Re: Add support Optiga Trust X


Carles Cufi
 

Hi Pawel,

 

We actually discussed a very similar case yesterday in the TSC meeting. The trusted-firmware-m module also requires mbedTLS, but a different version from the one we have in Zephyr. In that case the resolution was to place the required mbedTLS version *inside* the trusted-firmware-m module/repo, so that the whole repo is self-contained.

I would argue that if you can make it work with the existing mbedTLS currently present as a zephyr module, that is ideal. If that doesn’t work out then you can do the same that we’ve done with trusted-firmware-m and include the copy of mbedTLS directly inside the optiga module repo.

 

Carles

 

From: Pawel Zarembski <Pawel.Zarembski@...>
Sent: 28 November 2019 12:32
To: devel@...
Cc: Christoph.Reiter@...; Artem.Yushev@...; Christian.Lesjak@...; Mihai.Tudosie@...; Cufi, Carles <Carles.Cufi@...>
Subject: RE: Add support Optiga Trust X

 

Hello,

 

I finished implementing basic library API (optiga/, examples/, pal/) and now I want to move on to work on mbedTLS and one questions arose:

 

Does Optiga Trust X module should contain mbedTLS library? Basically Zephyr have separate module for mbedTLS so if it will be included in Optiga module aswell it would create unnecessary redundancy.

 

If no: should i work on integrating Optiga Trust X with existing mbedTLS module?

 

Best regards

Paweł

 

From: Mihai.Tudosie@... <Mihai.Tudosie@...>
Sent: Tuesday, November 12, 2019 3:43 PM
To: Carles.Cufi@...
Cc: Pawel Zarembski <Pawel.Zarembski@...>; devel@...; Christoph.Reiter@...; Artem.Yushev@...; Christian.Lesjak@...
Subject: [External] RE: Add support Optiga Trust X

 

 

CAUTION: This email originated from outside of the organization. This message might not be safe, use caution in opening it. If in doubt, do not open the attachment nor links in the message.

 

Hi Carles,

 

Thank you for keeping us up to date and supporting with this topic.

I’ve added 2 more colleagues; Artem was already in contact with Pawel to add his code to Infineon github repo too.

 

 

Best regards,

Mihai

 

 

 

 

From: Cufi, Carles <Carles.Cufi@...>
Sent: Dienstag, 12. November 2019 14:34
To: pawel.zarembski@...; devel@...
Cc: Tudosie Mihai (IFAT DCGR DSS SVS SCI) <Mihai.Tudosie@...>; Reiter Christoph (IFAT DCGR DSS M TPD) <Christoph.Reiter@...>
Subject: RE: Add support Optiga Trust X

 

Hi Pawel,

 

Copying a couple of people from Infineon that might be interested in your work.

 

About your questions.

 

  1. You are expected to provide the board files in a single Pull Request. If you are not able to do so maybe you can provide as much as you can using a Draft Pull Request and then ask for help in the mailing list
  2. Looking at the optiga-trust-x source code, it’s licensed under the MIT license, and it’s also a cross-platform project that is not maintained as part of Zephyr. This means that the proper way to integrate it into Zephyr is to use a separate repository with a Zephyr module. See here for more details: https://docs.zephyrproject.org/latest/guides/modules.html#submitting-a-new-module
  3. All code that goes into the main Zephyr repository should be Apache 2.0 licensed. The MIT license is fine for a module, which is a repository hosted under the zephyrproject-rtos GitHub organization but not the main repo itself. I recommend that you place all code under the MIT license in the external module, and the rest licensed as Apache 2.0 in the zephyr repo itself.

 

Carles

 

 

From: devel@... <devel@...> On Behalf Of Pawel Zarembski via Lists.Zephyrproject.Org
Sent: 12 November 2019 13:35
To: devel@...
Cc: devel@...
Subject: [Zephyr-devel] Add support Optiga Trust X

 

Hello,

I am currently working on project based on EFM32PG board and Optiga Trust X (security chip). I already did some work on implementing their framework and I run it with success with sample demo.

I want to ask about process of adding support for that board for Zephyr.

  1. Do I need to do everything by my own and then do the Pull Request for that?
  2. Should the framework/library be implemented as external Module or for example as external library ( /ext/lib )?
  3. Is there a problem with licensing? Because this framework is build on MIT license copyrighted by Infineon Technologies and some part with MIT copyrighted by Arrow Electronics.

 

Helpful links:

Repo: https://github.com/Infineon/optiga-trust-x

Implemented Platform Abstraction Layer with Zephyr support: https://github.com/Infineon/optiga-trust-x/tree/master/pal/efm32pg_zephyr

 

Best regards

Paweł Zarembski

Arrow Electronics

 

Join devel@lists.zephyrproject.org to automatically receive all group messages.