Awesome Open Source
Awesome Open Source

OPTIGA™ Trust M Software Framework

Quick navigation

Security Chip


This repository contains a target-agnostic Software Framework for the OPTIGA Trust M security chip. It is a base for other application notes. Be aware that this software comes without any security claims and shall be used for evaluation purpose.

Key Features and Benefits

  • High-end security controller
  • Common Criteria Certified EAL6+ (high) hardware
  • Turnkey solution
  • Up to 10kB user memory
  • PG-USON-10 package (3 x 3 mm)
  • Temperature range (40C to +105C)
  • I2C interface with Shielded Connection (encrypted communication)
  • Cryptographic support:
    • ECC : NIST curves up to P-521, Brainpool r1 curve up to 512,
    • RSA up to 2048
    • AES key up to 256 , HMAC up to SHA512
    • TLS v1.2 PRF and HKDF up to SHA512
  • Crypto ToolBox commands for SHA-256, ECC and RSA Feature, AES, HMAC and Key derivation
  • Configurable device security monitor, 4 Monotonic up counters
  • Protected(integrity and confidentiality) update of data, key and metadata objects
  • Hibernate for zero power consumption
  • Lifetime for Industrial Automation and Infrastructure is 20 years and 15 years for other Application Profiles

OPTIGA™ Trust M features table

Features Supported Curve/Algorithm V1 V3
ECC NIST P521, ECC Brainpool P256/384/512 r1
RSA RSA 1024/2048
Key Derivation TLS v1.2 PRF SHA 256
TLS v1.2 PRF SHA 384/512
HKDF SHA-256/384/512
AES Key size - 128/192/256 (ECB, CBC, CBC-MAC, CMAC)
Random Generation TRNG, DRNG, Pre-Master secret for RSA Key exchange
HMAC HMAC with SHA256/384/512
Hash SHA256
Protected data (object) update (Integrity) ECC NIST P256/384RSA 1024/2048 Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing
ECC NIST P521,ECC Brainpool P256/384/512 r1Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing
Protected Data/key/metadata update (Integrity and/or confidentiality) ECC NIST P256/384/521ECC Brainpool P256/384/512 r1RSA 1024/2048Signature scheme as ECDSA FIPS 186-3/RSA SSA PKCS#1 v1.5 without hashing

Get Started

OPTIGA Trust M evaluation kit

Get started with the OPTIGA Trust M evaluation kit using this Application Note, or the FreeRTOS example


  1. Get started guide
  2. Off-Chip TLS example (mbedTLS)
  3. Cloud:
    1. AWS FreeRTOS example
    2. Microsoft Azure IoT example
  4. Zephyr OS driver
  5. Secure Firmware Update and Secure Boot (link is pending)
  6. Arduino library
  7. Personalize OPTIGA Trust
  8. OpenSSL Engine Command Line Interface and AWS IoT C SDK (for RPi3)
  9. Python package
  10. I2C Utilities

Software Framework overview

  1. See Trust M Crypt API and Trust M Util API to know more about CRYPT and UTIL modules
  2. Information about the OPTIGA Trust M Command Library (CMD) can be found in the Solution Reference Manual In the same document you can find explanation of all Object IDs (OIDs) available for users as well as detailed technical explanation for all features and envisioned use cases.
  3. Infineon I2C Protocol implementation details can be found here
  4. Platform Abstraction Layer (PAL) overview and Porting Guide are presented in the Wiki

For more information please refer to the Wiki page of this project

Evaluation and developement kits

External links, open in the same tab.

  • OPTIGA Trust M evaluation kit

  • OPTIGA Trust M Shield2Go Notes to the S2Go Security OPTIGA M:

    • Supply voltage VCC is max. 5.5 V, please refer to the OPTIGA Trust M datasheet for more details about maximum ratings
    • Ensure that no voltage applied to any of the pins exceeds the absolute maximum rating of VCC + 0.3 V
    • Pin out on top (head) is directly connected to the pins of the OPTIGA Trust M
    • If head is broken off, only one capacitor is connected to the OPTIGA Trust M
    S2Go Security OPTIGA M Pinout drawing
    S2Go Security OPTIGA M Schematic drawing


Usefull articles

Datasheet and Co.

For high level description and some important excerpts from the documentation please refer to Wiki page

Other downloadable PDF documents can be found below:

  1. OPTIGA Trust M Datasheet v3.10 (PDF)
  2. OPTIGA Trust M Solution Reference Manual v3.15 (PDF)
  3. OPTIGA Trust M Keys and Certificates v3.10 (PDF)
  4. Infineon I2C protocol specification v2.03 (PDF)

Board assembly recommendations

If you are planning to integrate OPTIGA Trust M in your PCB design have a look at the recommendations found here (external, opens in the same tab).


Please read for details on our code of conduct, and the process for submitting pull requests to us.


This project is licensed under the MIT License - see the LICENSE file for details

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
C (276,688
Cryptography (3,516
Aes (702
Rsa (612
Ecdsa (148
Ecc (131
Related Projects