Hi,
We are running an application on Linux. This application accesses TrustM when using TLS.
At this time, the value of SecureMonitorCounter (SEC) is counted up.
If you continue to access TrustM, the SEC will be counted up and the response from TrustM will gradually slow down.
As a result, the performance of the application is reduced.
So we have some questions.
We are using SLS32AIA010MS chip, and we have confirmed OPTIGA_Trust_M_Solution_Reference_Manual (Rev3.15).
[Q1]
We would like to change the Security Monitor configuration described in OPTIGA_Trust_M_Solution_Reference_Manual 4.6.3.
However, the metadata for OID = 0xE0C9 looks like this and cannot be changed.
How can we change the Security Monitor configuration?
# trustm_metadata -r 0xE0C9
========================================================
[Size 0019] :
20 11 C0 01 07 C4 01 08 D0 03 E1 FC 07 D1 01 00
D3 01 FF
LcsO:0x07, Max:8, C:LcsO<0x07, R:ALW, E:NEV,
========================================================
The following is reference information.
# trustm_data -r 0xE0C9
========================================================
[Size 0008] :
32 00 05 01 00 00 00 00
========================================================
# trustm_chipinfo
Read Chip Info [0xE0C2]: Success.
========================================================
CIM Identifier [bCimIdentifer]: 0xcd
Platform Identifer [bPlatformIdentifier]: 0x16
Model Identifer [bModelIdentifier]: 0x33
ID of ROM mask [wROMCode]: 0x9401
Chip Type [rgbChipType]: 0x00 0x1c 0x00 0x01 0x00 0x00
Batch Number [rgbBatchNumber]: 0x0a 0x09 0xa4 0x13 0x00 0x0b
X-coordinate [wChipPositionX]: 0x0042
Y-coordinate [wChipPositionY]: 0x0078
Firmware Identifier [dwFirmwareIdentifier]: 0x80101071
Build Number [rgbESWBuild]: 24 40
Chip software build:
OPTIGA(TM) Trust M rev.3; Firmware Version: 3.00.2440
========================================================
[Q2]
The value of SEC cucurrent keeps increasing.
Even if I waited for a while and then accessed it, the SEC value did not decrease.
The SEC value is decremented over time for the Tmax value in OPTIGA_Trust_M_Solution_Reference_Manual Figure 28-Security Monitor flow diagram.
However, the value of SEC is not decremented. Is this behavior correct?
And, SEC does not return to 0 after rebooting. The SEC value is decrease.
[2021-08-23 09:44:16.581] # trustm_read_status
[2021-08-23 09:44:16.830] ========================================================
[2021-08-23 09:44:16.925] Global Life Cycle Status [0xE0C0] [Size 0001] : 07
[2021-08-23 09:44:16.955] Global Security Status [0xE0C1] [Size 0001] : 20
[2021-08-23 09:44:16.986] UID [0xE0C2] [Size 0027] :
[2021-08-23 09:44:16.989] CD 16 33 94 01 00 1C 00 01 00 00 0A 09 A4 13 00
[2021-08-23 09:44:16.989] 0B 00 42 00 78 80 10 10 71 24 40
[2021-08-23 09:44:17.005] Sleep Mode Activation Delay [0xE0C3] [Size 0001] : 14
[2021-08-23 09:44:17.022] Current Limitation [0xE0C4] [Size 0001] : 06
[2021-08-23 09:44:17.054] Security Event Counter [0xE0C5] [Size 0001] : 13 (*******)
[2021-08-23 09:44:17.099] Max Com Buffer Size [0xE0C6] [Size 0002] : 06 15
[2021-08-23 09:44:17.114] Application Life Cycle Sts [0xF1C0] [Size 0001] : 01
[2021-08-23 09:44:17.145] Application Security Sts [0xF1C1] [Size 0001] : 20
[2021-08-23 09:44:17.173] Application Error Codes [0xF1C2] [Size 0001] : 00
[2021-08-23 09:44:17.173] ========================================================
[2021-08-23 09:45:10.915]
[2021-08-23 09:45:22.310]
[2021-08-23 09:45:22.562] ========================================================
[2021-08-23 09:45:22.670] [Size 0019] :
[2021-08-23 09:45:22.674] 20 11 C0 01 07 C4 01 08 D0 03 E1 FC 07 D1 01 00
[2021-08-23 09:45:22.674] D3 01 FF
[2021-08-23 09:45:22.674] LcsO:0x07, Max:8, C:LcsO<0x07, R:ALW, E:NEV,
[2021-08-23 09:45:22.674]
[2021-08-23 09:45:22.674] ========================================================
[2021-08-23 09:45:22.710]
1.5h later
[2021-08-23 11:16:12.399] # trustm_read_status
[2021-08-23 11:16:12.647] ========================================================
[2021-08-23 11:16:12.735] Global Life Cycle Status [0xE0C0] [Size 0001] : 07
[2021-08-23 11:16:12.770] Global Security Status [0xE0C1] [Size 0001] : 20
[2021-08-23 11:16:12.806] UID [0xE0C2] [Size 0027] :
[2021-08-23 11:16:12.806] CD 16 33 94 01 00 1C 00 01 00 00 0A 09 A4 13 00
[2021-08-23 11:16:12.806] 0B 00 42 00 78 80 10 10 71 24 40
[2021-08-23 11:16:12.825] Sleep Mode Activation Delay [0xE0C3] [Size 0001] : 14
[2021-08-23 11:16:12.841] Current Limitation [0xE0C4] [Size 0001] : 06
[2021-08-23 11:16:12.874] Security Event Counter [0xE0C5] [Size 0001] : 15 (*******) The value is not decrease.
[2021-08-23 11:16:12.922] Max Com Buffer Size [0xE0C6] [Size 0002] : 06 15
[2021-08-23 11:16:12.941] Application Life Cycle Sts [0xF1C0] [Size 0001] : 01
[2021-08-23 11:16:12.977] Application Security Sts [0xF1C1] [Size 0001] : 20
[2021-08-23 11:16:13.005] Application Error Codes [0xF1C2] [Size 0001] : 00
[2021-08-23 11:16:13.005] ========================================================
PowerOFF
PowerOn
[2021-08-23 11:23:52.719] # trustm_read_status
[2021-08-23 11:23:53.015] ========================================================
[2021-08-23 11:23:53.259] Global Life Cycle Status [0xE0C0] [Size 0001] : 07
[2021-08-23 11:23:53.321] Global Security Status [0xE0C1] [Size 0001] : 20
[2021-08-23 11:23:53.396] UID [0xE0C2] [Size 0027] :
[2021-08-23 11:23:53.397] CD 16 33 94 01 00 1C 00 01 00 00 0A 09 A4 13 00
[2021-08-23 11:23:53.397] 0B 00 42 00 78 80 10 10 71 24 40
[2021-08-23 11:23:53.439] Sleep Mode Activation Delay [0xE0C3] [Size 0001] : 14
[2021-08-23 11:23:53.481] Current Limitation [0xE0C4] [Size 0001] : 06
[2021-08-23 11:23:53.548] Security Event Counter [0xE0C5] [Size 0001] : 0E (*******) After restart, but the value is not 0.
[2021-08-23 11:23:53.624] Max Com Buffer Size [0xE0C6] [Size 0002] : 06 15
[2021-08-23 11:23:53.671] Application Life Cycle Sts [0xF1C0] [Size 0001] : 01
[2021-08-23 11:23:53.738] Application Security Sts [0xF1C1] [Size 0001] : 20
[2021-08-23 11:23:53.805] Application Error Codes [0xF1C2] [Size 0001] : 00
[2021-08-23 11:23:53.805] ========================================================
PowerOFF
1min wait
PowerOn
[2021-08-23 11:37:09.685] # trustm_read_status
[2021-08-23 11:37:09.942] ========================================================
[2021-08-23 11:37:10.099] Global Life Cycle Status [0xE0C0] [Size 0001] : 07
[2021-08-23 11:37:10.142] Global Security Status [0xE0C1] [Size 0001] : 20
[2021-08-23 11:37:10.191] UID [0xE0C2] [Size 0027] :
[2021-08-23 11:37:10.193] CD 16 33 94 01 00 1C 00 01 00 00 0A 09 A4 13 00
[2021-08-23 11:37:10.193] 0B 00 42 00 78 80 10 10 71 24 40
[2021-08-23 11:37:10.223] Sleep Mode Activation Delay [0xE0C3] [Size 0001] : 14
[2021-08-23 11:37:10.260] Current Limitation [0xE0C4] [Size 0001] : 06
[2021-08-23 11:37:10.304] Security Event Counter [0xE0C5] [Size 0001] : 03 (*******) After restart, but the value is not 0.
[2021-08-23 11:37:10.367] Max Com Buffer Size [0xE0C6] [Size 0002] : 06 15
[2021-08-23 11:37:10.406] Application Life Cycle Sts [0xF1C0] [Size 0001] : 01
[2021-08-23 11:37:10.449] Application Security Sts [0xF1C1] [Size 0001] : 20
[2021-08-23 11:37:10.498] Application Error Codes [0xF1C2] [Size 0001] : 00
[2021-08-23 11:37:10.498] ========================================================
[Q3]
The SEC value does not count up from 0xF7.
After communicating with TrustM for a while, the SEC value will no longer count up from 0xF7.
OPTIGA_Trust_M_Solution_Reference_Manual 4.6.4 states that the maximum value of SEC is 255, but it does not reach that level.
[2021-08-23 12:42:11.639] # trustm_read_status
[2021-08-23 12:42:11.886] ========================================================
[2021-08-23 12:42:16.703] Global Life Cycle Status [0xE0C0] [Size 0001] : 07
[2021-08-23 12:42:16.733] Global Security Status [0xE0C1] [Size 0001] : 20
[2021-08-23 12:42:16.763] UID [0xE0C2] [Size 0027] :
[2021-08-23 12:42:16.765] CD 16 33 94 01 00 1C 00 01 00 00 0A 09 A4 13 00
[2021-08-23 12:42:16.765] 0B 00 42 00 78 80 10 10 71 24 40
[2021-08-23 12:42:16.782] Sleep Mode Activation Delay [0xE0C3] [Size 0001] : 14
[2021-08-23 12:42:16.798] Current Limitation [0xE0C4] [Size 0001] : 06
[2021-08-23 12:42:16.834] Security Event Counter [0xE0C5] [Size 0001] : F7 (*******)
[2021-08-23 12:42:16.880] Max Com Buffer Size [0xE0C6] [Size 0002] : 06 15
[2021-08-23 12:42:16.896] Application Life Cycle Sts [0xF1C0] [Size 0001] : 01
[2021-08-23 12:42:16.943] Application Security Sts [0xF1C1] [Size 0001] : 20
[2021-08-23 12:42:16.968] Application Error Codes [0xF1C2] [Size 0001] : 00
[2021-08-23 12:42:16.968] ========================================================
[2021-08-23 12:42:20.319] # trustm_read_status
[2021-08-23 12:42:20.574] ========================================================
[2021-08-23 12:42:25.385] Global Life Cycle Status [0xE0C0] [Size 0001] : 07
[2021-08-23 12:42:25.412] Global Security Status [0xE0C1] [Size 0001] : 20
[2021-08-23 12:42:25.449] UID [0xE0C2] [Size 0027] :
[2021-08-23 12:42:25.452] CD 16 33 94 01 00 1C 00 01 00 00 0A 09 A4 13 00
[2021-08-23 12:42:25.452] 0B 00 42 00 78 80 10 10 71 24 40
[2021-08-23 12:42:25.463] Sleep Mode Activation Delay [0xE0C3] [Size 0001] : 14
[2021-08-23 12:42:25.479] Current Limitation [0xE0C4] [Size 0001] : 06
[2021-08-23 12:42:25.515] Security Event Counter [0xE0C5] [Size 0001] : F7 (*******) The value is not increase.
[2021-08-23 12:42:25.559] Max Com Buffer Size [0xE0C6] [Size 0002] : 06 15
[2021-08-23 12:42:25.574] Application Life Cycle Sts [0xF1C0] [Size 0001] : 01
[2021-08-23 12:42:25.623] Application Security Sts [0xF1C1] [Size 0001] : 20
[2021-08-23 12:42:25.650] Application Error Codes [0xF1C2] [Size 0001] : 00
[2021-08-23 12:42:25.650] ========================================================