Closed Darsh-Dev closed 4 years ago
Hi @Darsh-Dev here is the Getting Started Guide for Trust M. It includes the standard way to provision the device. Alternativly you can this Application Note
Sorry, accidentaly closed it. Feel free to ask further questions id my answer wasn't clear.
FYI. Here is also an overview of different officially qualified boards and their getting started guides https://github.com/Infineon/amazon-freertos-optiga-trust#supported-hardware
@ayushev ,
I gone through the https://github.com/Infineon/personalize-optiga-trust/tree/master/using-amazon-root-ca. Now its clear to me.
I have another question, certificates read from 0xE0E1, however, private key is const in the code. Why it's not read from the 0xE0F1 from Optiga-Trust slot?
Sorry, I didn't get it, where did you see the private key is const in the code?
@ayushev ,
File: /aws_demos/application_code/common_demos/source/optiga_trust_x.c line 27:
const char CLIENT_PRIVATE_KEY_PEM[] = "-----BEGIN EC PRIVATE KEY-----\n"
xParams.ulClientPrivateKeyType = CKK_EC;
xParams.pcClientPrivateKey = ( uint8_t * ) CLIENT_PRIVATE_KEY_PEM;
xParams.ulClientPrivateKeyLength = CLIENT_PRIVATE_KEY_LENGTH;
xParams.pcClientCertificate = ( uint8_t * ) CLIENT_CERTIFICATE_PEM;
xParams.ulClientCertificateLength = CLIENT_CERTIFICATE_LENGTH;
I couldn't find it here, in this repository. Can you please provide the link?
You might refer to the code which you have, however the code stored here, is officially qulified for Trust X, for Trust M the qulification is pending, but the code can be used, though without qulification mark from AWS. The Trust X code can be found as well on amazon-freertos official github starting from the release in October 2019
@ayushev
I am trying with latest git : https://github.com/Infineon/amazon-freertos-optiga-trust
I want to use STM32L4 + TrustX code. Code is available in "amazon-freertos-optiga-trust-x" . This sample code not available in latest https://github.com/Infineon/amazon-freertos-optiga-trust.
So I copied the main.c , optiga_trust_x.c/h from previous amazon-freertos-optiga-trust-x git.
@Darsh-Dev this repository has a limited support, as this integration was done before the official qualification and the amazon-freertos code restructure happened, feel free use it standalone, though. Private Key here as the comment declares isn't used, but mbedTLS (the crypto library which runs the TLS protocol establishment) requires the private key to be provided, in order to pass all the internal checks, however it's not actually used by Trust X.
So I copied the main.c , optiga_trust_x.c/h from previous amazon-freertos-optiga-trust-x git.
In the latest version, Trust X/M are initialised and used completely in the background, you don't need to control it. Thus files from the pervious version are not required. I recommend instead to enable the existing repository for the STM32 board you use. I just described jeneric steps here
Hi @ayushev , Thanks for the update.
In the latest version, Trust X/M are initialised and used completely in the background, you don't need to control it. Thus files from the previous version are not required.
I wants to understand, how the provisioning is works in the latest version?
The provisioning of the certificate as per now should be done in advance, before you run MQTT Demo from FreeRTOS.
FOr the provisioning you have two options:
1) Use the FreeRTOS qualified board you have to make the provisioning. This way will work out only if you have fully functional Secure Element integrated in the board. To make this type of provisioning please refer to the official AWS documentation from here, (Option #2: Onboard Private Key Generation)
2) Use Personalisation AppNote. For this you need RPi3 and the Trust M Shield2Go you use
Hello @Darsh-Dev, can we close the issue?
No further queries now. Pl close it. If any further query we have, will post it in new case.
Thanks @ayushev for support.
@ayushev ,
I am exploring the amazon-freertos-optiga-trust source code. I see that "eDEVICE_PUBKEY_CERT_PRJSPC_1" certification read from the TrustX chip and using this certificate and private key (CLIENT_PRIVATE_KEY_PEM ), doing the vAlternateKeyProvisioning.
Before get the certificate from the 0xE0E1, we should write certificate in TrustX slot, right? Bcoz I'm not able getting the code for update/write the certificate 0xE0E1.
Please help me to understand the process using the Optiga-Trust.
Thanks