1. OPTIGA™ Trust management¶
Users allowed to read or sometimes change the following properties of the chip
Here are some code example using the API
import optigatrust as optiga
chip = optiga.Chip()
pkey, _ = crypto.generate_pair(key_object=csr_key_obj, curve=ki)
chip.current_limit = 15 # allowed are from 6 to 15
chip.sleep_activation_delay = 255 # allowed are from 0 to 255
# This might affect your chip, and even lock it, so please make sure you know what you do
# chip.global_lifecycle_state = 'operational'
# This is only OPTIGA Trust M3 applicable
# Disable the security monitor
chip.config_security_monitor(t_max=0)
print('New state for parameters')
print('Current limit : {0}'.format(chip.current_limit))
print('Sleep Activation Delay : {0}'.format(chip.sleep_activation_delay))
print('Coprocessor Unique ID : {0}'.format(chip.uid))
print('Global Lifecycle State (LcsG) : {0}'.format(chip.global_lifecycle_state))
print('Security Status : {0}'.format(chip.security_status))
print('Security Event Counter Value : {0}'.format(chip.security_event_counter))
-
class
optigatrust.
Chip
¶ A class used to represent the whole OPTIGA Trust Chip
-
config_security_monitor
(t_max=5, max_sec_credit=5, delayed_sec_sync=1)¶ This property allows to configure the security monitor configuration for your chip.
Note
Only OPTIGA™ Trust M3 relevant
Warning
Changing the following settings should be carefully evaluated as this might lead to security risks
- Parameters
t_max – Chip allows to perform one protected operation per t_max. If more performed, internal SECcredit and afterwards SECcounter are increased until saturation. In the end the chip starts inducing delays of t_max between crypto operations t_max = 0 disables Security Monitor
max_sec_credit – The maximum SECcredit that can be achieved
delayed_sec_sync – If there are multiple security events with in t_max due to use case demand, the number of NVM write operations can be avoided by configuring this count appropriately
-
property
current_limit
¶ This property allows to get or set the current limitation of the chip. Allowed range is from 6 to 15 (mA)
-
property
global_lifecycle_state
¶ This property allows to get or set the global lifecycle state for your chip. Should be one of
optigatrust.lifecycle_states
-
property
security_event_counter
¶ This property allows to get the security event counter for your chip.
-
property
security_monitor
¶ This property allows to get the security monitor configuration for your chip.
Note
Only OPTIGA™ Trust M3 relevant
-
property
security_status
¶ This property allows to get the security status for your chip.
-
property
sleep_activation_delay
¶ This property allows to get or set the sleep activation delay for your chip. Should be from 1 to 255. (time the chip should wait after all operations are finished before going to sleep)
-
property
uid
¶ This property allows to get a Coprocessor Unique ID. It will be returned as a namedtuple class. Example
UID(cim_id='cd', platform_id='16', model_id='33', rommask_id='9301', chip_type='001c00050000', batch_num='0a09a413000a', x_coord='007d', y_coord='003b', fw_id='80101071', fw_build='2440')
-