This repository is a forked version of the main FreeRTOS github repo. It focuses on helping to integrate the OPTIGA Trust X and M embedded security solutions.
This repo uses Git Submodules to bring in dependent components.
Note: If you download the ZIP file provided by GitHub UI, you will not get the contents of the submodules. (The ZIP file is also not a valid git repository)
To clone using HTTPS:
git clone https://github.com/Infineon/amazon-freertos.git --recurse-submodulesUsing SSH:
git clone git@github.com:Infineon/amazon-freertos.git --recurse-submodulesIf you have downloaded the repo without using the --recurse-submodules argument, you need to run:
git submodule update --init --recursiveFor more information on FreeRTOS, refer to the Getting Started section of FreeRTOS webpage.
To directly access the Getting Started Guide for supported hardware platforms, click the corresponding link in the Supported Hardware section below.
For detailed documentation on FreeRTOS, refer to the FreeRTOS User Guide.
For additional boards that are supported for FreeRTOS, please visit the AWS Device Catalog
The following MCU boards are supported for FreeRTOS:
The ./projects folder contains the IDE test and demo projects for each vendor and their boards. The majority of boards can be built with both IDE and cmake (there are some exceptions!). Please refer to the Getting Started Guides above for board specific instructions.
IF you want to port Trust X/M onto any board listed here, you can follow the steps below. The OPTIGA Trust X/M integrates into FreeRTOS comaptible board in three points, namely: 1) PKCS#11 Interface integration. It doesn't require any further porting. As soon as you FreeRTOS board is compatile to version 201910 and above the PKCS#11 interface can be taken as it is. You can read more about this here. 2) mbedTLS TLS protocol implementation. mbedTLS is a crypto library used in FreeRTOS to perform TLS Handshke (secure channel establishment). This library uses an interface, which allows to substitute some of it's functionality by third-party crypto implemementations. Trust X/M substitutes standard software crypto implemementation for FreeRTOS/mbedTLS for such functions as: ECDSA, ECDHE, Random Number Generation. You can read more about this here. This intergation point also doesn't require additional proting, as it works on top of the OPTIGA Trust Software Framework. 3) Platform Abstraction Layer. This is the only integration point which requires actual porting from one platform to another. Generic steps are described here. It is recommended, though to use the existing template. In many cases you need to consider only three files for modifications.
Another important aspect is about how to prepare all the configuration files for a different board, how to refer to resources, etc.
Generic rule is to take an existing FreeRTOS quailified board (and test is ideally before you will try out the same option, but with a secure elemenent), and create a new configuration based on it.
The example below shows a sample process of creating a new porting, for the stm32l475_discovery board using cmake build system. For a successfull qualification you need as well a new porject-based setup, but this step is very different from IDE to IDE and isn't covered here.
0) Try out FreeRTOS for the stm32l475_discovery without any secure elements https://docs.aws.amazon.com/freertos/latest/userguide/getting_started_st.html
1) Create a new folder in boards; e.g. stm32l475_discovery_with_trust_m and copy all the content from the source board stm32l475_discovery.
2) Using this CMakeLists update the same file in newly created stm32l475_discovery_with_trust_mboard
3) Similarly update the manifest https://github.com/Infineon/amazon-freertos-optiga-trust/blob/feature/trustm/vendors/st/manifest.cmake
Note: All the Trust X/M related parts should be located at Infineon folder, and you cmake files should take them from there.