_REG_LEN | 2 | This register holds the maximum data register (Addr 0x80) length. The allowed values are 0x0010 up to 0xFFFF. After writing the new data register length it becomes effective with the next I2C master access. However, in case the slave could not accept the new length it indicates its maximum possible length within this register. Therefore it is recommended to read the value back after writing it to be sure the I2C slave did accept the new value. Note: the value of MAX_PACKET_SIZE is derived from this value or vice versa (MAX_PACKET_SIZE= DATA_REG_LEN-5) | Read / Write |
| 0x82 | I2C_STATE | 4 | Bits 31:24 of this register provides the I2C state in regards to the supported features (e.g. clock stretching ...) and whether the device is busy executing a command and/or ready to return a response etc. Bits 15:0 defining the length of the response data block at the physical layer. | Read only |
| 0x83 | BASE_ADDR | 2 | This register holds the I2C base address as specified by Table 21. Default value is 0x30. After writing a different address the new address become effective with the next 12C master access. In case the bit 15 is set in addition to the new address (bit 6:0) it becomes the new default address at reset (persistent storage). | Write only |
| 0x84 | MAX_SCL_FREQU | 4 | This register holds the maximum clock frequency in KHz supported by the I2C slave. The value gets adjusted to the register I2C_Mode setting. Fast Mode (Fm): The allowed values are 50 up to 400. Fast Mode (Fm+): The allowed values are 50 up to 1000. | Read only |
| 0x85 | GUARD_TIME¹ | 4 | For details refer to Table 24 | Read only |
| 0x86 | TRANS_TIMEOUTS | 4 | For details refer to Table 24 | Read only |
¹ In case the register returns 0xFFFFFFFF the register is not supported and the default values specified in Table 'List of protocol variations' shall be applied.
Table 21: Definition of BASE_ADDR
| Fields | Bits | Value | Description |
|---|---|---|---|
| DEF_ADDR | 15 | 0 | Volatile address setting by bit 6:0, lost after reset. |
| 1 | Persistent address setting by bit 6:0, becoming default after reset. | ||
| BASE_ADDR | 6:0 | 0x00-0x7F | I2C base address specified by Table 20 |
[Diagram: Bit allocation for BASE_ADDR register.]
Table 22: Definition of I2C_MODE
| Fields | Bits | Value | Description |
|---|---|---|---|
| DEF_MODE | 15 | 0 | Volatile mode setting by bit 2:0, lost after reset. |
| 1 | Persistent mode setting by bit 2:0, becoming default after reset. This bit is always read as 0. | ||
| MODE | 2:0 | 001 | Sm |
| 010 | Fm | ||
| 011 | SM & Fm (fab out default) | ||
| 100 | Fm+ | ||
| other values | not valid; writing will be ignored |
¹ In case the register returns 0xFFFFFFFF the register and its functionality is not supported
² This mode defines the adherence of the bus signals to the electrical characteristics according standard I2C bus specification
Table 23: Definition of I2C_STATE
| Field | Bit(s) | Value | Description |
|---|---|---|---|
| BUSY | 31 | 0 | Device is not busy |
| 1 | Device is busy executing a command | ||
| RESP_RDY | 30 | 0 | Device is not ready to return a response |
| 1 | Device is ready to return a response | ||
| SOFT_RESET | 27 | 0 | SOFT_RESET not supported |
| 1 | SOFT_RESET supported | ||
| CONT_READ | 26 | 0 | Continue Read not supported |
| 1 | Continue Read supported | ||
| REP_START | 25 | 0 | Repeated start not supported |
| 1 | Repeated start supported | ||
| CLK_STRETCHING | 24 | 0 | Clock stretching not supported |
| 1 | Clock stretching supported | ||
| PRESENT_LAYER | 23 | 0 | Presentation Layer not supported |
| 1 | Presentation Layer supported |
9.1 Infineon I2C Protocol Variations
To fit best to application specific requirements the protocol might be tailored by specifying a couple of parameters which is described in the following table.
Table 24: List of Protocol Variations
| Parameter | Default Value | Description |
|---|---|---|
| MAX_PACKET_SIZE | 0x110 | Maximum packet size accepted by the receiver. The protocol limits this value to 0xFFFF, but there might be project specific requirements to reduce the transport buffers size for the sake of less RAM footprint in the communication stack. If shortened, it could be statically defined or negotiated at the physical layer. |
| WIN_SIZE | 1 | Window size of the sliding windows algorithm. The value could be 1 up to 2. |
| MAX_NET_CHAN | 1 | Maximum number of network channels. The value could be 1 up to 16. One indicates the OSI Layer 3 is not used and the CHAN field of the PCTR must be set to 0000. |
| CHAINING | TRUE | Chaining on the transport layer is supported (TRUE) or not (FALSE) |
| TRANS_TIMEOUT | 10 ms | (Re) transmission timeout specifies the number of milliseconds to be elapsed until the transmitter considers a frame transmission is lost and retransmits the non-acknowledged frame. The Timer gets started as soon as the complete frame is transmitted. The value could be 1 up to 1000. However, the higher the number, the longer it takes to recover from a frame transmission error. Note: The acknowledge timeout on the receiver side must be shorter than the retransmission timeout to avoid unnecessary frame repetitions. |
| TRANS_REPEAT | 3 | Number of transmissions to be repeated until the transmitter considers the connection is lost and starts a re-synchronization with the receiver. The value could be 1 up to 4. |
| BASE_ADDR | 0x30 | I2C (base) address. This address could be statically defined or dynamically negotiated by the physical layer. |
| MAX_SCL_FREQU | 1000 kHz | Maximum SCL clock frequency in kHz. |
| GUARD_TIME | 50 µs | Minimum time to be elapsed at the I2C master measured from read data (STOP condition) until the next write data (Start condition) is allowed to happen. Note 1: For two consecutive accesses on the same device GUARD_TIME re-specifies the value of tBuf as specified by [I2Cbus]. Note 2: Even if another I2C address is accessed in between GUARD_TIME has to be respected for two consecutive accesses on the same device. |
| SOFT_RESET | 1 | Any write attempt to the SOFT_RESET register will trigger a warm reset (reset w/o power cycle). This register is optional and its presence is indicated by the I2C_STATE register's "SOFT_RESET" flag. |
| PRESENT_LAYER | 1 | This flag at the I2C_STATE register indicates the optional availability of the presentation layer, which is providing confidentiality and integrity protection of payloads (APDUs) transferred across the I2C interface. The presentation layer is used as part of Shielded Connection. |
Appendix B - OPTIGA™ Trust M Command/Response I2C Sample Logs
The default I2C slave address for the OPTIGA™ Trust M is 0x30 [I2C_ADDR]. All the values in this section are specified in decimal form unless stated otherwise.
10.1 Sequence of commands to read Coprocessor UID from OPTIGA™ Trust M
Pre-requisites
- Ensure that the security device is powered up.
- The OPTIGA™ Trust M will not acknowledge the slave address sent by a host if it is either busy or in idle state. Hence the host must retry or repeat the transaction until it is successful or timed out for 100 milliseconds (extreme case).
- The specified guard time must be applied between each attempt of write / read operation by the Host I2C driver.
- The log information for OPTIGA™ Trust M commands specified in below Tables contains the [IFX I2C] protocol information which comprises sequence numbers and checksum of the transactions.
- A sequence of commands must be strict for the OPTIGA™ Trust M (e.g. OpenApplication followed by GetDataObject to read a Coprocessor UID).
- A checksum in the data depends on the data received or sent via write/read operations. So any data change in the transaction is reflected in the check sum. Otherwise the write data transaction will not be accepted/acknowledged by the OPTIGA™ Trust M.
- The logs specified below are without the presentation layer (used for the Shielded Connection) of [IFX I2C].
10.1.1 Check the status [I2C_STATE]
This is a very basic register read operation which ensures the behavior of the read/write operations of the local host I2C driver.
Table 25: Check I2C_STATE Register of OPTIGA™ Trust M
| I2C_ADDR | Transaction Type | Data [values in hexadecimal] |
|---|---|---|
| 30 | Write [01 Bytes] | 82 |
| 30 | Read [04 Bytes] | 08 80 00 00 |
10.1.2 Issue OpenApplication command
Before issuing any application specific command; e.g. read Coprocessor UID using GetDataObject, it is a must to send the OpenApplication command to initialize the application on the OPTIGA™ Trust M as shown below.
Table 26: OpenApplication on OPTIGA™ Trust M
| I2C_ADDR | Transaction Type | Data [values in hexadecimal] |
|---|---|---|
| 30 | Write [ 27 Bytes] | 80 03 00 15 00 70 00 00 10 D2 76 00 00 04 47 65 6E 41 75 74 68 41 70 70 6C 04 1A |
Step 2: Read the I2C_STATE register [Repeat this step until the read contains the data as specified below].
| I2C_ADDR | Transaction Type | Data [values in hexadecimal] |
|---|---|---|
| 30 | Write [01 Bytes] | 82 |
| 30 | Read [04 Bytes] | C8 80 00 05 |
| 30 | Write [01 Bytes] | 80 |
| 30 | Read [ 05 Bytes] | 80 00 00 0C EC |
| 30 | Write [01 Bytes] | 82 |
| 30 | Read [ 04 Bytes] | 48 80 00 0A |
| 30 | Write [01 Bytes] | 80 |
| 30 | Read [ 10 Bytes] | 00 00 05 00 00 00 00 00 14 87 |
| 30 | Write [06 Bytes] | 80 80 00 00 0C EC |
10.1.3 Read Coprocessor UID
The Coprocessor UID contains the OPTIGA™ Trust M unique ID and the build information details. The GetDataObject command is used to read the Coprocessor UID information.
Table 27: Read Coprocessor UID
| I2C_ADDR | Transaction Type | Data [values in hexadecimal] |
|---|---|---|
| 30 | Write [ 17 Bytes] | 80 04 00 0B 00 01 00 00 06 E0 C2 00 00 00 64 F0 9F |
| 30 | Write [01 Bytes] | 82 |
| 30 | Read [ 04 Bytes] | 48 80 00 25 |
| 30 | Write [01 Bytes] | 80 |
| 30 | Read [37 Bytes] | 05 00 20 00 00 00 00 00 1B CD XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX YY YY ZZ ZZ |
| 30 | Write [06 Bytes] | 80 81 00 00 56 30 |
Notes:
- XX is the unique ID part of the co-processor UID.
- "YY YY" is the OPTIGA™ Trust M build number in BCD (Binary Coded Decimal) format.
- ZZ ZZ is the checksum of the transaction.
Appendix C – Power Management
When operating, the power consumption of OPTIGA™ Trust M is limited to meet the requirements regarding the power limitation set by the Host. The power limitation is implemented by utilizing the current limitation feature of the underlying hardware device in steps of 1mA from 6mA to 15 mA with a precision of ±5%.
11.1 Hibernation
This maximizes power saving (zero power consumption¹), while the I2C bus stays connected. In this case OPTIGA™ Trust M saves the application context before power-off (switching off Vcc) and restores it after power-up. After power-up the application continues seamlessly from the state before hibernate.
11.1.1 Software adaption for Hibernate circuit with single MOSFET
Update the ifx_i2c.c file functions with the following change.
- Call pal_gpio_set_low (p_ifx_i2c_context->p_slave_vdd_pin), to set the Vdd pin to High,
- Call pal_gpio_set_high (p_ifx_i2c_context->p_slave_vdd_pin), to set the Vdd pin to Low.
[Code Snippet: C code demonstrating the update of ifx_i2c.c file for hibernate functionality.]
¹ Leakage current < 2.5µA only
11.2 Low Power Sleep Mode
The OPTIGA™ Trust M automatically enters a low-power mode after a configurable delay. Once it has entered Sleep mode, the OPTIGA™ Trust M resumes normal operation as soon as its address is detected on the I2C bus. In case no command is sent to the OPTIGA™ Trust M it behaves as shown in Figure 12.
- As soon as the OPTIGA™ Trust M is idle it starts to count down the “delay to sleep" time (tSDY).
- In case this time elapses the device enters the “go to sleep" procedure.
- The "go to sleep” procedure waits until all idle tasks are finished (e.g. counting down the SEC). In case all idle tasks are finished and no command is pending, the OPTIGA™ Trust M enters sleep mode.
[Diagram: A diagram illustrating the go-to-sleep process for OPTIGA™ Trust M. It shows VCC, I2C bus activity, and Power State transitions from operational to idle, then to sleep, with time delays indicated.]
Revision history
Revision history
| Document version | Date of release | Description of changes |
|---|---|---|
| 3.40 | 2022-06-21 | Section 1.5 updated, Section 6 removed |
| 3.30 | 2021-08-17 | Section 6.4, 6.5 and12 updated for pal_ifx_i2c_context structure changes and ifx_i2c_init bug fix. |
| 3.20 | 2020-10-20 | Fixed internal review comments and released for Production |
| 3.15 | 2020-10-12 | Section 3.1 Hibernate circuit diagram updated for single MOSFET option and direct GPIO as power option. |
| 3.10 | 2020-09-24 | Release to Production release |
| 3.00 | 2020-06-29 | Fixed internal review comments |
| 0.70 | 2020-05-27 | Initial version update for ES Release |
