Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Hardware Secure Module (HSM) using Infineon Optiga Trust M #28397

Merged
merged 19 commits into from
Aug 25, 2023

Conversation

ying-css
Copy link
Contributor

@ying-css ying-css commented Jul 31, 2023

Summary of Changes:
The following changes are only applicable for V1.1 branch since the trustm(as HSM)implementation is under the /src/crypto/hsm/infineon folder which will involve modifications to the core matter stack.
For the Master branch, the /src/crypto/hsm folder has been removed so the trustm (as HSM) implementation is needed to be relocated to the platform folder. One new pull request will be submitted for master branch once we finish the integration.

1)Added Infineon Optiga Trust M as Hardware Secure Module (HSM)
2)Added support for device attestation using Infineon Optiga Trust M
3)Integrated Optiga Trust M into psoc6 platform for lock-app
4)Option to switch between HSM and Host Software Crypto implementation

Fixed #28355

@CLAassistant
Copy link

CLAassistant commented Jul 31, 2023

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions bot added documentation Improvements or additions to documentation examples scripts platform crypto labels Jul 31, 2023
Copy link
Contributor

@bzbarsky-apple bzbarsky-apple left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: I did not carefully review the actual CryptoPAL bits. I assume someone else has done that already.

ying-css and others added 4 commits August 4, 2023 16:11
… script

2)Fixed the bug for CHIPCryptoPALHsm_HMAC_trustm.cpp
…t-chip#28507)

* ESP32: avoid installing gdbgui when not needed (project-chip#26542)

ESP-IDF v4.4.4 requires gdbgui only when Python before 3.11 is used (see
espressif/esp-idf@3974be7).
Avoid installing it when not needed.

Fixes: project-chip#25385

* Remove gdbgui requirement for esp32 (project-chip#28007)

* Remove gdbgui requirement for esp32

* Fix qemu

* Fix chef as well

---------

Co-authored-by: Stefan Agner <stefan@agner.ch>
Co-authored-by: Andrei Litvin <andy314@gmail.com>
ankk-css and others added 2 commits August 10, 2023 09:53
@ying-css
Copy link
Contributor Author

@admin Could you kindly merge this pull request? Thanks a lot

@ankk-css
Copy link
Contributor

Hi @bzbarsky-apple @tcarmelveilleux @admin, @andy31415

Some of the tests are randomly failing because of the free space issue. And the pull request done before #28507 also failed but was merged.

I am not sure what can be done to resolve these tests as it is not failing because of our code changes.

Thanks,
Ank

Copy link
Contributor

@andy31415 andy31415 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ying-css - since this is a v1.1 branch change, please link to the original PR from master that you are cherrypicking or describe clearly why this is not a cherrypick.

I took a brief history search on master for the title of this PR and did not see the changes (examples/platform/infineon/trustm does not exist)

@ying-css
Copy link
Contributor Author

Hi @andy31415, Our current goal is to push the changes to the v1.1 branch, as our integration efforts commenced from there. Since the folder structures and our substantial feature additions differ significantly between the v1.1 branch and the master branch, cherry-picking from the master branch later might not be a viable option. Is it feasible to merge these changes into the v1.1 branch first? Meanwhile, we'll also work on integrating these changes into the master branch and submit a new pull request. Thank you for your understanding.

@ying-css
Copy link
Contributor Author

Hi @andy31415, For V1.1 branch, the trustm(as HSM)implementation is under the /src/crypto/hsm/infineon folder. This will involve modifications to the core matter stack(Related PR - #21415).
As for the Master branch, the /src/crypto/hsm folder has been removed. The trustm (as HSM) implementation is needed to be relocated to the platform folder, so the cherry pick from master branch might not be a viable option. We are working on the master branch now and will submit a new pull request very soon. Thank you very much.

@andy31415 andy31415 merged commit eb23187 into project-chip:v1.1-branch Aug 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crypto documentation Improvements or additions to documentation examples platform scripts
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants