OPTIGA™ Trust management
Users allowed to read or sometimes change the following properties of the chip
Here are some code example using the API
import optigatrust as optiga
chip = optiga.Chip()
chip.current_limit = 15 # allowed are from 6 to 15
chip.sleep_activation_delay = 255 # allowed are from 0 to 255
# This might affect your chip, and even lock it, so please make sure you know what you do
# chip.global_lifecycle_state = 'operational'
# This is only OPTIGA Trust M3 applicable
# Disable the security monitor
chip.config_security_monitor(t_max=0)
print('New state for parameters')
print('Current limit : {0}'.format(chip.current_limit))
print('Sleep Activation Delay : {0}'.format(chip.sleep_activation_delay))
print('Coprocessor Unique ID : {0}'.format(chip.uid))
print('Global Lifecycle State (LcsG) : {0}'.format(chip.global_lifecycle_state))
print('Security Status : {0}'.format(chip.security_status))
print('Security Event Counter Value : {0}'.format(chip.security_event_counter))
- class optigatrust.Chip
A class used to represent the whole OPTIGA Trust Chip
- config_security_monitor(t_max=5, max_sec_credit=5, delayed_sec_sync=1)
This property allows to configure the security monitor configuration for your chip.
Note
Only OPTIGA™ Trust M3 relevant
Warning
Changing the following settings should be carefully evaluated as this might lead to security risks
- Parameters:
t_max – Chip allows to perform one protected operation per t_max. If more performed, internal SECcredit and afterwards SECcounter are increased until saturation. In the end the chip starts inducing delays of t_max between crypto operations t_max = 0 disables Security Monitor
max_sec_credit – The maximum SECcredit that can be achieved
delayed_sec_sync – If there are multiple security events with in t_max due to use case demand, the number of NVM write operations can be avoided by configuring this count appropriately
- property current_limit
This property allows to get or set the current limitation of the chip. Allowed range is from 6 to 15 (mA)
- property global_lifecycle_state
This property allows to get or set the global lifecycle state for your chip. Should be one of
optigatrust.lifecycle_states
- property security_event_counter
This property allows to get the security event counter for your chip.
- property security_monitor
This property allows to get the security monitor configuration for your chip.
Note
Only OPTIGA™ Trust M3 relevant
- property security_status
This property allows to get the security status for your chip.
- property sleep_activation_delay
This property allows to get or set the sleep activation delay for your chip. Should be from 1 to 255. (time the chip should wait after all operations are finished before going to sleep)
- property uid
This property allows to get a Coprocessor Unique ID. It will be returned as a namedtuple class. Example
UID(cim_id='cd', platform_id='16', model_id='33', rommask_id='9301', chip_type='001c00050000', batch_num='0a09a413000a', x_coord='007d', y_coord='003b', fw_id='80101071', fw_build='2440')