Infineon OPTIGA™ Trust M Provisioning for Matter#
To use Infineon OPTIGA™ Trust M for device attestation, Provisioning for OPTIGA™ Trust M with Matter test device Attestation certificate is needed.
Hardware setup:#
Shield2Go Adapter for Raspberry Pi or Jumping Wire
Provisioning for OPTIGA™ Trust M#
The Linux Tools for OPTIGA™ Trust M can be used to perform provisioning by following the steps mentioned below.
Set up chip-tool on Raspberry Pi 4 by following the instruction listed at Building chip-tool on Raspberry Pi
Clone the repo from Infineon Public GitHub
$ git clone --recurse-submodules https://github.com/Infineon/linux-optiga-trust-m.git
Build the Linux tools for OPTIGA™ Trust M
$ cd linux-optiga-trust-m/
$ git checkout provider_dev
$ git submodule update -f
$ ./provider_installation_script.sh
Run the script to generate Matter test DAC for lock-app using the public key extracted from the Infineon pre-provisioned Certificate and store it into 0xE0E0
$ cd scripts/matter_provisioning/
$ ./matter_test_provisioning.sh
Note:
By running this example matter_test_provisioning.sh
, the steps shown below
are executed:
Step1: Extract the public key from the Infineon pre-provisioned Certificate(0xE0E0) using openssl command.
Step2: Generate DAC test certificate using the extracted public key, Signed by Matter test PAI. Please note that production devices cannot re-use these test keys/certificates.
Step3: Write DAC test certificate into OPTIGA™ Trust M certificate slot 0xE0E0.
Step4: Write Matter test PAI into OPTIGA™ Trust M certificate slot 0xE0E8 and test CD into OPTIGA™ Trust M Arbitrary OID 0xF1E0.
For certificate claim and OPTIGA™ Trust M MTR provisioning, please refer to our README for Late-stage Provisioning