Revert "Support for Hardware Secure Module (HSM) using Infineon OPTIGA Trust M (project-chip#32771) (project-chip#32905)"

This reverts commit 15b6bdd.

Signed-off-by: Adrian Gielniewski <adrian.gielniewski@nordicsemi.no>

Author: adigie

.github/.wordlist.txt

@@ -643,8 +643,6 @@ HomePods
 hostapd
 hostname
 href
-HSM
-hsm
 HTTPS
 HW
 hwadr
@@ -966,7 +964,6 @@ objcopy
 OccupancySensing
 OctetString
 OECORE
-OID
 ol
 Onboarding
 onboardingcodes
@@ -988,7 +985,6 @@ openweave
 OperationalCredentials
 operationalDataset
 opkg
-OPTIGA
 optionMask
 optionOverride
 optionsMask
@@ -1432,7 +1428,6 @@ transitionTime
 TransportMgrBase
 TriggerEffect
 TRNG
-trustm
 TrustedRootCertificates
 tsan
 TSG

.gitmodules

@@ -324,9 +324,3 @@
 	path = third_party/infineon/psoc6/psoc6_sdk/libs/lwip-network-interface-integration
 	url = https://github.com/Infineon/lwip-network-interface-integration.git
 	platforms = infineon
-[submodule "third_party/infineon/trustm/optiga-trust-m"]
-	path = third_party/infineon/trustm/optiga-trust-m
-	url = https://github.com/Infineon/optiga-trust-m.git
-	branch = matter_support
-	platforms = infineon
-

docs/guides/README.md

@@ -7,7 +7,6 @@
 -   [ASR - Getting Started Guide](./asr_getting_started_guide.md)
 -   [Espressif (ESP32) - Getting Started Guide](./esp32/README.md)
 -   [Infineon PSoC6 - Software Update](./infineon_psoc6_software_update.md)
--   [Infineon Trust M Provisioning](./infineon_trustm_provisioning.md)
 -   [Linux - Simulated Devices](./simulated_device_linux.md)
 -   [mbedOS - Adding a new target](./mbedos_add_new_target.md)
 -   [mbedOS - Commissioning](./mbedos_commissioning.md)

docs/guides/infineon_trustm_provisioning.md

@@ -15,11 +15,9 @@
 import("//build_overrides/build.gni")
 import("//build_overrides/chip.gni")
 import("//build_overrides/psoc6.gni")
+
 import("${build_root}/config/defaults.gni")
-import("${chip_root}/src/crypto/crypto.gni")
-import("${chip_root}/src/platform/Infineon/crypto/infineon_crypto.gni")
 import("${chip_root}/src/platform/device.gni")
-import("${chip_root}/third_party/infineon/trustm/trustm_config.gni")
 import("${psoc6_sdk_build_root}/psoc6_executable.gni")
 import("${psoc6_sdk_build_root}/psoc6_sdk.gni")
 
@@ -119,19 +117,6 @@ psoc6_executable("lock_app") {
     "${psoc6_project_dir}/include",
   ]
 
-  if (chip_crypto == "platform") {
-    include_dirs += [ "${chip_root}/third_party/infineon/trustm" ]
-    include_dirs += [ "${chip_root}/examples/platform/infineon/trustm" ]
-    include_dirs += [ "${chip_root}/src/platform/Infineon/crypto/trustm" ]
-
-    defines = [ "ENABLE_DEVICE_ATTESTATION=1" ]
-
-    public_deps += [
-      "${chip_root}/src/platform/Infineon/crypto/${infineon_crypto_impl}:infineon_crypto_lib",
-      "${chip_root}/third_party/infineon/trustm:optiga-trust-m",
-    ]
-  }
-
   sources = [
     "${examples_plat_dir}/LEDWidget.cpp",
     "${examples_plat_dir}/init_psoc6Platform.cpp",

examples/lock-app/infineon/psoc6/BUILD.gn

@@ -14,8 +14,6 @@ An example showing the use of Matter on the Infineon CY8CKIT-062S2-43012 board.
             -   [Notes](#notes)
         -   [Cluster control](#cluster-control)
         -   [Factory Reset](#factory-reset)
-    -   [Building with Optiga Trust M as HSM](#building-with-optiga-trust-m-as-hsm)
-        -   [Optiga Trust M Provisioning](#optiga-trust-m-provisioning)
     -   [OTA Software Update](#ota-software-update)
 
 <hr>
@@ -57,11 +55,6 @@ will then join the network.
           $ cd ~/connectedhomeip
           $ rm -rf out/
 
-_To build with Infineon Hardware Security Module-OPTIGA™ Trust M for Device
-attestation and other security use cases, please refer to the
-[Building with OPTIGA™ Trust M as HSM](#building-with-optiga-trust-m-as-hsm) for
-more instructions_
-
 ## Flashing the Application
 
 -   Put CY8CKIT-062S2-43012 board on KitProg3 CMSIS-DAP Mode by pressing the
@@ -135,50 +128,10 @@ commands. These power cycle the BlueTooth hardware and disable BR/EDR mode.
     on the board. All the data configured on the device during the initial
     commissioning will be deleted and device will be ready for commissioning
     again.
+
 -   Pressing the button again within 5 seconds will cancel the factory reset of
     the board.
 
-## Building with Optiga Trust M as HSM
-
-Infineon Hardware Security Module-OPTIGA™ Trust M is a high-end security
-solution that provides an anchor of trust for connecting IoT devices to the
-cloud, giving every IoT device its own unique identity.
-
--   Supported hardware setup:
-    [CY8CKIT-062S2-43012](https://www.cypress.com/CY8CKIT-062S2-43012)
-
-    [OPTIGA™ Trust M MTR](https://www.infineon.com/cms/en/product/evaluation-boards/trust-m-mtr-shield/)
-
-    [OPTIGA™ Trust Adapter](https://www.infineon.com/cms/en/product/evaluation-boards/optiga-trust-adapter/)
-
--   Building:
-
-    Follow the steps to build with OPTIGA™ Trust M for device attestation use
-    case:
-
-    ```
-      $ source scripts/activate.sh
-      $ scripts/build/build_examples.py --no-log-timestamps --target 'infineon-psoc6-lock-trustm' build
-    ```
-
--   To delete generated executable, libraries and object files use:
-
-        $ cd ~/connectedhomeip
-        $ rm -rf out/
-
--   Proceed to OPTIGA™ Trust M Provisioning section to complete the credential
-    storage into HSM.
-
-### Optiga Trust M Provisioning
-
-For the description of OPTIGA™ Trust M Provisioning with test DAC generation and
-PAI and CD storage, please refer to
-[Infineon OPTIGA™ Trust M Provisioning](../../../../docs/guides/infineon_trustm_provisioning.md)
-
-After completing OPTIGA™ Trust M Provisioning, proceed to
-[Flashing the Application](#flashing-the-application) section to continue with
-subsequent steps.
-
 ## OTA Software Update
 
 For the description of Software Update process with infineon PSoC6 example

examples/lock-app/infineon/psoc6/README.md

@@ -15,10 +15,7 @@
 import("//build_overrides/chip.gni")
 import("//build_overrides/pigweed.gni")
 import("${chip_root}/config/standalone/args.gni")
-import("${chip_root}/src/crypto/crypto.gni")
 import("${chip_root}/src/platform/Infineon/PSOC6/args.gni")
 
 psoc6_target_project =
     get_label_info(":lock_app_sdk_sources", "label_no_toolchain")
-
-import("${chip_root}/src/platform/Infineon/crypto/trustm/args.gni")

examples/lock-app/infineon/psoc6/args.gni

@@ -45,10 +45,6 @@
 #include <app/clusters/door-lock-server/door-lock-server.h>
 #include <app/clusters/identify-server/identify-server.h>
 
-#if ENABLE_DEVICE_ATTESTATION
-#include <DeviceAttestationCredsExampleTrustM.h>
-#endif
-
 /* OTA related includes */
 #if CHIP_DEVICE_CONFIG_ENABLE_OTA_REQUESTOR
 #include <app/clusters/ota-requestor/BDXDownloader.h>
@@ -161,12 +157,7 @@ static void InitServer(intptr_t context)
     chip::DeviceLayer::SetDeviceInfoProvider(&gExampleDeviceInfoProvider);
 
     // Initialize device attestation config
-#if ENABLE_DEVICE_ATTESTATION
-    SetDeviceAttestationCredentialsProvider(Examples::GetExampleTrustMDACProvider());
-#else
     SetDeviceAttestationCredentialsProvider(Examples::GetExampleDACProvider());
-#endif
-
 #if CHIP_DEVICE_CONFIG_ENABLE_OTA_REQUESTOR
     GetAppTask().InitOTARequestor();
 #endif

examples/lock-app/infineon/psoc6/src/AppTask.cpp

@@ -409,7 +409,6 @@ def BuildInfineonTarget():
     # modifiers
     target.AppendModifier('ota', enable_ota_requestor=True)
     target.AppendModifier('updateimage', update_image=True)
-    target.AppendModifier('trustm', enable_trustm=True)
 
     return target
 

scripts/build/build/targets.py

@@ -80,8 +80,7 @@ def __init__(self,
                  app: InfineonApp = InfineonApp.LOCK,
                  board: InfineonBoard = InfineonBoard.PSOC6BOARD,
                  enable_ota_requestor: bool = False,
-                 update_image: bool = False,
-                 enable_trustm: bool = False):
+                 update_image: bool = False):
         super(InfineonBuilder, self).__init__(
             root=app.BuildRoot(root),
             runner=runner)
@@ -93,10 +92,6 @@ def __init__(self,
             self.extra_gn_options.append('chip_enable_ota_requestor=true')
         if update_image:
             self.extra_gn_options.append('build_update_image=true')
-        if enable_trustm:
-            self.extra_gn_options.append('chip_crypto=\"platform\"')
-        if enable_trustm is False:
-            self.extra_gn_options.append('chip_crypto=\"mbedtls\"')
 
     def GnBuildArgs(self):
         return self.extra_gn_options

scripts/build/builders/infineon.py

@@ -13,7 +13,7 @@ linux-fake-tests[-mbedtls][-boringssl][-asan][-tsan][-ubsan][-libfuzzer][-ossfuz
 linux-{x64,arm64}-{rpc-console,all-clusters,all-clusters-minimal,chip-tool,thermostat,java-matter-controller,kotlin-matter-controller,minmdns,light,lock,shell,ota-provider,ota-requestor,simulated-app1,simulated-app2,python-bindings,tv-app,tv-casting-app,bridge,tests,chip-cert,address-resolve-tool,contact-sensor,dishwasher,microwave-oven,refrigerator,rvc,air-purifier,lit-icd,air-quality-sensor,network-manager,energy-management}[-nodeps][-nlfaultinject][-platform-mdns][-minmdns-verbose][-libnl][-same-event-loop][-no-interactive][-ipv6only][-no-ble][-no-wifi][-no-thread][-mbedtls][-boringssl][-asan][-tsan][-ubsan][-libfuzzer][-ossfuzz][-coverage][-dmalloc][-clang][-test][-rpc][-with-ui][-evse-test-event]
 linux-x64-efr32-test-runner[-clang]
 imx-{chip-tool,lighting-app,thermostat,all-clusters-app,all-clusters-minimal-app,ota-provider-app}[-release]
-infineon-psoc6-{lock,light,all-clusters,all-clusters-minimal}[-ota][-updateimage][-trustm]
+infineon-psoc6-{lock,light,all-clusters,all-clusters-minimal}[-ota][-updateimage]
 rw61x-{all-clusters-app,thermostat,laundry-washer}[-ota][-wifi][-thread][-factory-data][-matter-shell]
 k32w-{k32w0,k32w1}-{light,shell,lock,contact}[-se05x][-no-ble][-no-ota][-low-power][-nologs][-crypto-platform][-tokenizer][-openthread-ftd]
 mbed-cy8cproto_062_4343w-{lock,light,all-clusters,all-clusters-minimal,pigweed,ota-requestor,shell}[-release][-develop][-debug]