To use Infineon OPTIGA™ Trust M for device attestation, Provisioning for OPTIGA™ Trust M with Matter test device Attestation certificate is needed.
Shield2Go Adapter for Raspberry Pi or Jumping Wire
The Linux Tools for OPTIGA™ Trust M can be used to perform provisioning by following the steps mentioned below.
$ git clone --recurse-submodules https://github.com/Infineon/linux-optiga-trust-m.git
$ cd linux-optiga-trust-m/ $ git checkout provider_dev $ git submodule update -f $ ./provider_installation_script.sh
$ cd scripts/matter_provisioning/ $ ./matter_test_provisioning.sh
Note:
By running this example matter_test_provisioning.sh
, the steps shown below are executed:
Step1: Extract the public key from the Infineon pre-provisioned Certificate(0xE0E0) using openssl command.
Step2: Generate DAC test certificate using the extracted public key, Signed by Matter test PAI. Please note that production devices cannot re-use these test keys/certificates.
Step3: Write DAC test certificate into OPTIGA™ Trust M certificate slot 0xE0E0.
Step4: Write Matter test PAI into OPTIGA™ Trust M certificate slot 0xE0E8 and test CD into OPTIGA™ Trust M Arbitrary OID 0xF1E0.
For certificate claim and OPTIGA™ Trust M MTR provisioning, please refer to our README for Late-stage Provisioning