1. OPTIGA™ Trust management¶

Users allowed to read or sometimes change the following properties of the chip

Here are some code example using the API

import optigatrust as optiga

chip = optiga.Chip()

pkey, _ = crypto.generate_pair(key_object=csr_key_obj, curve=ki)

chip.current_limit = 15 # allowed are from 6 to 15
chip.sleep_activation_delay = 255 # allowed are from 0 to 255
# This might affect your chip, and even lock it, so please make sure you know what you do
# chip.global_lifecycle_state = 'operational'
# This is only OPTIGA Trust M3 applicable
# Disable the security monitor
chip.config_security_monitor(t_max=0)

print('New state for parameters')
print('Current limit : {0}'.format(chip.current_limit))
print('Sleep Activation Delay : {0}'.format(chip.sleep_activation_delay))
print('Coprocessor Unique ID : {0}'.format(chip.uid))
print('Global Lifecycle State (LcsG) : {0}'.format(chip.global_lifecycle_state))
print('Security Status : {0}'.format(chip.security_status))
print('Security Event Counter Value : {0}'.format(chip.security_event_counter))

class optigatrust.Chip¶

A class used to represent the whole OPTIGA Trust Chip

config_security_monitor(t_max=5, max_sec_credit=5, delayed_sec_sync=1)¶

This property allows to configure the security monitor configuration for your chip.

Note

Only OPTIGA™ Trust M3 relevant

Warning

Changing the following settings should be carefully evaluated as this might lead to security risks

Parameters

• t_max – Chip allows to perform one protected operation per t_max. If more performed, internal SECcredit and afterwards SECcounter are increased until saturation. In the end the chip starts inducing delays of t_max between crypto operations t_max = 0 disables Security Monitor

• max_sec_credit – The maximum SECcredit that can be achieved

• delayed_sec_sync – If there are multiple security events with in t_max due to use case demand, the number of NVM write operations can be avoided by configuring this count appropriately

property current_limit¶

This property allows to get or set the current limitation of the chip. Allowed range is from 6 to 15 (mA)

property global_lifecycle_state¶

This property allows to get or set the global lifecycle state for your chip. Should be one of optigatrust.lifecycle_states

property security_event_counter¶

This property allows to get the security event counter for your chip.

property security_monitor¶

This property allows to get the security monitor configuration for your chip.

Note

Only OPTIGA™ Trust M3 relevant

property security_status¶

This property allows to get the security status for your chip.

property sleep_activation_delay¶

This property allows to get or set the sleep activation delay for your chip. Should be from 1 to 255. (time the chip should wait after all operations are finished before going to sleep)

property uid¶

This property allows to get a Coprocessor Unique ID. It will be returned as a namedtuple class. Example

UID(cim_id='cd', platform_id='16', model_id='33', rommask_id='9301', chip_type='001c00050000',
    batch_num='0a09a413000a', x_coord='007d', y_coord='003b', fw_id='80101071', fw_build='2440')