ying-css
commented
1 year ago Hi @jin-tech1 For Q1, Yes, this is only achievable through changing the metadata for the data object. Please refer to:AC_conf_PBS_test.sh For raspberry Pi, the sample shared secret is located here For Q2, there is no command to link a monotonic counter to one of RSA Key objects, but you can set it up by changing metadata. Please refer to trustm_monotonic_counter_test.sh. Thanks.
jin-tech1
Hello, Have you looked for an answer?
We have looked through the documentation for the command line tools and the code.
Question/Issue: Please help with the following. [Q1]
Is there a command to instruct optiga that read/write access to a data object should only happen if shielded connection is established? Or is this only achievable through changing the metadata for the data object? If so, what metadata should be written to the data object through the command bin/trustm_metadata? We have only changed the OPTIGA_COMMS_DEFAULT_PROTECTION_LEVEL, and run the scripts/misc/write_default_shared_secret
When the restrictions are setup, how do we tell optiga that our local device knows the secret? We are currently using a Raspberry pi as our local device.
[Q2] Is there a command to link a monotonic counter to one of the RSA key objects, to ensure the maximum number of usage? Will linking a counter make it read-only or is that an option needed to be set?
We use an identical setup to the one shown in documentation.
Thanks for the help