Merge pull request #118 from Infineon/feature/mtr_doc

Update OPTIGA™ Trust M Documentation to match MTR Launch

LICENSE

@@ -1,6 +1,6 @@
-The MIT License
+MIT License
 
-Copyright (c) 2018 Infineon Technologies AG
+Copyright (c) 2018-2024 Infineon Technologies AG
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

documents/OPTIGA™ Trust M Solution Reference Manual.md

@@ -469,7 +469,7 @@ like to integrate the OPTIGA™ with their solution.
 ## Architecture Decomposition
 
 The architecture components contained in the shown solution architecture
-view (OPTIGA Trust Communication Protection - toolbox - View) are listed
+view (OPTIGA™Trust Communication Protection - toolbox - View) are listed
 and briefly described in the table below.
 
 4.  Architecture components
@@ -544,7 +544,7 @@ and briefly described in the table below.
 </tbody>
 </table>
 
-The class diagram OPTIGA Trust Communication Protection - toolbox - View
+The class diagram OPTIGA&trade;Trust Communication Protection - toolbox - View
 shows the Communication Protection Solution Architecture in case the
 local host is invoking a third\_party\_crypto library (e.g. WolfSSL,
 OpenSSL, mbedTLS, ...) containing its main functional blocks. The
@@ -568,7 +568,7 @@ is:
 | ------------------------------------ |
 | ![728,6](https://github.com/Infineon/Assets/raw/master/Pictures/OPTIGA_Trust_M/SRM/image4.tmp) |
 
-Figure 1 - OPTIGA Trust Communication Protection - toolbox - View
+Figure 1 - OPTIGA&trade;Trust Communication Protection - toolbox - View
 
 
 ### Host code size
@@ -1143,7 +1143,7 @@ enabler components, which gets provided by the OPTIGA™ solution. The
 target platforms for those enabler components are embedded systems,
 Linux and Windows.
 
-The class diagram OPTIGA Trust Enabler Software Overview shows host side
+The class diagram OPTIGA&trade;Trust Enabler Software Overview shows host side
 library architecture and it’s main functional blocks.
 
 The color coding provides information of whether the function blocks are
@@ -6377,7 +6377,12 @@ conditions.
   - If the shared secret gets updated on field either by protected
     update (integrity and confidentiality) or shielded connection, the
     regarded usage counter must be updated accordingly to allow the
-    usage of shared secret further for the required number of times.
+    usage of shared secret further for the required number of times
+
+  - Without the use of an Integrity and Confidentiality Protected Update, 
+    OPTIGA™ cannot support use cases based on PRESSEC that require more 
+    restrictive access rights for READ than for CHANGE
+
 
 ### Auto states
 

documents/README.md

@@ -2,17 +2,17 @@
 
 * **Infineon_I2C_Protocol_vX.XX.pdf** - Infineon I2C protocol specification. In this document you can find all information related to the communication protocol between a Host MCU and the Secure Element, for instance how shielded connection works.
 * **License.pdf** - MIT License
-* **OPTIGA_Trust_M_Cloud_ID_UserGuide.pdf** - A guidance on how to register a reel on the CIRRENT™ Cloud ID service 
-* **OPTIGA_Trust_M_ConfigGuide.pdf** - A comparison guidance between available provisioning options (M ver. 1/M ver.3/Express)
-* **OPTIGA_Trust_M_Datasheet_vX.XX.pdf** - Datasheet for the OPTIGA Trust M revision 1 product. This is a high level description of the hardware side of the product. You can find there the following information, though not limited to
+* **OPTIGA_Trust_M_Cloud_ID_UserGuide.pdf** - A guidance on how to register a reel on the CIRRENT™ Cloud ID service.
+* **OPTIGA_Trust_M_ConfigGuide_vX.XX.pdf** - A comparison guidance between available provisioning options (M ver. 1/M ver.3/Express/MTR)
+* **OPTIGA_Trust_M_Datasheet_vX.XX.pdf** - Datasheet for the OPTIGA™Trust M product. This is a high level description of the hardware side of the product. You can find there the following information, though not limited to
     * Electrical Characteristics
     * Crypto Performance
     * Hardware integration guide including a reference schematics
     * External Interface which the security chip exposes to the host (not the host library)
     * Test Vectors for the security chip (on I2C level)
     * Compliance infomration
 * **OPTIGA_Trust_M_Host_Library_Documentation.chm** - A Windows Help file with the API description
-* **OPTIGA_Trust_M_Keys_And_Certificates_vX.XX.pdf** - A document which describes default PKI infrustructure, in which worm and what exactly do we store on chip in regards to Private Keys and Certificates. You might find the [Personalize OPTIGA™ Trust](https://github.com/Infineon/personalize-optiga-trust) Application Note usefull as well
+* **OPTIGA_Trust_M_Keys_And_Certificates_vX.XX.pdf** - A document which describes default PKI infrustructure, in which way and what exactly do we store on chip in regards to Private Keys and Certificates. You might find the [Personalize OPTIGA™ Trust](https://github.com/Infineon/personalize-optiga-trust) Application Note usefull as well
 * **OPTIGA_Trust_M_Solution_Reference_Manual_vX.XX.md** - A document which describes in more details:
     * Features and properties of the security chip in more details
     * Use cases

examples/README.md

@@ -5,27 +5,27 @@ This folders are used to demonstrate basic functionality of the security chip.
 The list of available Application Notes and Examples is following:
 
 1. [Get started guide](https://github.com/Infineon/getstarted-optiga-trust-m)
-1. ModusToolbox™ Code Examples
+2. ModusToolbox™ Code Examples
     - [OPTIGA™ Trust M: Cryptography](https://github.com/Infineon/mtb-example-optiga-crypto)
     - [OPTIGA™ Trust M: MQTT Client](https://github.com/Infineon/mtb-example-optiga-mqtt-client)
     - [OPTIGA™ Trust M: Power management](https://github.com/Infineon/mtb-example-optiga-power-management)
     - [OPTIGA™ Trust M: Data management](https://github.com/Infineon/mtb-example-optiga-data-management)
-1. [Off-Chip TLS example (mbedTLS)](https://github.com/Infineon/mbedtls-optiga-trust-m)
-1. [Linux Command Line Interface](https://github.com/Infineon/linux-optiga-trust-m)
-1. Cloud:
+3. [Off-Chip TLS example (mbedTLS)](https://github.com/Infineon/mbedtls-optiga-trust-m)
+4. [Linux Command Line Interface](https://github.com/Infineon/linux-optiga-trust-m)
+5. Cloud:
     1. [AWS FreeRTOS example](https://github.com/Infineon/amazon-freertos-optiga-trust)
-    1. [Microsoft Azure IoT example](https://github.com/Infineon/azure-optiga-trust-m)
-1. [Zephyr OS driver](https://github.com/Infineon/zephyr)
-1. [Arduino library](https://github.com/Infineon/arduino-optiga-trust-m)
-1. [Personalize OPTIGA™ Trust](https://github.com/Infineon/personalize-optiga-trust)
-1. [Python package](https://github.com/Infineon/python-optiga-trust)
-1. [I2C Utilities](https://github.com/Infineon/i2c-utils-optiga-trust)
+    2. [Microsoft Azure IoT example](https://github.com/Infineon/azure-optiga-trust-m)
+6. [Zephyr OS driver](https://github.com/Infineon/zephyr)
+7. [Arduino library](https://github.com/Infineon/arduino-optiga-trust-m)
+8. [Personalize OPTIGA™ Trust](https://github.com/Infineon/personalize-optiga-trust)
+9. [Python package](https://github.com/Infineon/python-optiga-trust)
+10. [I2C Utilities](https://github.com/Infineon/i2c-utils-optiga-trust)
 
 # Troubleshooting
 
 ## 0x107 (handshake error)
 
-Some of the examples, for instance [`example_optiga_util_read_data`](https://github.com/Infineon/optiga-trust-m/blob/master/examples/optiga/example_optiga_util_read_data.c#L61) calls 
+Some of the examples, for instance [`example_optiga_util_read_data`](https://github.com/Infineon/optiga-trust-m/blob/master/examples/optiga/example_optiga_util_read_data.c#L61) calls
 ```
 // OPTIGA Comms Shielded connection settings to enable the protection
 OPTIGA_UTIL_SET_COMMS_PROTOCOL_VERSION(me, OPTIGA_COMMS_PROTOCOL_VERSION_PRE_SHARED_SECRET);

examples/tools/protected_update_data_set/README.md

@@ -61,7 +61,7 @@ Usage : <.exe> input1=<value> input2=<value> ..
                              note     :  Input is a hexadecimal string.E.g. E3
                                       :  The values in "options" can be bitwise ORED and provided ( Refer SRM )
         key_algo             default  :
-                             options  :  ECC-NIST-P-256 (3) , ECC-NIST-P-384 (4), ECC-NIST-P-521 (5), ECC-BRAINPOOL-P-256-R1 (19) , ECC-BRAINPOOL-P-384-R1 (21), ECC-BRAINPOOL-P-512-R1 (22), RSA-1024-Exp (65) , RSA-2048-Exp (66), AES-128 (129), AES-192 (129), AES-256 (131)
+                             options  :  ECC-NIST-P-256 (3) , ECC-NIST-P-384 (4), ECC-NIST-P-521 (5), ECC-BRAINPOOL-P-256-R1 (19) , ECC-BRAINPOOL-P-384-R1 (21), ECC-BRAINPOOL-P-512-R1 (22), RSA-1024-Exp (65) , RSA-2048-Exp (66), AES-128 (129), AES-192 (130), AES-256 (131)
                              note     :  Input is a decimal string.E.g. 129
         key_data             default  :  (null)
                              options  :  ECC / RSA key in .pem format or AES key in txt file as hexadecimal string

examples/tools/protected_update_data_set/include/protected_update_data_set.h

@@ -78,6 +78,8 @@ typedef enum key_algorithm
     eRSA_1024_EXP       = 0x41,
     eRSA_2048_EXP       = 0x42,
     eAES_128            = 0x81,
+    eAES_192            = 0x82,
+    eAES_256            = 0x83,
 } key_algorithm_t;
 
 typedef enum key_usage

examples/tools/protected_update_data_set/src/user_input_parser.c

@@ -249,7 +249,7 @@ opt_prop_t option_table[] =
     // PAYLOAD : KEYS
     { "Details", DETAIL_KEY_OBJ, NULL, "", 0, "", "" },
     { DESC_KEY_USAGE, SHORT_NAME_KEY_USAGE, &opt.key_usage, DEFAULT_KEY_USAGE, 0, "AUTH (0x01) , ENC (0x02) , SIGN (0x10) , KEY_AGREE (0x20)", "Input is a hexadecimal string.E.g. E3"_NEXT_"The values in \"options\" can be bitwise ORED and provided ( Refer SRM )" },
-    { DESC_KEY_ALGO, SHORT_NAME_KEY_ALGO, &opt.key_algo, DEFAULT_KEY_ALGO, 0, "ECC-NIST-P-256 (3) , ECC-NIST-P-384 (4), ECC-NIST-P-521 (5), ECC-BRAINPOOL-P-256-R1 (19) , ECC-BRAINPOOL-P-384-R1 (21), ECC-BRAINPOOL-P-512-R1 (22), RSA-1024-Exp (65) , RSA-2048-Exp (66), AES-128 (129), AES-192 (129), AES-256 (131)", "Input is a decimal string.E.g. 129" },
+    { DESC_KEY_ALGO, SHORT_NAME_KEY_ALGO, &opt.key_algo, DEFAULT_KEY_ALGO, 0, "ECC-NIST-P-256 (3) , ECC-NIST-P-384 (4), ECC-NIST-P-521 (5), ECC-BRAINPOOL-P-256-R1 (19) , ECC-BRAINPOOL-P-384-R1 (21), ECC-BRAINPOOL-P-512-R1 (22), RSA-1024-Exp (65) , RSA-2048-Exp (66), AES-128 (129), AES-192 (130), AES-256 (131)", "Input is a decimal string.E.g. 129" },
     { DESC_PAYLOAD_KEY, SHORT_NAME_PAYLOAD_KEY, &opt.key_data, DEFAULT_PAYLOAD_KEY, 0, "ECC / RSA key in .pem format or AES key in txt file as hexadecimal string", "Refer : samples/payload/key/sample_ec_256_priv.pem for ECC or RSA key"_NEXT_"Refer : samples/payload/key/aes_key.txt for AES key" },
 
     // PAYLOAD : METADATA

pal/README.md

@@ -12,13 +12,15 @@ The Crypto PAL helps a Host MCU to perfrom shielded communication (protected Inf
 If you don't use shielded connection you can skip this module
 
 Currently three Crypto PALs are supported via third-party libraries (should be provided at compilation/linking time)
+
 1. mbed TLS Crypto Library
-1. OpenSSL Crypto Library
-1. WolfSSL Crypto Library
+2. OpenSSL Crypto Library
+3. WolfSSL Crypto Library
 
 There are three functions required to be implemented by the Crypto PAL, these are:
-1. `pal_crypt_tls_prf_sha256`    
-    <details> <summary> Test Vectors </summary> 
+
+1. `pal_crypt_tls_prf_sha256`
+    <details> <summary> Test Vectors </summary>
 
     ```c
     **********************************************************************************************
@@ -102,7 +104,7 @@ There are three functions required to be implemented by the Crypto PAL, these ar
     </details>
 
 1. `pal_crypt_encrypt_aes128_ccm`
-    <details> <summary> Test Vectors </summary> 
+    <details> <summary> Test Vectors </summary>
 
     ```c
     /* key */
@@ -149,9 +151,9 @@ There are three functions required to be implemented by the Crypto PAL, these ar
     ```
 
     </details>
-    
+
 1. `pal_crypt_decrypt_aes128_ccm`
-    <details> <summary> Test Vectors </summary> 
+    <details> <summary> Test Vectors </summary>
 
     ```c
     /* key */
@@ -198,8 +200,7 @@ There are three functions required to be implemented by the Crypto PAL, these ar
     ```
 
     </details>
-
-
+
 A simple test suite can look like following
 
 <details><summary> Simple Test suite </summary>
@@ -390,4 +391,5 @@ static int32_t testAES128CCMDecrypt(void)
     return ret;
 }
 ```
+
 </details>