Infineon OPTIGA™ Trust M Board - Review

Table of contents

RoadTest: Infineon OPTIGA™ Trust M Board

Author: redcharly

Creation date:

Evaluation Type: Development Boards & Tools

Did you receive all parts the manufacturer stated would be included in the package?: True

What other parts do you consider comparable to this product?:

What were the biggest problems encountered?:

Detailed Review:

 

Introduction

This is the first Infineon kit I used and therefore I first had to prepare on my PC the software environment necessary for the development using the kit.

Optiga Trust M is a high-end security controller optimized for connected devices. It provides extremely flexible, high-performance, secured access to any major cloud provider for industrial and building automation, smart home, and consumer applications thanks to pre-personalized certificates.

OPTIGA™ Trust M gives every IoT device its own identity. Certificates and key pairs are securely stored in OPTIGA™ Trust M from the very beginning, with key pairs securely injected in Infineon’s secured factory.

Optiga Trust M uses MIT licensed software so we have an Open source advantage. Host software and documentation are available on GitHub link: github.com/Infineon/optiga-trust-m.

 

 

Unpacking

The kit arrived by courier in a few days and with a well-made packaging. Already at the opening of the package I could see how the card is really excellent invoices.

Every detail is extremely accurate and all the parts are present.

 

{gallery} Unpacking

image

image

image

image

 

 

 

Starting with the kit: hardware setup

This section explains the basic components required for the system setup.

 

image

This system consists of the following components:

  1. XMC4800 IoT Connectivity Kit v1.0 from
    • The XMC4800 IoT Connectivity Kit is an evaluation board with XMC4800 Microcontroller from Infineon.
    • It can connect to a WiFi access point using WiFi ESP click module.
    • It is used as a reference platform to simulate the Host.
    • It interacts with secure element via I2C.
  2. My IoT Adapter
    • It acts as a gateway to add Shield2Go boards onto XMC4800 IoT Connectivity Kit V1.0.
  3. OPTIGA™ Trust M Security Shield2Go
    • Shield2Go board contains OPTIGA™ Trust M chip. It is compatible with Arduino Uno along with Infineon’s My IoT adapter.

 

Starting with the kit: software installation

The first thing I did was take a look at the KIt documentation.

I started from the link: https://github.com/Infineon/optiga-trust-m where there is a lot of information about the product and I installed the software that is necessary for the development of the applications.

 

I then installed Segger J-Link tool for flashing software on XMC from the link: https://www.segger.com/downloads/jlink/#J-LinkSoftwareAndDocumentationPack.

The installation was a breeze and I then moved on to installing the DAVE software, optional but required for debugging, which can be downloaded from Infineon website.

 

I already had both Teraterm and Putty on my PC and so I switched to downloading the repository.

 

 

 

 

The first test done on the kit was to use the Segger J-Link tool. From the github repository, the "xmc4800_optiga_example.hex" file is extracted and used to program the XMC4800 card.

The kit is equipped with two micro USB connectors; to program the device with the hex file we need to use micro USB port x101. The flashing of the card takes a few seconds and from that moment the card is ready.

The second step is to connect another cable to the micro USB port of the card to be able to connect to the board using a software terminal. I used both Putty and Teraterm, with perfectly equal results.

The connection parameters are:

  • speed = 9600 baud
  • Data bits = 8
  • Stop Bits = 1
  • Parity None
  • Flow Control XON / XOFF

Once connected, the terminal displays the text "press any key to start example demonstration".

The logs of the example execution are displayed along with status of each example as Passed or Failed

 

 

 

{gallery} Quickstart

image

image

image

image

 

 

Available commands

  • optiga --selftest - run all tests at once with performance output
  • optiga --init - initialize optiga
  • optiga --deinit - de-initialize optiga
  • optiga --readdata - read data
  • optiga --writedata - write data
  • optiga --bind - binding host with optiga
  • optiga --hibernate - hibernate and restore
  • optiga --counter - update counter
  • optiga --protected - protected update
  • optiga --hash - hashing of data
  • optiga --prf - tls prf sha256
  • optiga --random - random number generation
  • optiga --ecckeygen - ecc key pair generation
  • optiga --ecdsasign - ecdsa sign
  • optiga --ecdsaverify - ecdsa sign and verify signature
  • optiga --ecdh - ecc diffie hellman
  • optiga --rsakeygen - rsa key pair generation
  • optiga --rsasign - rsa sign
  • optiga --rsaverify - rsa sign and verify signature
  • optiga --rsaencmsg - rsa encrypt message
  • optiga --rsaencsession- rsa encrypt session
  • optiga --rsadecstore - rsa decrypt and store data on chip
  • optiga --rsaencexp - rsa decrypt and export data

 

In the test done, after typing the command "optiga --selftest", all the tests were performed correctly. The user can test the single commands in the CLI and obtain both the message of successful execution and the time taken to carry out the operation.

 

 

 

Using DAVE IDE

 

Obviously having a Hex file and flashing it on the card is one thing, creating your own application is a very different thing. For this reason I have installed the DAVE IDE.

Again, installation was quick and hassle-free. The guide is here: https://github.com/Infineon/getstarted-optiga-trust-m/wiki/Get-Started-with-OPTIGA%E2%84%A2-Trust-M-Evaluation-Kit .

Dave is a free Eclipse based code development platform/IDE, offering code repository, graphical system design methods, and automatic code generator to guide Infineon XMC microcontroller user along the entire process - from evaluation to production.

The procedure for running the example code, the same one from which the Hex file used in the first test with Sagger J-Link was obtained, is quite simple if you are familiar with the Eclipse environment.

First you must obviously connect the card to the PC. We will use the x101 micro USB port to configure the kit.

We will need to import the example application project into DAVE IDE. It is found from the File -> Import menu, selecting Existing Projects into Workspace under General and then click Next. The project is in the <INSTALLDIR>\xmc4800_iot_kit\dave4 folder and its name is: xmc4800_optiga_example.

The newly selected project must then be set as an active project by choosing Set Active Project from the menu.

 

At this point you can debug the project which will be done in a few seconds and without any errors.

With debugging enabled, the environment offers dozens of different windows from which you can evaluate multiple aspects of code execution. In addition to the typical debug view, from which it is possible to execute programs step by step, set breakpoints, evaluate variables during execution, etc., there are other views, such as the one relating to the files that make up the project.

 

image

 

image

 

Just this view is impressive for the number of files involved in running the default Optiga example. Obviously, as it was created, this example performs one by one the full potential of the Optiga card so it is understandable to find yourself with dozens and dozens of files.

The information obtained by default is the same as the version sent in execution with J-link, that is, by launching the individual modules or the entire self-test, you only have the confirmation of the operation but without any output. Of course if I want to try the 32-byte random function I would like to see the generated string, just as I would like to see the public and private RSA keys generated by the card or a hash calculated starting from data assigned by the user, instead the execution is very sparse and does not allow any user interaction.

If you want to see something more, you can act as described on ( https://github.com/Infineon/getstarted-optiga-trust-m/wiki/Get-Started-with-OPTIGA%E2%84%A2-Trust-M-Evaluation-Kit )  in the Logger Control paragraph and act on the file optiga_lib_config.hby removing some comments in order to finally make the logs of the operations made

  • OPTIGA_LIB_ENABLE_UTIL_LOGGING
  • OPTIGA_LIB_ENABLE_CRYPT_LOGGING
  • OPTIGA_LIB_ENABLE_CMD_LOGGING
  • OPTIGA_LIB_ENABLE_COMMS_LOGGING

 

By doing so, it will be possible to see the operations carried out by the Optiga Trust M board and to better evaluate its characteristics.

 

{gallery} Putty output

image

image

image

 

 

Conclusions

 

So far so good but I'd like to use the card for something else, make the most of its potential.

The software is of the highest quality and is written with great skill but it becomes difficult to read and understand quickly. I spent several evenings (and nights) playing with the card, DAVE and Putty in order to get as comfortable with the card as possible.

I have seen many materials on the internet describing the kit or, in particular, the OPTIGA ™ Trust M Board but they all contained the same poor information.

After many days of useless research I thought I'd try the board using it in an Arduino environment. In fact, I found a tutorial by Infineon that describes how to use the Trust M board with Arduino (https://github.com/Infineon/arduino-optiga-trust-m) and another tutorial on using the board via CLI (https : //github.com/Infineon/cli-optiga-trust-m). The temptation to disconnect the Optiga Trust from the XMC4800 IoT Connectivity Kit and use it alone was strong but having such a card in my hands and not being able to use it forced me to continue fighting to be able to use the complete kit.

 

In particular, I was looking for some code examples that would allow me to start exploring the kit starting from simple examples and continuing with more and more complex examples. Unfortunately I have not found many examples on the net. I hope that Infineon will soon share more information with users and above all a greater number of examples made with this card.

 

 

Next step

 

The Infineon kit is truly a remarkable product. It requires a very large study time but the time taken to understand and study this technology is time well spent as it is a card that, in addition to the symmetrical and asymmetrical encryption ensured by the Optiga card, has a WiFi ESP Click card, has the EtherCAT technology and full compatibility with Arduino, in short, it would be the ideal board to use for any type of application.

However, it would be necessary to create practical examples with which a novice could start programming the card without excessive complications, for example a generator of random numbers of fixed length, a hash encoder, and then gradually move on to symmetric and asymmetrical encryption.

 

 

 

 

 

 

 

 

 

 

 

 

k

Anonymous