search

Infineon / linux-optiga-trust-m

Linux tools and examples for OPTIGA™ Trust V1/V3 security solution
MIT License
22 stars 18 forks source link

OPTIGA_COMMS_ERROR and OPTIGA_CMD_ERROR on #33

Closed chiragp-mecha closed 1 year ago

chiragp-mecha commented 1 year ago

Prerequisites

Can you reproduce the problem reliably? Yes

Did you check current release notes for known issues? Yes

If this is not the latest release, have you checked newer releases? We don't think newer releases will help based on their changelog, we are testing with 1.0.0

Description: We are trying to use the Trust M engine in OpenSSL 1.1.1g, we are getting time out errors in the Application Open and Application Close events.

Below is our chip information - 

$ sudo ./trustm_chipinfo 
Password: 
Read Chip Info [0xE0C2]: Success.
========================================================
CIM Identifier             [bCimIdentifer]: 0xcd
Platform Identifer   [bPlatformIdentifier]: 0x16
Model Identifer         [bModelIdentifier]: 0x33
ID of ROM mask                  [wROMCode]: 0x8401
Chip Type                    [rgbChipType]: 0x00 0x1c 0x00 0x01 0x00 0x00
Batch Number              [rgbBatchNumber]: 0x0a 0x01 0xb8 0x1a 0x00 0x06
X-coordinate              [wChipPositionX]: 0x0092
Y-coordinate              [wChipPositionY]: 0x0069
Firmware Identifier [dwFirmwareIdentifier]: 0x80101071
Build Number                 [rgbESWBuild]: 08 09

Chip software build: 
OPTIGA(TM) Trust M rev.1; Firmware Version: 1.30.809
========================================================

Note, calls to the Trust M module using the binaries provided by this package are working fine, we can read, write, generate keypair, etc. Only with the OpenSSL engine we are seeing these issues.

Steps to Reproduce:

  1. Run below command 
       $ openssl  rand -engine trustm_engine -base64 512

Expected Result:

Actual Result: Below is the output - 

$ sudo openssl_1  rand -engine trustm_engine -base64 512
Password: 
engine "trustm_engine" set.
Error in trustm_engine/trustm_engine.c:129 trustmEngine_WaitForCompletion: Status 258 // OPTIGA_COMMS_ERROR
Error in trustm_engine/trustm_engine.c:297 trustmEngine_App_Open: Fail : optiga_util_open_application time out[1] 

1388:Error [0x0102] : OPTIGA comms API failed
Error in trustm_engine/trustm_engine.c:129 trustmEngine_WaitForCompletion: Status 514 // OPTIGA_CMD_ERROR
Error in trustm_engine/trustm_engine.c:374 trustmEngine_App_Close: Fail : optiga_util_close_application time out 

1388:Error [0x0202] : OPTIGA command API failed
Error in trustm_engine/trustm_engine.c:129 trustmEngine_WaitForCompletion: Status 258 // OPTIGA_COMMS_ERROR
Error in trustm_engine/trustm_engine.c:297 trustmEngine_App_Open: Fail : optiga_util_open_application time out[1] 

1388:Error [0x0102] : OPTIGA comms API failed
Error in trustm_engine/trustm_engine.c:254 trustmEngine_App_Open_Recovery: Error opening Trust M, EXIT
Error in trustm_engine/trustm_engine.c:129 trustmEngine_WaitForCompletion: Status 514 // OPTIGA_CMD_ERROR

1388:Error [0x0202] : OPTIGA command API failed
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

Frequency (1/1, 1/50, 1/100): 1/1

Build/Commit: 1.0.0

Target: IMX8M Mini ARMV8A

The chip or kit you are working with: SLS32AIA010MSUSON10XTMA2

Host OS and Version: Linux 5.15

Compiler: GCC

Environment: Yocto

RaymWong commented 1 year ago

Hi, Is your hardware using reset pin? If hardware rest pin is not used, please configure reset type to 1 as follow #define OPTIGA_COMMS_DEFAULT_RESET_TYPE (1U) https://github.com/Infineon/optiga-trust-m/blob/91d952b4a6433bdbe1979487b73972b708d89b3f/optiga/include/optiga/optiga_lib_config_m_v3.h#L113

chiragp-mecha commented 1 year ago

Hello, Sorry for late replay.

Yes we are using hardware reset pin. and we did change in this two files as below,

1) optiga/include/optiga/optiga_lib_config_m_v1.h

// #define OPTIGA_COMMS_DEFAULT_RESET_TYPE (1U) #define OPTIGA_COMMS_DEFAULT_RESET_TYPE (0U)

2) optiga/include/optiga/optiga_lib_config_m_v3.h

// #ifndef OPTIGA_COMMS_DEFAULT_RESET_TYPE // #define OPTIGA_COMMS_DEFAULT_RESET_TYPE (1U) // #endif #define OPTIGA_COMMS_DEFAULT_RESET_TYPE (0U)

And the command works successfully after that

ying-css commented 1 year ago

@chiragp-mecha Great to hear about this.:)