OPTIGA TRUST M EXPRESS [INFINEON]
OPTIGA™ Trust M Express offers rock-solid security for IoT devices every step of the way from manufacturing through cloud onboarding to field deployment.;型号: | OPTIGA TRUST M EXPRESS |
厂家: | Infineon |
描述: | OPTIGA™ Trust M Express offers rock-solid security for IoT devices every step of the way from manufacturing through cloud onboarding to field deployment. |
文件: | 总38页 (文件大小:870K) |
中文: | 中文翻译 | 下载: | 下载PDF数据表文档文件 |
SLS 32AIA010MH/S/K/L
OPTIGA™ Trust M
Key Features
•
•
•
•
•
•
•
•
High-end security controller
Common Criteria Certified EAL6+ (high) hardware
Turnkey solution
Up to 10kB user memory
PG-USON-10-2,-4 package (3 x 3 mm)
Standard & Extended temperature ranges
I2C interface with Shielded Connection (encrypted communicatio
Cryptographic support:
o
o
o
o
ECC : NIST curves up to P-521, Brainpool r1 curve up to 512,
RSA® up to 2048,
AES key up to 256 , HMAC up to SHA512,
TLS v1.2 PRF and HKDF up to SHA512
•
•
•
•
•
•
OPTIGA™ Trust M Software Framework on Github - https://github.com/Infineon/optiga-trust-m
Crypto ToolBox commands for SHA-256, ECC and RSA® Feature, AES, HMAC and Key derivation
Configurable device security monitor, 4 Monotonic up counters
Protected(integrity and confidentiality) update of data, key and metadata objects
Hibernate for zero power consumption1
Lifetime for Industrial Automation and Infrastructure is 20 years and 15 years for other Application Profiles
Benefits
•
•
•
Protection of IP and data
Protection of business case and corporate image
Safeguarding of quality and safety
Applications
•
•
•
Industrial control and building automation
Consumer electronics and Smart Home
Drones
About this document
Scope and purpose
This Datasheet provides information to enable integration of a security device, and includes package,
connectivity and technical data.
Intended audience
This Datasheet is intended for device integrators and board manufacturers.
1 Leakage current < 2.5µA only
Datasheet
www.infineon.com
Please read the Important Notice and Warnings at the end of this document
1
Revision 3.40
2022-06-21
OPTIGA™ Trust M
Table of Contents
Table of Contents
About this document....................................................................................................................... 1
Table of Contents ........................................................................................................................... 2
1
Introduction .......................................................................................................................... 3
Broad range of benefits...........................................................................................................................3
Enhanced security...................................................................................................................................3
Fast and easy integration........................................................................................................................3
Applications.............................................................................................................................................3
Device Features .......................................................................................................................................3
1.1
1.2
1.3
1.4
1.5
2
System Block Diagram ............................................................................................................ 7
3
Interface and Schematics........................................................................................................ 9
3.1
System Integration Schematics with Hibernation support...................................................................9
4
4.1
4.2
Description of packages .........................................................................................................12
PG-USON-10-2,-4 ...................................................................................................................................12
Production sample marking pattern ....................................................................................................13
5
5.1
5.1.1
5.1.2
5.1.3
Technical Data ......................................................................................................................15
I2C Interface Characteristics.................................................................................................................15
I2C Standard/Fast Mode Interface Characteristics .........................................................................15
I2C Fast Mode Plus Interface Characteristics ..................................................................................16
Electrical Characteristics .................................................................................................................17
5.1.3.1
5.1.3.2
5.1.4
5.1.4.1
5.1.4.2
DC Electrical Characteristics.......................................................................................................17
AC Electrical Characteristics.......................................................................................................17
Start-Up of I2C Interface ..................................................................................................................18
Startup after Power-On ..............................................................................................................18
Startup for Warm Resets.............................................................................................................19
6
6.1
6.2
OPTIGA™ Trust M External Interface ........................................................................................21
Commands ............................................................................................................................................21
Crypto Performance..............................................................................................................................22
7
7.1
7.2
Security Monitor ...................................................................................................................24
Security Events......................................................................................................................................24
Security Policy.......................................................................................................................................24
8
RoHS Compliance..................................................................................................................25
9
Appendix A – Infineon I2C Protocol Registry Map ......................................................................26
9.1
Infineon I2C Protocol Variations...........................................................................................................28
10
10.1
10.1.1
10.1.2
10.1.3
Appendix B - OPTIGA™ Trust M Command/Response I2C Sample Logs .........................................30
Sequence of commands to read Coprocessor UID from OPTIGA™ Trust M ........................................30
Check the status [I2C_STATE]..........................................................................................................30
Issue OpenApplication command ...................................................................................................30
Read Coprocessor UID .....................................................................................................................31
11
Appendix C – Power Management ...........................................................................................32
Hibernation............................................................................................................................................32
Software adaption for Hibernate circuit with single MOSFET........................................................32
Low Power Sleep Mode .........................................................................................................................35
11.1
11.1.1
11.2
Revision history.............................................................................................................................37
Datasheet
2
Revision 3.40
2022-06-21
Introduction
1
Introduction
As embedded systems (e.g. IoT devices) are increasingly gaining the attention of attackers, Infineon offers the
OPTIGA™ Trust M as a turnkey security solution for industrial automation systems, smart homes, consumer
devices and medical devices. This high-end security controller comes with full system integration support for
easy and cost-effective deployment of high-end security for your assets.
1.1
Broad range of benefits
Integrated into your device, the OPTIGA™ Trust M supports protection of your brand and business case,
differentiates your product from your competitors, and adds value to your product, making it stronger against
cyberattacks.
1.2
Enhanced security
The OPTIGA™ Trust M is based on an advanced security controller with built-in tamper proof NVM for secure
storage and Symmetric/Asymmetric crypto engines to support ECC NIST curves up to P-521, ECC Brainpool curve
up to P-512, RSA® up to 2048, AES key up to 256, HMAC up to SHA512, HKDF up to SHA512 and SHA-256. This new
security technology greatly enhances your overall system security.
1.3
Fast and easy integration
The turnkey setup – with full system integration and all key/certificate material preprogrammed – reduces your
efforts for design, integration and deployment to a minimum. As a turnkey solution, the OPTIGA™ Trust M comes
with preprogrammed OS/Application code locked and with host-side modules to integrate with host micro
controller software. The temperature range of −40°C to +105°C combined with a standardized I2C interface and
the small PG-USON-10-2,-4 footprints will facilitate onboarding in your existing ecosystem. Almost 30 years in a
market-leading position with nearly 20 billion security controllers shipped worldwide are the results of Infineon's
strong expertise and its commitment to make security a success factor for you.
1.4
Applications
The OPTIGA™ Trust M covers a broad range of use cases necessary for many types of applications that include
the following:
a) Network node protection using Mutual Authentication such as TLS or DTLS
b) Protect the Authenticity, Integrity and Confidentiality of your product, data and IP
c) Secure Communication
d) Datastore Protection
e) Lifecycle Management
f) Platform Integrity Protection
g) Secure Updates
1.5
Device Features
The OPTIGA™ Trust M comes with up to 10kB of user memory that can be used to store X.509 certificates and
data. OPTIGA™ Trust M is based on Common Criteria (CC) Certified EAL6+ (high) hardware enabling it to prevent
physical attacks on the device itself and providing high assurance that the keys or arbitrary data stored cannot
be accessed by an unauthorized entity. The CC certificate can be found at www.bsi.bund.de by searching for BSI-
Datasheet
3
Revision 3.40
2022-06-21
Introduction
DSZ-CC-0961 (Hardware Identifier IFX_CCI_00000Bh) and referring to the latest CC certificate. OPTIGA™ Trust M
supports a highspeed I2C communication interface of up to 1MHz (FM+).
Table 1
Products for V1
Temperature range
Sales Code
Package
PG-USON- Embedded security XMC4800 IoT Connectivity
Extended Temperature 10-2,-4 solution for Kit connected to the
Range (ETR) connected devices OPTIGA™ Trust
to
OPTIGA™ Trust M −25°C to +85°C
Standard Temperature
Description
Evaluation Kit
OPTIGA™ Trust M −40°C to +105°C
SLS 32AIA010MH
M
connect to the outside
world
PG-USON-
10-2,-4
SLS 32AIA010MS
Range (STR)
Table 2
Products for V3
Sales Code
Temperature range
Package
Description
Evaluation Kit
OPTIGA™ Trust M −40°C to +105°C
Extended Temperature 10-2,-4
Range (ETR)
OPTIGA™ Trust M −25°C to +85°C
SLS 32AIA010MK
Standard Temperature
Range (STR)
PG-USON- Embedded security XMC4800 IoT Connectivity
solution for Kit connected to the
connected devices OPTIGA™ Trust
to
SLS 32AIA010ML
M
connect to the outside
world.
PG-USON-
10-2,-4
Infineon and its distribution partners offer a wide range of customization options (e.g. X.509 certificate
generation and key provisioning) for the security chip. For details on offered solutions (like OPTIGA™ Trust M
Express), selection guide and orders, please see the following page:
https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-
solutions/optiga-trust/optiga-trust-m-sls32aia/
Datasheet
4
Revision 3.40
2022-06-21
Introduction
Table 3
Features
Features
Supported
Curve/Algorithm
ToolBox commands
V1
V3
✓
ECC NIST P256/384
ECC NIST P521,
Sign, Verify, Key generation,
and ECDH(E)
✓
ECC
Sign, Verify, Key generation,
and ECDH(E)
✓
ECC Brainpool
P256/384/512 r1
RSA® 1024/2048
Sign, Verify, Key generation,
Encrypt and Decrypt
RSA®
✓
✓
✓
✓
✓
✓
TLS v1.2 PRF SHA 256
TLS PRF using SHA 256
TLS v1.2 PRF SHA 384/512
TLS PRF using SHA
256/384/512
Key Derivation
AES
HKDF SHA-256/384/512
Key size - 128/192/256
(ECB, CBC, CBC-MAC,
CMAC)
HKDF using SHA256/384/512
Key generation, Encrypt and
Decrypt
✓
✓
TRNG, DRNG, Pre-Master
secret for RSA® Key
exchange
Generate random
Random
generation
✓
HMAC with
SHA256/384/512
HMAC generation and
Verification
HMAC
Hash
✓
✓
SHA 256
Hash generation
✓
✓
ECC NIST P256/384
RSA® 1024/2048
Signature scheme as
ECDSA FIPS 186-3/RSA SSA
PKCS#1 v1.5 without
hashing
Secure data object update
✓
Protected data
(object) update
(Integrity)
ECC NIST P521,
ECC Brainpool
Secure data object update
P256/384/512 r1
✓
Signature scheme as
ECDSA FIPS 186-3/RSA SSA
PKCS#1 v1.5 without
hashing
ECC NIST P256/384/521
ECC Brainpool
P256/384/512 r1
Secure data/key object update
and metadata update for
Data/key object
Protected
Data/key/metadata
update (Integrity
and/or
RSA® 1024/2048
✓
Signature scheme as
ECDSA FIPS 186-3/RSA SSA
PKCS#1 v1.5 without
hashing
confidentiality)
Datasheet
5
Revision 3.40
2022-06-21
Introduction
Table 4
Abbreviation
AES
Abbreviations
Definition
Advanced Encryption Standard
Application Programming Interface
Brainpool
API
BP
CA
Certification Authority
CC
Common Criteria
DRNG
DTLS
EAL
Deterministic Random Number Generator
Datagram Transport Layer Security
Evaluation Assurance Level
Electronic Code Book
ECB
ECC
Elliptic Curve Cryptography
Elliptic Curve Diffie Hellman
Elliptic Curve Digital Signature Algorithm
Extended Temperature Range
Cipher block chaining
ECDH
ECDSA
ETR
CBC
CBC-MAC
CMAC
HKDF
I2C
Cipher block chaining message authentication code
Cipher-based message authentication code
Hash-based key derivation function
Inter-Integrated Circuit
IETF
IFX
Internet Engineering Task Force
Infineon
IOT
Internet of Things
IP
Intellectual Property
NIST
OS
National Institute of Standards and Technology
Operating System
PAL
Platform Abstraction Layer
Public Key Infrastructure
PKI
RFC
Request For Comments
SHA
Secure Hash Algorithm
SKU
Stock Keeping Unit
STR
Standard Temperature Range
Transport Layer Security
TLS
TRNG
USB
HMAC
True Random Number Generator
Universal Serial Bus
Hash based Message Authentication Code
Datasheet
6
Revision 3.40
2022-06-21
System Block Diagram
2
System Block Diagram
The following figure depicts the system block diagram for OPTIGA™ Trust M.
OPTIGA ꢀTrust M
Local Host
Arbitrary Data Objects
Monotonic Counters
Application
(4.5 kB)
(4)
OPTIGA ꢀTrust M Host Library
X.509 certificates
(2 slots)
Trust Anchors
(3 slots)
CRYPT
UTIL
I2C interface
CMD
ECC keys (4 slots)
AES key* ( 1 slot )
RSA keys (2 slots)
Shielded
Connection
COMMS
Platform Binding
Secret (1 slot )
Crypto Functions
Platform Abstraction Layer (PAL)
*It is applicable only for V3
Infineon source code
User implemented
Preloaded by Infineon
Could be preloaded
Figure 1
System Block Diagram
The System Block Diagram is explained below for each layer.
1. Local Host
o
Local Host Application – This is the target application which utilizes OPTIGA™ Trust M for its
security needs
o
OPTIGA™ Trust M Host Library
▪
CRYPT – Provides APIs to perform cryptographic functionalities. Any TLS stack can be
integrated on Local Host as part of 3rd party Crypto Library to offload crypto operations
to OPTIGA™ Trust M.
▪
▪
▪
UTIL – Provides APIs such as read/write, protected update of data, metadata, key objects
and open/close application (e.g. Hibernate)
CMD – Provides APIs to send and receive commands (Section 6) to and from OPTIGA™
Trust M
COMMS – Provides wrapper APIs for communication (optional encrypted communication
using Shielded Connection) with OPTIGA™ Trust M which internally uses Infineon I2C
Protocol (IFX I2C)
o
PAL – A layer that abstracts platform specific drivers (e.g. I2C, Timer, GPIO, platform crypto library
etc.)
2. OPTIGA™ Trust M
o
Arbitrary Data Objects – The target application can store up to 4.5kB (~4600 bytes) of data into
OPTIGA™ Trust M. The data could be additional Trust Anchors, certificates and shared secret.
o
Monotonic Counters - Provides 4 monotonic counting data objects (up counters). These can be
used as general purpose counter or as linked counter to other objects.
For more information, please refer to Solution Reference Manual document available as part of
the package.
o
o
X.509 – Up to 4 X.509 based Certificates can be stored
Keys – Up to 4 ECC , 2 RSA and 1 AES based keys can be stored
Datasheet
7
Revision 3.40
2022-06-21
System Block Diagram
o
o
Secret – 1 Platform binding secret can be stored
Trust Anchors – 3 slots, for Mutual Authentication (TLS/DTLS) and Firmware Updates can be
stored
o
Crypto Functions - OPTIGA™ Trust M provides cryptographic functions that can be invoked via
local host
Note:
Unique AES key, ECC/RSA private keys and X.509 Certificates – During production at Infineon fab,
unique asymmetric keys (private and public) are generated and symmetric key/shared secrets are
provisioned. The public key is signed by customer specific CA and the resulting X.509 certificate
issued is securely stored in the OPTIGA™ Trust M. Special measures are taken to prevent the
leakage and modification of private key/shared secret material at the Common Criteria Certified
production site
Datasheet
8
Revision 3.40
2022-06-21
Interface and Schematics
3
Interface and Schematics
The following figure illustrates how to integrate OPTIGA™ Trust M with your local host.
Figure 2
System Integration Schematic Diagram
Note: The OPTIGA™ Trust M can be integrated with IFX I2C reset option as soft reset (IFX_I2C_SOFT_RESET), or
hardware reset. Value of the pullup resistors depend on the target application circuit and the target I2C
frequency.
3.1
System Integration Schematics with Hibernation support
The following figure illustrates how to integrate OPTIGA™ Trust M with hibernation, with local host GPIO used as
VCC.
Figure 3
System Integration Schematic Diagram with Hiberntion – GPIO as VCC
Note: The Host GPIO pin must have sufficient current to drive the supply current, as per Table 11.
Value of the pullup resistors depend on the target application circuit and the target I2C frequency.
Datasheet
9
Revision 3.40
2022-06-21
Interface and Schematics
If the host GPIO doesn’t supply sufficient current to OPTIGA, additional MOSFET switching circuitry is needed to
control the power supply (VCC). The below circuit diagrams depicts the options to control the power supply (VCC)
using GPIO from Host with the switching logic.
The following figure illustrates how to integrate OPTIGA™ Trust M with hibernation, with local host GPIO using
single MOSFET to switch the VCC.
Figure 4
System Integration Schematic Diagram with Hibernation - GPIO controlled VCC(Single
MOSFET switch)
Note:
Due to the single P channel MOSFET (FDN304P) behavior, GPIO must be connected and drive the
pin to LOW to enable the VCC supply to OPTIGA™ Trust M. This adaption must be done in the optiga
host library (ifx_i2c.c), refer 11.1.1 for details. Value of the pullup resistors depend on the target
application circuit and the target I2C frequency.
The following figure illustrates how to integrate OPTIGA™ Trust M with hibernation, with local host using two
MOSFET to switch the VCC.
Figure 5
System Integration Schematic Diagram with Hibernation - GPIO controlled VCC(Dual
MOSFET switch)
Datasheet
10
Revision 3.40
2022-06-21
Interface and Schematics
Note:
Value of the pullup resistors depend on the target application circuit and the target I2C frequency.
If GPIO pin is connected, set the GPIO pin to HIGH to enable the VCC to OPTIGA™ Trust M.
Datasheet
11
Revision 3.40
2022-06-21
Description of packages
4
Description of packages
This chapter provides information on the package types and how the interfaces of each product are assigned to
the package pins. For further information on compliance of the packages with European Parliament Directives,
see “RoHS Compliance” on Page 25.
For details and recommendations regarding the assembly of packages on PCBs, please see the following:
http://www.infineon.com/cms/en/product/technology/packages/
4.1
PG-USON-10-2,-4
The package dimensions (in mm) of the controller in PG-USON-10-2,-4 packages are given below.
Figure 6
PG-USON-10-2,-4 Package Outline
Datasheet
12
Revision 3.40
2022-06-21
Description of packages
The following figure shows the PG-USON-10-2,-4 in top view:
Figure 7
PG-USON-10-2,-4 top view
4.2
Production sample marking pattern
The following figure describes the productive sample marking pattern on PG-USON-10-2,-4.
Figure 8
PG-USON-10-2,-4 sample marking pattern
The black dot indicates pin 01 for the chip. The following Table 5 describes the sample marking pattern:
Table 5
Marking table for PG-USON-10-2,-4 packages
Description
Indicator
LOT CODE
ZZ
Defined and inserted during fabrication
Indicates the Certifying Authority Serial Number / SKU#, e.g. "00" would
mean "SKU#00"
H/E
H = "Halogen-free", E = "Engineering samples"
This indicator is followed by "YYWW", where YY is the "Year" and WW is
the "Work Week" of the production. This is inserted during fabrication.
Engineering samples have "E YYWW" and productive samples have "H
YYWW"
Datasheet
13
Revision 3.40
2022-06-21
Description of packages
Indicator
12345
Description
Convention: T&#$@
where:
•
•
•
•
•
The letter "T" indicates the OPTIGA Trust family
& indicates the product is a Trust M controller
# indicates the controller is a STR (S) variant
$ specifies the OPTIGA™ Trust M release version number
@ specifies the software version
Example: "TMS10" means 'OPTIGA™ Trust M', 'STR variant', 'release
version 1', 'software version 0'
The contacts and their functionality are given in the Table 6 below.
Table 6
Pin
01
Contact definitions and functions of PG-USON-10-2,-4 packages
Type
Function
GND
Supply voltage (Ground)
NC
I/O
NC
NC
NC
NC
I/O
IN
Not connected / Do not connect externally
Serial Data Line (SDA)
02
03
Not connected / Do not connect externally
Not connected / Do not connect externally
Not connected / Do not connect externally
Not connected / Do not connect externally
Serial Clock Line (SCL)
04
05
06
07
08
Active Low Reset (RST)
09
PWR
Supply voltage (VCC)
10
Datasheet
14
Revision 3.40
2022-06-21
Technical Data
5
Technical Data
This section summarizes the technical data of the product. It provides the operational characteristics as well as
the electrical DC and AC characteristics.
5.1
I2C Interface Characteristics
Table 7
I2C Operation Supply and Input Voltages
Parameter
Symbol
Values
Unit Note or Test
Condition
Min.
Typ.
Max.
Supply voltage
VCC_I2C
VIN_I2C
1.62
–
5.5
V
SDA, SCL input
voltage
−0.3
VCC_I2C + 0.5 or
5.51
V
VCC_I2C
is
in
the
–
operational
range
supply
−0.3
5.5
V
VCC_I2C is switched off
–
1) Whichever is lower
5.1.1
I2C Standard/Fast Mode Interface Characteristics
For operation of the I2C interface, the electrical characteristics are compliant with the I2C bus specification Rev. 4
for "standard-mode" (fSCL up to 100 kHz) and "fast-mode" (fSCL up to 400 kHz), with certain deviations as stated in
the table below.
Note:
TA as given for the operating temperature range of the controller unless otherwise stated.
Table 8
I2C Standard Mode Interface Characteristics
Parameter
Symbol
Values
Unit
Note or Test Condition
Min.
Typ.
Max.
fSCL
0
–
100
kHz
SCL clock frequency
Input low-level
VIL
−0.3
–
–
0.3 * VCC_I2C
0.4
V
V
VOL1
0
Sink current 3 mA;
VCC_I2C ≥ 2.7 V
Sink current 2 mA;
VCC_I2C < 2.7 V
Low-level output
voltage
IOL
tOF
3
2
mA
ns
VOL = 0.4 V; VCC_I2C ≥ 2.7 V
VOL = 0.4 V; VCC_I2C < 2.7 V
Low-level output
current
–
–
–
Cb ≤ 400 pF; VCC_I2C ≥ 2.7 V
Cb ≤ 200 pF; VCC_I2C < 2.7 V
Output fall time from
VIHmin to VILmax (at device
pin)
–
250
Cb
–
VCC_I2C ≥ 2.7 V
VCC_I2C < 2.7 V
Capacitive load for
each bus line
–
400
200
pF
Datasheet
15
Revision 3.40
2022-06-21
Technical Data
Table 9
I2C Fast Mode Interface Characteristics
Parameter
Symbol
Values
Unit
Note or Test Condition
Min.
Typ.
Max.
fSCL
VIL
0
–
400
kHz
V
SCL clock frequency
Input low-level
−0.3
–
–
0.3 * VCC_I2C
0.4
VOL1
0
V
Sink current 3 mA;
VCC_I2C ≥ 2.7 V
Sink current 2 mA;
Low-level output
voltage
VCC_I2C < 2.7 V
IOL
tOF
3
2
mA
ns
VOL = 0.4 V; VCC_I2C ≥ 2.7 V
VOL = 0.4 V; VCC_I2C < 2.7 V
Low-level output
current
–
–
–
20 *
Cb ≤ 400 pF; VCC_I2C ≥ 2.7 V
Cb ≤ 200 pF; VCC_I2C < 2.7 V
Output fall time from
VIHmin to VILmax (at device
pin)
250
VCC_I2C
/
5.5 V1
Cb
152
VCC_I2C ≥ 2.7 V
VCC_I2C < 2.7 V
Capacitive load for
each bus line
–
400
200
pF
1) A min. capacitive load is necessary to reach tOF
2) A min. capacitive load is necessary to reach tfmin
5.1.2
I2C Fast Mode Plus Interface Characteristics
For operation of the I2C interface, the electrical characteristics are compliant with the I2C bus specification Rev. 4
for "fast mode plus" (fSCL up to 1 MHz), with certain deviations as stated in the table below.
Note:
TA as given for the operating temperature range of the controller unless otherwise stated.
Table 10
I2C Fast Mode Plus Interface Characteristics
Parameter
Symbol
Values
Unit
Note or Test Condition
Min.
Typ.
Max.
fSCL
VIL
0
–
1000
kHz
V
SCL clock frequency
Input low-level
−0.3
–
–
0.3 * VCC_I2C
0.4
VOL1
0
V
Sink current 3 mA;
VCC_I2C ≥ 2.7 V
Sink current 2 mA;
VCC_I2C < 2.7 V
Low-level output
voltage
IOL
tOF
3
2
mA
ns
VOL = 0.4 V; VCC_I2C ≥ 2.7 V
VOL = 0.4 V; VCC_I2C < 2.7 V
Low-level output
current
–
–
–
20 *
Cb ≤ 150 pF
Output fall time from
VIHmin to VILmax (at device
pin)
120
VCC_I2C
/
5.5 V1
Cb
151
Capacitive load for
each bus line
–
150
pF
1) A min. capacitive load is necessary to reach tOF
Datasheet
16
Revision 3.40
2022-06-21
Technical Data
5.1.3
Electrical Characteristics
Note:
TA as given for the operating temperature range of the controller unless otherwise stated. All
currents flowing into the controller are considered positive.
5.1.3.1
DC Electrical Characteristics
TA as given for the controller’s operating ambient temperature range unless otherwise stated.
All currents flowing into the controller are considered positive.
Table 11
Electrical Characteristics
Symbol
Parameter
Values
Unit
Note or Test Condition
Min.
1.62
1.62
Typ.
–
–
Max.
5.5
5.5
Supply voltage
Supply current1
VCC
VCC_I2C
V
V
Overall functional range
Supply voltage range for
operation of I2C
ICCAVG
–
–
14.0
70
–
mA
While running a typical
authentication profile
TA = 25°C; VCC = 5.0 V
TA = 25°C; VCC_I2C = 3.3 V;
I2C ready for operation
(no bus activity), all
other inputs at VCC, no
other interface activity
IIL = −50 μA to +20 μA
IIL = −50 μA to +20 μA
Vcc = 0 V, GND = 0 V, RST =
0 V, SCL= 3.3 V and SCL =
3.3 V
Supply current, in
sleep mode
ICCS3
100
A
RST input low voltage VIL
RST input high voltage VIH
Hibernate current
−0.3
0.7 * VCC
–
–
–
0.3 * VCC
VCC + 0.3
–
V
V
µA
–
< 2.5
1) Supply current can be limited from 6mA to 15mA by software commands.
5.1.3.2
AC Electrical Characteristics
TA as given for the controller’s operating ambient temperature range unless otherwise stated.
All currents flowing into the controller are considered positive.
Table 12
AC Characteristics
Symbol
Parameter
Values
Unit
Note or Test Condition
Min.
Typ.
Max.
VCC rampup time
tVCCR
1
–
1000
s
400 mV to 90% of VCC
target voltage ramp
The VCC ramp is depicted in Figure 9. 90% of the target supply voltage must be reached within tVCCR after it has
exceeded 400 mV. Moreover, its variation must be kept within a ±10% range.
Datasheet
17
Revision 3.40
2022-06-21
Technical Data
VCC
110%
target supply voltage range
90%
400 mV
t
tVCCR
Figure 9
Vcc Rampup
5.1.4
Start-Up of I2C Interface
There are 2 variants possible for performing the startup procedure:
•
•
Startup after power-on
Startup for warm resets
5.1.4.1
Startup after Power-On
The activation of the I2C interface after power-on needs the following reset procedure.
•
•
VCC is powered up and the state of the SDA and SCL line are set to high level during power-up
The first transmission may start at the earliest tSTARTUP after power-up of the device
The following figure shows the startup timing of the I2C interface for this case.
tVCCR
VCC
0.4 V
tSTARTUP
SCL
RST
SDA
trans- mission 1
trans- mission n
Bus-Idle
Power-up
Start-up
Figure 10
Startup of I2C Interface after Power-On
Datasheet
18
Revision 3.40
2022-06-21
Technical Data
Table 13
Startup of I2C Interface After Power-On
Parameter
Symbol
Values
Unit
Note or Test Condition
Min.
Typ.
Max.
Startup time
tSTARTUP
15
–
–
ms
5.1.4.2
Startup for Warm Resets
When using the reset signal for triggering a warm reset after power-on, the activation of the I2C interface needs
the following reset procedure
•
•
•
VCC remains powered up.
The terminal stops I2C communication. SDA and SCL lines are set to high level before RST is set to low level.
After its falling edge, RST has to be kept at low level for at least t1. At the latest t2 after the falling edge of RST,
the terminal must set RST to high level.
•
The first transmission may start at the earliest tSTARTUP after the rising edge of RST
The following figure shows the timing for this startup case.
Figure 11
Startup of I2C Interface for Warm Resets
Note:
If NVM programming was requested prior to the reset, tSTARTUP will be extended from a typical value
of 15 ms to a maximum of 20 ms.
Datasheet
19
Revision 3.40
2022-06-21
Technical Data
Table 14
Startup of I2C Interface for Warm Resets1
Parameter
Symbol
Values
Unit
Note or Test Condition
Min.
15
–
Typ.
–
–
Max.
–
1
Startup time
Rise time
tSTARTUP
tR
ms
s
From 10% to 90% of
signal amplitude
From 10% to 90% of
signal amplitude
Fall time
tF
t1
–
–
1
s
Reset detection
Reset low
10
10
–
–
–
s
s
2500
1) Reset triggered by software (without power off/on cycle)
Datasheet
20
Revision 3.40
2022-06-21
OPTIGA™ Trust M External Interface
6
OPTIGA™ Trust M External Interface
6.1
Commands
This section provides short description of the commands exposed by the OPTIGA™ Trust M secuirty chip and
mapping of these commands w.r.t Use Cases.
Table 15
Command table
Command Name
Description
Command to launch an application
Command to close/hibernate an application
Command to get (read) a data object
Command to set (write) a data object
V1
✓
✓
✓
✓
✓
V3
✓
✓
✓
✓
✓
✓
OpenApplication
CloseApplication
GetDataObject
SetDataObject
SetObjectProtected Command to set (write) data protected (integrity protection)
SetObjectProtected Command to set (write) data/key objects and its metadata
protected (integrity protection, confidentiality)
GetRandom
CalcHash
CalcSign
VerifySign
CalcSSec
Command to generate a random stream
Command to calculate a Hash
Command to calculate a signature
Command to verify a signature
Command to execute a Diffie-Hellmann key agreement
Command to derive keys
Command to generate public/private key pairs
Command to encrypt (Asymmetric) a message
Command to decrypt (Asymmetric) a message
Command to encrypt (Symmetric) a message
Command to decrypt (Symmetric) a message
Command to generate a symmetric key
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
✓
DeriveKey
GenKeyPair
EncryptAsym
DecryptAsym
EncryptSym
DecryptSym
GenSymKey
Table 16
Mapping of commands with Use cases
Use Case
OPTIGA™ Trust M commands used
GetRandom, CalcHash, CalcSign, VerifySign, CalcSSec, DeriveKey,
GenKeyPair, EncryptAsym and DecryptAsym
GetDataObject and SetDataObject
Secure Communication with (D)TLS
Datastore (user memory ~ 4.5kB)
Symmetric key attestation, Security EncryptSym and DecryptSym1
Tokens
Secure Firmware Update
VerifySign and DeriveKey
Secure update of Trust Anchors and SetObjectProtected command
Keys2 on Security Chip
1 EncryptSym and DecryptSym is supported only in v3
2 Secure key update is supported only in v3
Datasheet
21
Revision 3.40
2022-06-21
OPTIGA™ Trust M External Interface
6.2
Crypto Performance
The performance metrics for various schemes are provided by the Table 18 below. If not particularly mentioned,
the performance is measured @ OPTIGA™ Trust M I/O interface with:
•
•
•
•
I2C FM (400KHz)
Without power limitation
@ 25°C
VCC = 3.3V
•
•
•
•
•
•
•
•
RSA Signature scheme: RSA SSA PKCS#1 v1.5 without hashing
ECDSA Signature scheme: ECDSA FIPS 186-3 without hashing
Encryption/Decryption scheme: RSAES PKCS#1 v1.5
Hash scheme: SHA256
Key Derivation scheme: TLS v1.2 PRF SHA256, HKDF SHA256
RSA Key size: 2048 bits
ECC Key size: 256 bits (NIST P-256)
AES Key size: 128 bits
Table 17
Scheme
Crypto performance for V1
Algorithm
Performance in Performance with Notes
ms1
Shielded
Connection in ms1
•
•
•
•
•
ECC NIST P 256
No data hashing
2048 bit exponentical
No data hashing
ECC NIST P 256 provided by
external world
ECDSA
RSA
~ 60
~ 65
Calculate signature
~ 310
~ 315
ECDSA
~ 85
~ 90
•
•
No data hashing
Verify signature
2048
bit
exponentical
RSA
ECC
~ 45
~ 60
~ 55
~ 65
provided by external world
No data hashing
•
Diffie-Hellman
key agreement
Based on ephemeral key pair
ECC
RSA
RSA
RSA
~ 75
~ 80
~ 2910
~ 45
Generate 256 bit ECC key pair
Generate 2048 bit RSA key pair
Encrypt 127 bytes
Key pair generation
~ 29002
~ 30
Encryption
Decryption
~ 310
~ 320
Decrypt 127 bytes
•
•
To derive a key of 40 bytes
Shared secret (32 bytes) from
session context and
The input key derivation data
size is 48 bytes
PRF as per
TLS v1.2
Key derivation
~ 50
~ 55
•
Hash calculation
SHA256
~ 12 Kbyte/s
~ 11 Kbyte/s
In blocks of 1280 bytes
1Minimum Execution of the entire sequence in milli seconds, except the External World timings
2RSA key pair generation performance is not predictable and typically have a variation in performance. This could be significantly higher
or lower as the one specified in the table which is an average value over collected samples.
Datasheet
22
Revision 3.40
2022-06-21
OPTIGA™ Trust M External Interface
Table 18
Scheme
Crypto performance for V3
Algorithm
Performance Performance with Notes
in ms1
Shielded
Connection in ms1
•
•
•
•
•
ECC NIST P 256
No data hashing
2048 bit exponentical
No data hashing
ECC NIST P 256 provided by
external world
ECDSA
RSA
~ 65
~ 70
Calculate
signature
~ 310
~ 320
ECDSA
~ 85
~ 40
~ 95
~ 50
•
•
No data hashing
Verify signature
2048
bit
exponentical
RSA
provided by external world
•
No data hashing
Diffie-Hellman
key agreement
ECDH
ECC
~ 60
~ 55
~ 65
~ 60
Based on ephemeral key pair
Generate 256 bit ECC key pair in
session
Generate 2048 bit RSA key pair
Encrypt 127 bytes
Decrypt 127 bytes
Encrypt 256 bytes, ECB mode
Decrypt 256 bytes, ECB mode
Key pair
generation
2
RSA
RSA
RSA
AES-128
AES-128
~ 2900
~ 40
~ 315
~ 28
~ 2910
~ 50
~ 325
~ 35
Encryption
Decryption
Encryption
Decryption
~ 35
~ 42
•
•
To derive a key of 40 bytes
Shared secret (32 bytes)
from session context and
The input key derivation
data size is 48 bytes
Key derivation
PRF as per TLS v1.2 ~ 50
~ 55
•
Using a pre-shared secret from
a data object
Using a pre-shared secret from
a data object and 128 bytes of
input data
Key derivation
HMAC
HKDF with SHA256 ~ 130
HMAC with SHA256 ~ 90
~ 135
~ 95
Hash calculation SHA256
~ 15 Kbyte/s
~ 14 Kbyte/s
In blocks of 1280 bytes
1 Minimum Execution of the entire sequence in milli seconds, except the External World timings
2 RSA key pair generation performance is not predictable and typically have a variation in performance. This could be significantly higher
or lower as the one specified in the table which is an average value over collected samples.
Datasheet
23
Revision 3.40
2022-06-21
Security Monitor
7
Security Monitor
The Security Monitor is a central component which enforces the security policy of the OPTIGA™ Trust M. It
consumes security events sent by security aware parts of the OPTIGA™ Trust M embedded SW and takes actions
accordingly as specified in Security Policy below.
7.1
Security Events
The events below actively influence the security monitor.
Table 19
Event
Security Events
Description
Decryption Failure
This event occurs in case a decryption and/or integrity check of provided data
lead to a failure during protected update
Key Derivation
This event occurs in case the DeriveKey command gets applied on a persistent
data object (not volatile data object as session context). In that case the
persistent data object gets used as pre-shared secret.
Private Key Use
Secret Key Use
This event occurs in case the internal services are going to use an OPTIGA™ Trust
M hosted private key.
This event occurs in case the internal services are going to use a OPTIGA™ hosted
secret (symmetric) key (once per respective command), except temporary keys
from session context are used.
Suspect System Behavior This event occurs in case the embedded software detects inconsistencies with
the expected behavior of the system. Those inconsistencies might be redundant
information which doesn’t fit to their counterpart.
7.2
Security Policy
Security Monitor judges the notified security events regarding the number of occurrence over time and in case
those violate the permitted usage profile of the system takes actions to throttle down the performance and thus
the possible frequency of attacks.
The permitted usage profile is defined as:
1. tmax is set to 5 seconds (± 5%)
2. A Suspect System Behavior event is never permitted and will cause setting the Security Event Counter (SEC)
to its maximum (= 255).
3. One protected operation (refer to Table 19) events per tmax period.
In other words it must not allow more than one out of the protected operations per tmax period (worst case, ref to
bullet 3. above). This condition must be stable, at least after 500 uninterrupted executions of protected
operations.
For more information, please refer to Solution Reference Manual document available as part of the package.
Datasheet
24
Revision 3.40
2022-06-21
RoHS Compliance
8
RoHS Compliance
On January 27, 2003 the European Parliament and the council adopted the directives:
•
2002/95/EC on the Restriction of the use of certain Hazardous Substances in electrical and electronic
equipment ("RoHS")
•
2002/96/EC on Waste Electrical and Electrical and Electronic Equipment ("WEEE")
Some of these restricted (lead) or recycling-relevant (brominated flame retardants) substances are currently
found in the terminations (e.g. lead finish, bumps, balls) and substrate materials or mold compounds.
The European Union has finalized the Directives. It is the member states' task to convert these Directives into
national laws. Most national laws are available, some member states have extended timelines for
implementation. The laws arising from these Directives have come into force in 2006 or 2007.
The electro and electronic industry has to eliminate lead and other hazardous materials from their products. In
addition, discussions are on-going with regard to the separate recycling of ceratin materials, e.g. plastic
containing brominated flame retardants.
Infineon Technologies is fully committed to giving its customers maximum support in their efforts to convert to
lead-free and halogen-free1 products. For this reason, Infineon Technologies’ "Green Products" are
ROHS-compliant.
Since all hazardous substances have been removed, Infineon Technologies calls its lead-free and halogen-free
semiconductor packages "green." Details on Infineon Technologies’ definition and upper limits for the restricted
materials can be found here.
The assembly process of our high-technology semiconductor chips is an integral part of our quality strategy.
Accordingly, we will accurately evaluate and test alternative materials in order to replace lead and halogen so
that we end up with the same or higher quality standards for our products.
The use of lead-free solders for board assembly results in higher process temperatures and increased
requirements for the heat resistivity of semiconductor packages. This issue is addressed by Infineon
Technologies by a new classification of the Moisture Sensitivity Level (MSL). In a first step the existing products
have been classified according to the new requirements.
1Any material used by Infineon Technologies is PBB and PBDE-free. Plastic containing brominated flame retardants, as mentioned in the
WEEE directive, will be replaced if technically/economically beneficial.
Datasheet
25
Revision 3.40
2022-06-21
Appendix A – Infineon I2C Protocol Registry Map
9
Appendix A – Infineon I2C Protocol Registry Map
OPTIGA™ Trust M supports IFX I2C v2.01 and is implemented as I2C slave, which uses different address locations
for status, control and data communication registers. These registers with description are outlined below in the
following table.
Table 20
IFX I2C Registry Map Table
Register
Address
Name
Size in Bytes
Description
Master
Access
0x80
DATA
DATA_REG_LEN This is the location where data shall be read from or Read /
written to the I2C slave Write
2
This register holds the maximum data register (Addr Read /
0x81
DATA_REG_LEN
0x80) length. The allowed values are 0x0010 up to
0xFFFF. After writing the new data register length it
becomes effective with the next I2C master access.
However, in case the slave could not accept the new
length it indicates its maximum possible length
within this register. Therefore it is recommended to
read the value back after writing it to be sure the I2C
slave did accept the new value.
Write
Note: the value of MAX_PACKET_SIZE is derived
from this value or vice versa (MAX_PACKET_SIZE=
DATA_REG_LEN-5)
0x82
I2C_STATE
4
Bits 31:24 of this register provides the I2C state in
regards to the supported features (e.g. clock
stretching …) and whether the device is busy
executing a command and/or ready to return a
response etc.
Read only
Bits 15:0 defining the length of the response data
block at the physical layer.
0x83
0x84
BASE_ADDR
2
4
This register holds the I2C base address as specified Write only
by Table 21. Default value is 0x30. After writing a
different address the new address become effective
with the next I2C master access. In case the bit 15 is
set in addition to the new address (bit 6:0) it
becomes the new default address at reset
(persistent storage).
MAX_SCL_FREQU
This register holds the maximum clock frequency in
KHz supported by the I2C slave. The value gets
adjusted to the register I2C_Mode setting.
Fast Mode (Fm): The allowed values are 50 up to
400.
Read
Fast Mode (Fm+): The allowed values are 50 up to
1000.
GUARD_TIME1
TRANS_TIMEOUT5
0x85
0x86
4
4
For details refer to Table 24
For details refer to Table 24
Read only
Read only
1 In case the register returns 0xFFFFFFFF the register is not supported and the default values specified in Table ‘List of protocol
variations’ shall be applied.
Datasheet
26
Revision 3.40
2022-06-21
Appendix A – Infineon I2C Protocol Registry Map
Register
Address
Name
Size in Bytes
Description
Master
Access
0x88
SOFT_RESET
I2C_MODE
2
2
Writing to this register will cause a device reset. This Write only
feature is optional
0x89
This register holds the current I2C Mode as defined
by Table 22. The default mode is SM & FM (011B).
Read /
Write
Table 21
Definition of BASE_ADDR
Fields
Bits
Value
Description
DEF_ADDR
15
0
1
Volatile address setting by bit 6:0, lost after reset.
Persistent address setting by bit 6:0, becoming default after reset.
BASE_ADDR
6:0
0x00-0x7F I²C base address specified by Table 20
15
DEF_ADDR
7
14
6
13
5
12
4
11
10
2
9
1
8
0
RFU
3
RFU
BASE_ADDR
15
DEF_MODE
7
14
6
13
12
4
11
RFU
3
10
2
9
8
0
5
1
RFU
Mode
Table 22
Definition of I2C_MODE
Fields
Bits
Value
Description
DEF_MODE
15
0
1
Volatile mode setting by bit 2:0, lost after reset.
Persistent mode setting by bit 2:0, becoming
default after reset. This bit is always read as 0.
MODE2
2:0
001
010
Sm
Fm
011
100
SM & Fm (fab out default)
Fm+
other values
not valid; writing will be ignored
1 In case the register returns 0xFFFFFFFF the register and its functionality is not supported
2 This mode defines the adherence of the bus signals to the electrical characteristics according standard I2C bus specification
Datasheet
27
Revision 3.40
2022-06-21
Appendix A – Infineon I2C Protocol Registry Map
31
BUSY
30
RESP_RDY
22
29
28
27
SOFT_RESET CONT_READ REP_START CLK_STRETCHING
19 18 17 16
26
25
24
RFU
23
21
20
PRESENT_LAYER
RFU
15-0
Length of data block to be read
Table 23
Definition of I2C_STATE
Field
Bit(s)
Value
Description
BUSY
31
0
1
Device is not busy
Device is busy executing a command
RESP_RDY
30
0
1
Device is not ready to return a response
Device is ready to return a response
SOFT_RESET
27
26
25
24
23
0
1
SOFT_RESET not supported
SOFT_RESET supported
CONT_READ
0
1
Continue Read not supported
Continue Read supported
REP_START
0
1
Repeated start not supported
Repeated start supported
CLK_STRETCHING
PRESENT_LAYER
0
1
Clock stretching not supported
Clock stretching supported
0
1
Presentation Layer not supported
Presentation Layer supported
9.1
Infineon I2C Protocol Variations
To fit best to application specific requirements the protocol might be tailored by specifying a couple of
parameters which is described in the following table.
Table 24
List of Protocol Variations
Default Value Description
Parameter
MAX_PACKET_SIZE
0x110
Maximum packet size accepted by the receiver. The protocol
limits this value to 0xFFFF, but there might be project specific
requirements to reduce the transport buffers size for the sake
of less RAM footprint in the communication stack. If shortened,
it could be statically defined or negotiated at the physical layer.
Window size of the sliding windows algorithm. The value could
be 1 up to 2.
Maximum number of network channels. The value could be 1 up
to 16. One indicates the OSI Layer 3 is not used and the CHAN
field of the PCTR must be set to 0000.
WIN_SIZE
1
1
MAX_NET_CHAN
CHAINING
TRUE
10 ms
Chaining on the transport layer is supported (TRUE) or not
(FALSE)
(Re) transmission timeout specifies the number of milliseconds
to be elapsed until the transmitter considers a frame
TRANS_TIMEOUT
Datasheet
28
Revision 3.40
2022-06-21
Appendix A – Infineon I2C Protocol Registry Map
Parameter
Default Value Description
transmission is lost and retransmits the non-acknowledged
frame. The Timer gets started as soon as the complete frame is
transmitted. The value could be 1 up to 1000. However, the
higher the number, the longer it takes to recover from a frame
transmission error.
Note: The acknowledge timeout on the receiver side must be
shorter than the retransmission timeout to avoid unnecessary
frame repetitions.
TRANS_REPEAT
BASE_ADDR
3
Number of transmissions to be repeated until the transmitter
considers the connection is lost and starts a re-synchronization
with the receiver. The value could be 1 up to 4.
I2C (base) address. This address could be statically defined or
dynamically negotiated by the physical layer.
0x30
MAX_SCL_FREQU
GUARD_TIME
1000 kHz
50 µs
Maximum SCL clock frequency in kHz.
Minimum time to be elapsed at the I2C master measured from
read data (STOP condition) until the next write data (Start
condition) is allowed to happen.
Note 1: For two consecutive accesses on the same device
GUARD_TIME re-specifies the value of tBUF as specified by [I2Cbus].
Note 2: Even if another I2C address is accessed in between
GUARD_TIME has to be respected for two consecutive accesses on
the same device.
SOFT_RESET
1
1
Any write attempt to the SOFT_RESET register will trigger a
warm reset (reset w/o power cycle). This register is optional and
its presence is indicated by the I2C_STATE register’s
“SOFT_RESET” flag.
This flag at the I2C_STATE register indicates the optional
availability of the presentation layer, which is providing
confidentiality and integrity protection of payloads (APDUs)
transferred across the I2C interface. The presentation layer is
used as part of Shielded Connection.
PRESENT_LAYER
Datasheet
29
Revision 3.40
2022-06-21
Appendix B - OPTIGA™ Trust M Command/Response I2C Sample Logs
10
Appendix B - OPTIGA™ Trust M Command/Response I2C Sample
Logs
The default I2C slave address for the OPTIGA™ Trust M is 0x30 [I2C_ADDR]. All the values in this section are
specified in decimal form unless stated otherwise.
10.1
Sequence of commands to read Coprocessor UID from OPTIGA™ Trust M
Pre-requisites
1. Ensure that the security device is powered up
2. The OPTIGA™ Trust M will not acknowledge the slave address sent by a host if it is either busy or in idle
state. Hence the host must retry or repeat the transaction until it is successful or timed out for 100
milliseconds (extreme case).
3. The specified guard time must be applied between each attempt of write / read operation by the Host
I2C driver.
4. The log information for OPTIGA™ Trust M commands specified in below Tables contains the [IFX I2C]
protocol information which comprises sequence numbers and checksum of the transactions.
a. A sequence of commands must be strict for the OPTIGA™ Trust M (e.g. OpenApplication
followed by GetDataObject to read a Coprocessor UID)
b. A checksum in the data depends on the data received or sent via write/read operations. So any
data change in the transaction is reflected in the check sum. Otherwise the write data
transaction will not be accepted/acknowledged by the OPTIGA™ Trust M.
5. The logs specified below are without the presentation layer (used for the Shielded Connection) of [IFX
I2C]
10.1.1
Check the status [I2C_STATE]
This is a very basic register read operation which ensures the behavior of the read/write operations of the local
host I2C driver.
Table 25
Check I2C_STATE Register of OPTIGA™ Trust M
I2C_ADDR Transaction Type
Data [values in hexadecimal]
30
30
Write [ 01 Bytes ]
Read [ 04 Bytes ]
82
08 80 00 00
10.1.2
Issue OpenApplication command
Before issuing any application specific command; e.g. read Coprocessor UID using GetDataObject, it is a must to
send the OpenApplication command to initialize the application on the OPTIGA™ Trust M as shown below.
Table 26
OpenApplication on OPTIGA™ Trust M
Transaction Type Data [values in hexadecimal]
I2C_ADDR
Step 1: Send OpenApplication command to initiate the application context on the OPTIGA™ Trust M
30
Write [ 27 Bytes ]
80 03 00 15 00 70 00 00 10 D2 76 00 00 04 47 65 6E 41 75 74 68 41
70 70 6C 04 1A
Step 2: Read the I2C_STATE register [Repeat this step until the read contains the data as specified below]
Datasheet
30
Revision 3.40
2022-06-21
Appendix B - OPTIGA™ Trust M Command/Response I2C Sample Logs
I2C_ADDR
Transaction Type
Write [ 01 Bytes ]
Read [ 04 Bytes ]
Data [values in hexadecimal]
30
30
82
C8 80 00 05
Step 3: Read the DATA register [Acknowledgment from OPTIGA™ Trust M for the last data transacation]
30
30
Write [ 01 Bytes ]
Read [ 05 Bytes ]
80
80 00 00 0C EC
Step 4: Read the I2C_STATE register [Repeat this step until the read contains the data as specified below]
30
30
Write [ 01 Bytes ]
Read [ 04 Bytes ]
82
48 80 00 0A
Step 5: Read the DATA register which contains the response for the command issued
30
30
Write [ 01 Bytes ]
Read [ 10 Bytes ]
80
00 00 05 00 00 00 00 00 14 87
Step 6: Send an acknowlegment for the data read
30
Write [ 06 Bytes ]
80 80 00 00 0C EC
10.1.3
Read Coprocessor UID
The Coprocessor UID contains the OPTIGA™ Trust M unique ID and the build information details. The
GetDataObject command is used to read the Coprocessor UID information.
Table 27
Read Coprocessor UID
I2C_ADDR
Transaction Type Data [values in hexadecimal]
Step 1: Send the GetDataObject command to read the Coprocessor UID
30 Write [ 17 Bytes ]
Step 2: Read the I2C_STATE register [Repeat this step until the read contains the data as specified below].
80 04 00 0B 00 01 00 00 06 E0 C2 00 00 00 64 F0 9F
30
30
Write [ 01 Bytes ]
Read [ 04 Bytes ]
82
48 80 00 25
Step 3: Read the DATA register which contains the response for the command issued.
30
30
Write [ 01 Bytes ]
Read [ 37 Bytes ]
80
05 00 20 00 00 00 00 1B CD XX XX XX XX XX XX XX XX XX XX XX XX XX XX
XX XX XX XX XX XX XX XX XX XX YY YY ZZ ZZ
Notes:
a. XX is the unique ID part of the co-processor UID
b. “YY YY” is the OPTIGA™ Trust M build number in BCD
(Binary Coded Decimal) format
c. ZZ ZZ is the checksum of the transaction
Step 4: Send an acknowlegment for the data read
30
Write [ 06 Bytes ]
80 81 00 00 56 30
Datasheet
31
Revision 3.40
2022-06-21
Appendix C – Power Management
11
Appendix C – Power Management
When operating, the power consumption of OPTIGA™ Trust M is limited to meet the requirements regarding the
power limitation set by the Host. The power limitation is implemented by utilizing the current limitation feature
of the underlying hardware device in steps of 1mA from 6mA to 15 mA with a precision of ±5%.
11.1
Hibernation
This maximizes power saving (zero power consumption1), while the I2C bus stays connected. In this case
OPTIGA™ Trust M saves the application context before power-off (switching off VCC) and restores it after power-
up. After power-up the application continues seamlessly from the state before hibernate.
11.1.1
Software adaption for Hibernate circuit with single MOSFET
Update the ifx_i2c.c file functions with the following change.
(1) Call pal_gpio_set_low (p_ifx_i2c_context->p_slave_vdd_pin), to set the Vdd pin to High,
(2) Call pal_gpio_set_high (p_ifx_i2c_context->p_slave_vdd_pin), to set the Vdd pin to Low.
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
_STATIC_H optiga_lib_status_t ifx_i2c_init
(ifx_i2c_context_t * p_ifx_i2c_context)
{
optiga_lib_status_t api_status = IFX_I2C_STACK_ERROR;
if (((uint8_t)IFX_I2C_WARM_RESET ==
p_ifx_i2c_context->reset_type) ||
((uint8_t)IFX_I2C_COLD_RESET ==
p_ifx_i2c_context->reset_type))
{
switch (p_ifx_i2c_context->reset_state)
{
case IFX_I2C_STATE_RESET_PIN_LOW:
{
// Setting the Vdd & Reset pin to low
if ((uint8_t)IFX_I2C_COLD_RESET ==
p_ifx_i2c_context->reset_type)
{
// Set the Host GPIO as high to set Vdd to
low
020
021
022
023
024
025
026
027
028
029
030
031
pal_gpio_set_high
(p_ifx_i2c_context->p_slave_vdd_pin);
}
// Setting the Reset pin to low
pal_gpio_set_low
(p_ifx_i2c_context->p_slave_reset_pin);
p_ifx_i2c_context->reset_state =
IFX_I2C_STATE_RESET_PIN_HIGH;
pal_os_event_register_callback_oneshot
(p_ifx_i2c_context->pal_os_event_ctx,
(register_callback)ifx_i2c_init,
(void * )p_ifx_i2c_context,
1 Leakage current < 2.5µA only
Datasheet
32
Revision 3.40
2022-06-21
Appendix C – Power Management
032
033
034
RESET_LOW_TIME_MSEC);
api_status = IFX_I2C_STACK_SUCCESS;
break;
035
036
037
038
039
040
041
042
}
case IFX_I2C_STATE_RESET_PIN_HIGH:
{
// Setting the Vdd & Reset pin to high
if ((uint8_t)IFX_I2C_COLD_RESET ==
p_ifx_i2c_context->reset_type)
{
// Set the Host GPIO as low to set Vdd to
high
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
pal_gpio_set_low
(p_ifx_i2c_context->p_slave_vdd_pin);
}
// Setting the Reset pin to high
pal_gpio_set_high
(p_ifx_i2c_context->p_slave_reset_pin);
p_ifx_i2c_context->reset_state =
IFX_I2C_STATE_RESET_INIT;
pal_os_event_register_callback_oneshot
(p_ifx_i2c_context->pal_os_event_ctx,
(register_callback)ifx_i2c_init,
(void * )p_ifx_i2c_context,
STARTUP_TIME_MSEC);
api_status = IFX_I2C_STACK_SUCCESS;
break;
}
case IFX_I2C_STATE_RESET_INIT:
{
//Frequency and frame size negotiation
#ifndef OPTIGA_COMMS_SHIELDED_CONNECTION
api_status = ifx_i2c_tl_init
(p_ifx_i2c_context,
ifx_i2c_tl_event_handler);
#else
api_status = ifx_i2c_prl_init
(p_ifx_i2c_context,
ifx_i2c_tl_event_handler);
#endif
break;
}
default:
break;
}
}
//soft reset
else
{
p_ifx_i2c_context->pl.request_soft_reset =
(uint8_t)TRUE;
#ifndef OPTIGA_COMMS_SHIELDED_CONNECTION
api_status = ifx_i2c_tl_init(p_ifx_i2c_context,
Datasheet
33
Revision 3.40
2022-06-21
Appendix C – Power Management
084
ifx_i2c_tl_event_handler);
085
086
087
#else
api_status = ifx_i2c_prl_init(p_ifx_i2c_context,
ifx_i2c_tl_event_handler);
088
#endif
089
090
091
092
}
if (api_status != IFX_I2C_STACK_SUCCESS)
{
ifx_i2c_tl_event_handler(p_ifx_i2c_context,
api_status,
093
094
095
096
0, 0);
}
return (api_status);
}
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
optiga_lib_status_t ifx_i2c_close(ifx_i2c_context_t * p_ctx)
{
optiga_lib_status_t api_status =
(int32_t)IFX_I2C_STACK_ERROR;
// Proceed, if not busy and in idle state
if (IFX_I2C_STATUS_BUSY != p_ctx->status)
{
api_status = IFX_I2C_STACK_SUCCESS;
#ifdef OPTIGA_COMMS_SHIELDED_CONNECTION
p_ctx->close_state = IFX_I2C_STACK_ERROR;
p_ctx->state = IFX_I2C_STATE_UNINIT;
api_status = ifx_i2c_prl_close
(p_ctx, ifx_i2c_prl_close_event_handler);
if (IFX_I2C_STACK_ERROR == api_status)
{
pal_i2c_deinit(p_ctx->p_pal_i2c_ctx);
// Also power off the device
// Set the Host GPIO as high to set Vdd to low
pal_gpio_set_high(p_ctx->p_slave_vdd_pin);
pal_gpio_set_low(p_ctx->p_slave_reset_pin);
p_ctx->status = IFX_I2C_STATUS_NOT_BUSY;
}
#else
ifx_i2c_tl_event_handler
(p_ctx, IFX_I2C_STACK_SUCCESS, NULL, 0);
// Close I2C master
pal_i2c_deinit(p_ctx->p_pal_i2c_ctx);
// Also power off the device
// Set the Host GPIO as high to set Vdd to low
pal_gpio_set_high(p_ctx->p_slave_vdd_pin);
pal_gpio_set_low(p_ctx->p_slave_reset_pin);
p_ctx->state = IFX_I2C_STATE_UNINIT;
p_ctx->status = IFX_I2C_STATUS_NOT_BUSY;
#endif
}
return (api_status);
}
Datasheet
34
Revision 3.40
2022-06-21
Appendix C – Power Management
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
_STATIC_H void ifx_i2c_prl_close_event_handler
(ifx_i2c_context_t * p_ctx,
optiga_lib_status_t event,
const uint8_t * p_data,
uint16_t data_len)
{
p_ctx->status = IFX_I2C_STATUS_NOT_BUSY;
switch (p_ctx->state)
{
case IFX_I2C_STATE_UNINIT:
{
pal_i2c_deinit(p_ctx->p_pal_i2c_ctx);
// Also power off the device
// Set the Host GPIO as high to set Vdd to low
pal_gpio_set_high(p_ctx->p_slave_vdd_pin);
pal_gpio_set_low(p_ctx->p_slave_reset_pin);
break;
}
default:
break;
}
if (NULL != p_ctx->upper_layer_event_handler)
{
p_ctx->upper_layer_event_handler
(p_ctx->p_upper_layer_ctx, event);
}
}
11.2
Low Power Sleep Mode
The OPTIGA™ Trust M automatically enters a low-power mode after a configurable delay. Once it has entered
Sleep mode, the OPTIGA™ Trust M resumes normal operation as soon as its address is detected on the I2C bus.
In case no command is sent to the OPTIGA™ Trust M it behaves as shown in Figure 12.
1. As soon as the OPTIGA™ Trust M is idle it starts to count down the “delay to sleep” time (tSDY).
2. In case this time elapses the device enters the “go to sleep” procedure.
3. The “go to sleep” procedure waits until all idle tasks are finished (e.g. counting down the SEC). In case all
idle tasks are finished and no command is pending, the OPTIGA™ Trust M enters sleep mode.
Datasheet
35
Revision 3.40
2022-06-21
Appendix C – Power Management
tSDY
VCC
1
IO
2
3
operational
idle
Power State
undefined
sleep
Figure 12
Go-to-Sleep Diagram
Datasheet
36
Revision 3.40
2022-06-21
Revision history
Revision history
Document version Date of release Description of changes
3.40
3.30
2022-06-21
2021-08-17
Section 1.5 updated, Section 6 removed
Section 6.4, 6.5 and12 updated for pal_ifx_i2c_context structure
changes and ifx_i2c_init bug fix.
3.20
3.15
2020-10-20
2020-10-12
Fixed internal review comments and released for Production
Section 3.1 Hibernate circuit diagram updated for single MOSFET
option and direct GPIO as power option.
3.10
3.00
0.70
2020-09-24
2020-06-29
2020-05-27
Release to Production release
Fixed internal review comments
Initial version update for ES Release
Datasheet
37
Revision 3.40
2022-06-21
Trademarks
All referenced product or service names and trademarks are the property of their respective owners.
IMPORTANT NOTICE
The information given in this document shall in no For further information on the product, technology,
Edition 2022-06-21
Published by
event be regarded as a guarantee of conditions or delivery terms and conditions and prices please
characteristics (“Beschaffenheitsgarantie”) .
contact your nearest Infineon Technologies office
(www.infineon.com).
Infineon Technologies AG
81726 Munich, Germany
With respect to any examples, hints or any typical
values stated herein and/or any information
regarding the application of the product, Infineon
Technologies hereby disclaims any and all
warranties and liabilities of any kind, including
without limitation warranties of non-infringement of
intellectual property rights of any third party.
WARNINGS
Due to technical requirements products may contain
dangerous substances. For information on the types
in question please contact your nearest Infineon
Technologies office.
© 2022 Infineon Technologies AG.
All Rights Reserved.
Do you have a question about this
document?
In addition, any information given in this document
is subject to customer’s compliance with its
obligations stated in this document and any
applicable legal requirements, norms and standards
concerning customer’s products and any use of the
product of Infineon Technologies in customer’s
applications.
Except as otherwise explicitly approved by Infineon
Technologies in a written document signed by
authorized
representatives
of
Infineon
Email:
Technologies, Infineon Technologies’ products may
not be used in any applications where a failure of the
product or any consequences of the use thereof can
reasonably be expected to result in personal injury.
CSSCustomerService@infineon.com
Document reference
The data contained in this document is exclusively
intended for technically trained staff. It is the
responsibility of customer’s technical departments
to evaluate the suitability of the product for the
intended application and the completeness of the
product information given in this document with
respect to such application.
相关型号:
OPTIGA TRUST M SLS32AIA
OPTIGA™ Trust M是一款高端安全解决方案,为物联网设备接入云端提供了一个可信任锚,从而为每一台物联网设备赋予唯一身份。这种预个性化交钥匙解决方案具备安全功能的易于集成与实现快速接入云服务所需的高性能。
INFINEON
OPTIGA TRUST X SLS 32AIA
OPTIGA™ Trust X减少了集成工作量且易于使用– 使得它成为缺少安全专家而又想快速进入市场的客户的理想选择。这款优异的安全解决方案提高了性能且降低了功率损耗。可用于非富集操作系统,也可以采用紧凑型封装。这种方案提供了新功能和商业模式,可以丰富服务内容,提高竞争力。
INFINEON
OPTIGA? TPM SLM 9670
The OPTIGA™ TPM SLM 9670 is a member of the OPTIGA™ TPM family. It addresses the requirements of industrial and other demanding applications where an extended temperature range, an extended lifetime and industrial-grade quality are key.
INFINEON
©2020 ICPDF网 联系我们和版权申明