RoadTest: Infineon OPTIGA™ Trust M Board
Author: redcharly
Creation date:
Evaluation Type: Development Boards & Tools
Did you receive all parts the manufacturer stated would be included in the package?: True
What other parts do you consider comparable to this product?:
What were the biggest problems encountered?:
Detailed Review:
This is the first Infineon kit I used and therefore I first had to prepare on my PC the software environment necessary for the development using the kit.
Optiga Trust M is a high-end security controller optimized for connected devices. It provides extremely flexible, high-performance, secured access to any major cloud provider for industrial and building automation, smart home, and consumer applications thanks to pre-personalized certificates.
OPTIGA™ Trust M gives every IoT device its own identity. Certificates and key pairs are securely stored in OPTIGA™ Trust M from the very beginning, with key pairs securely injected in Infineon’s secured factory.
Optiga Trust M uses MIT licensed software so we have an Open source advantage. Host software and documentation are available on GitHub link: github.com/Infineon/optiga-trust-m.
The kit arrived by courier in a few days and with a well-made packaging. Already at the opening of the package I could see how the card is really excellent invoices.
Every detail is extremely accurate and all the parts are present.
{gallery} Unpacking |
---|
Starting with the kit: hardware setup
This section explains the basic components required for the system setup.
This system consists of the following components:
The first thing I did was take a look at the KIt documentation.
I started from the link: https://github.com/Infineon/optiga-trust-m where there is a lot of information about the product and I installed the software that is necessary for the development of the applications.
I then installed Segger J-Link tool for flashing software on XMC from the link: https://www.segger.com/downloads/jlink/#J-LinkSoftwareAndDocumentationPack.
The installation was a breeze and I then moved on to installing the DAVE software, optional but required for debugging, which can be downloaded from Infineon website.
I already had both Teraterm and Putty on my PC and so I switched to downloading the repository.
The first test done on the kit was to use the Segger J-Link tool. From the github repository, the "xmc4800_optiga_example.hex" file is extracted and used to program the XMC4800 card.
The kit is equipped with two micro USB connectors; to program the device with the hex file we need to use micro USB port x101. The flashing of the card takes a few seconds and from that moment the card is ready.
The second step is to connect another cable to the micro USB port of the card to be able to connect to the board using a software terminal. I used both Putty and Teraterm, with perfectly equal results.
The connection parameters are:
Once connected, the terminal displays the text "press any key to start example demonstration".
The logs of the example execution are displayed along with status of each example as Passed or Failed
{gallery} Quickstart |
---|
optiga --selftest
- run all tests at once with performance outputoptiga --init
- initialize optigaoptiga --deinit
- de-initialize optigaoptiga --readdata
- read dataoptiga --writedata
- write dataoptiga --bind
- binding host with optigaoptiga --hibernate
- hibernate and restoreoptiga --counter
- update counteroptiga --protected
- protected updateoptiga --hash
- hashing of dataoptiga --prf
- tls prf sha256optiga --random
- random number generationoptiga --ecckeygen
- ecc key pair generationoptiga --ecdsasign
- ecdsa signoptiga --ecdsaverify
- ecdsa sign and verify signatureoptiga --ecdh
- ecc diffie hellmanoptiga --rsakeygen
- rsa key pair generationoptiga --rsasign
- rsa signoptiga --rsaverify
- rsa sign and verify signatureoptiga --rsaencmsg
- rsa encrypt messageoptiga --rsaencsession
- rsa encrypt sessionoptiga --rsadecstore
- rsa decrypt and store data on chipoptiga --rsaencexp
- rsa decrypt and export data
In the test done, after typing the command "optiga --selftest", all the tests were performed correctly. The user can test the single commands in the CLI and obtain both the message of successful execution and the time taken to carry out the operation.
Obviously having a Hex file and flashing it on the card is one thing, creating your own application is a very different thing. For this reason I have installed the DAVE IDE.
Again, installation was quick and hassle-free. The guide is here: https://github.com/Infineon/getstarted-optiga-trust-m/wiki/Get-Started-with-OPTIGA%E2%84%A2-Trust-M-Evaluation-Kit .
Dave is a free Eclipse based code development platform/IDE, offering code repository, graphical system design methods, and automatic code generator to guide Infineon XMC microcontroller user along the entire process - from evaluation to production.
The procedure for running the example code, the same one from which the Hex file used in the first test with Sagger J-Link was obtained, is quite simple if you are familiar with the Eclipse environment.
First you must obviously connect the card to the PC. We will use the x101 micro USB port to configure the kit.
We will need to import the example application project into DAVE IDE. It is found from the File -> Import menu, selecting Existing Projects into Workspace under General and then click Next. The project is in the <INSTALLDIR>\xmc4800_iot_kit\dave4 folder and its name is: xmc4800_optiga_example.
The newly selected project must then be set as an active project by choosing Set Active Project from the menu.
At this point you can debug the project which will be done in a few seconds and without any errors.
With debugging enabled, the environment offers dozens of different windows from which you can evaluate multiple aspects of code execution. In addition to the typical debug view, from which it is possible to execute programs step by step, set breakpoints, evaluate variables during execution, etc., there are other views, such as the one relating to the files that make up the project.
Just this view is impressive for the number of files involved in running the default Optiga example. Obviously, as it was created, this example performs one by one the full potential of the Optiga card so it is understandable to find yourself with dozens and dozens of files.
The information obtained by default is the same as the version sent in execution with J-link, that is, by launching the individual modules or the entire self-test, you only have the confirmation of the operation but without any output. Of course if I want to try the 32-byte random function I would like to see the generated string, just as I would like to see the public and private RSA keys generated by the card or a hash calculated starting from data assigned by the user, instead the execution is very sparse and does not allow any user interaction.
If you want to see something more, you can act as described on ( https://github.com/Infineon/getstarted-optiga-trust-m/wiki/Get-Started-with-OPTIGA%E2%84%A2-Trust-M-Evaluation-Kit ) in the Logger Control paragraph and act on the file optiga_lib_config.h
by removing some comments in order to finally make the logs of the operations made
By doing so, it will be possible to see the operations carried out by the Optiga Trust M board and to better evaluate its characteristics.
{gallery} Putty output |
---|
So far so good but I'd like to use the card for something else, make the most of its potential.
The software is of the highest quality and is written with great skill but it becomes difficult to read and understand quickly. I spent several evenings (and nights) playing with the card, DAVE and Putty in order to get as comfortable with the card as possible.
I have seen many materials on the internet describing the kit or, in particular, the OPTIGA ™ Trust M Board but they all contained the same poor information.
After many days of useless research I thought I'd try the board using it in an Arduino environment. In fact, I found a tutorial by Infineon that describes how to use the Trust M board with Arduino (https://github.com/Infineon/arduino-optiga-trust-m) and another tutorial on using the board via CLI (https : //github.com/Infineon/cli-optiga-trust-m). The temptation to disconnect the Optiga Trust from the XMC4800 IoT Connectivity Kit and use it alone was strong but having such a card in my hands and not being able to use it forced me to continue fighting to be able to use the complete kit.
In particular, I was looking for some code examples that would allow me to start exploring the kit starting from simple examples and continuing with more and more complex examples. Unfortunately I have not found many examples on the net. I hope that Infineon will soon share more information with users and above all a greater number of examples made with this card.
The Infineon kit is truly a remarkable product. It requires a very large study time but the time taken to understand and study this technology is time well spent as it is a card that, in addition to the symmetrical and asymmetrical encryption ensured by the Optiga card, has a WiFi ESP Click card, has the EtherCAT technology and full compatibility with Arduino, in short, it would be the ideal board to use for any type of application.
However, it would be necessary to create practical examples with which a novice could start programming the card without excessive complications, for example a generator of random numbers of fixed length, a hash encoder, and then gradually move on to symmetric and asymmetrical encryption.
k
Top Comments
Of course, when I applied for the roadtest I had in mind to encrypt communication in a WiFi network, so the kit is perfect for my project but it requires a lot of study and test, it's not like an Arduino…
No I have not seen the kit before or used any of those other Infineon products.
DAB