Table of Content

• Shielded Connection
  • How to securely store the symmetric keys on host side?
  • Can this the symmetric key for the Shielded Connection been updated later on?
  • How does the Shielded Connection feature protect Objects?

Shielded Connection

How to securely store the symmetric keys on host side?

As this key is used for all access attempts to the Trust M element, it means the key should be available at least for read operations from a Trust M host library.

There are generally many ways on how to do this depending on your security requirements. If an invasive attack is considered, a special countermeasures should be applied; e.g. an external FLASH memory. For more detailed recomendations based on your system description can be requested from your local technical contact.

Can this the symmetric key for the Shielded Connection been updated later on?

The Platform Binding Secret (OID 0xE140, Data Objects Map) for default samples (not customer specific samples) is in unlocked state. This means that the Object Lifecycle State (LcsO) is in "Initialisation" State, moreover it means the secret can be updated many times. However, once a user explicitly (by updating the metadata) moves the Lifecycle State (LcsO) to the "Operational" state in this case it becomes locked and the object can't be modified.

How does the Shielded Connection feature protect Objects?

Many Objects (Data, Certificate, Key) can be updated in a way, that certain operations (Read, Write, or Execute) are allowed only if the shielded connection is established. For this it is required to update the metadata of the corresponding Object. In the Metadata you need to select one of the Access Conditions Descriptors (Read, Write, or Execute) and update the Access Condition there. More on this you can find in the Solution Reference Manual (PDF) Section 5.2.

Linux

How do adapt the code to run on my linux system?

1. Make sure that you use the right /dev/i2cx device that is physically connected to OPTIGA Trust M.
2. In case you use the hardware reset pin / vdd control pin make sure you use the right GPIO number for your platform. Make sure that you choose the right type of reset in here (we recommend using a hardware reset in a productive system).

What do I need to consider if access to GPIO is not supported via sysfs on my platform?

You have to implement at least 3 functions called pal_gpio_init, pal_gpio_set_high and pal_gpio_set_low. These functions have to be replaced with code that is specific to your platform in order to control the GPIO pins. .