Updated README and Certificate slot for DAC for OPTIGA Trust M MTR (#…

…32939)

* 1)Added guide for OTA update for psoc6 with trust m

* 1)Updated the DAC certificate ID for Trust M  MTR

2)Updated the doc for Trust M MTR provisioning

* Restyled by prettier-markdown

* Update word list to include MTR

---------

Co-authored-by: Restyled.io <[email protected]>
Co-authored-by: Ank Khandelwal <[email protected]>

.github/.wordlist.txt

@@ -879,6 +879,7 @@ MoveWithOnOff
 MPSL
 MRP
 MTD
+MTR
 MTU
 Multiband
 Multicast

docs/guides/infineon_psoc6_trustm_software_update.md

@@ -0,0 +1,88 @@
+# Matter Software Update with Infineon PSoC6 and OPTIGA™ Trust M example applications
+
+The Over The Air (OTA) Software Update functionality can be added to any of the
+Infineon PSoC6 example applications by passing the
+`chip_enable_ota_requestor=true` option to the build script.
+
+## Running the OTA Download scenario
+
+-   An OTA Provider is a node that can respond to the OTA Requestors' queries
+    about available software updates and share the update packages with them. An
+    OTA Requestor is any node that needs to be updated and can communicate with
+    the OTA Provider to fetch applicable software updates. In the procedure
+    described below, the OTA Provider will be a Linux application and the
+    example running on the Infineon PSoC6 board will work as the OTA Requestor.
+
+-   On a Linux or Darwin platform build the chip-tool and the ota-provider-app
+    as follows:
+
+    This step can be ignored if Test Harness(Raspberry Pi) is used as OTA
+    Provider.
+
+           ```
+           scripts/examples/gn_build_example.sh examples/chip-tool out/
+           scripts/examples/gn_build_example.sh examples/ota-provider-app/linux out/debug chip_config_network_layer_ble=false
+           ```
+
+-   Build the PSoC6 OTA Requestor application with OPTIGA™ Trust M from the
+    connectedhomeip root dir:
+
+           ```
+           $ scripts/build/build_examples.py --enable-flashbundle --target infineon-psoc6-lock-trustm-ota build
+           $ third_party/infineon/psoc6/psoc6_sdk/ota/ota_base_build.sh out/infineon-psoc6-lock-trustm-ota chip-psoc6-lock-example
+           ```
+
+    Note: In order for the Provider to successfully serve the image to a device
+    during the OTA Software Update process the softwareVersion parameter in the
+    Provider config file must be greater than the
+    CHIP_DEVICE_CONFIG_DEVICE_SOFTWARE_VERSION parameter set in the
+    application's CHIPProjectConfig.h file.
+
+*   Build the PSoC6 OTA Update application with OPTIGA™ Trust M from the
+    connectedhomeip root dir and create OTA file
+
+        ```
+        $ scripts/build/build_examples.py --enable-flashbundle --no-log-timestamps --target infineon-psoc6-lock-trustm-ota-updateimage build
+        $ third_party/infineon/psoc6/psoc6_sdk/ota/ota_update_build.sh out/infineon-psoc6-lock-trustm-ota-updateimage chip-psoc6-lock-example
+        ```
+
+*   Additionally a pre-compiled bootloader must be flashed to the board using
+    [Cypress Programmer](https://softwaretools.infineon.com/tools/com.ifx.tb.tool.cypressprogrammer).
+    This image can be found at:
+
+            $ ./third_party/infineon/psoc6/psoc6_sdk/ota/matter-psoc6-mcuboot-bootloader.hex
+
+*   In a terminal start the Provider app passing to it the path to the Matter
+    OTA file created in the previous step:(output of ota_update_build step)
+
+             ```
+             rm -r /tmp/chip_*
+             ./chip-ota-provider-app --discriminator 3840 --passcode 20202021 -f ../chip-psoc6-lock-example.ota
+             ```
+
+*   In a separate terminal run the chip-tool commands to provision the Provider:
+
+           ```
+           ./chip-tool pairing onnetwork-long 1 20202021 3840
+           ./chip-tool accesscontrol write acl '[{"fabricIndex": 1, "privilege": 5, "authMode": 2, "subjects": [112233], "targets": null}, {"fabricIndex": 1, "privilege": 3, "authMode": 2, "subjects": null, "targets": null}]' 1 0
+           ```
+
+    Note: If the application device had been previously commissioned press USER
+    Button2 to factory-reset the device.
+
+*   In the chip-tool terminal enter:
+
+             ```
+             ./chip-tool pairing ble-wifi 2 <WIFI_SSID> <WIFI_PASSWORD> 20202021 3840
+             ```
+
+*   Once the commissioning process completes enter:
+
+             ```
+             ./chip-tool otasoftwareupdaterequestor announce-ota-provider 1 0 0 0 2 0
+             ```
+
+*   The application device will connect to the Provider and start the image
+    download. Status of the transfer can be monitored in the OTA Provider
+    terminal. Once the image is downloaded the device will reboot into the
+    downloaded image.

docs/guides/infineon_trustm_provisioning.md

@@ -7,7 +7,7 @@ OPTIGA™ Trust M with Matter test device Attestation certificate is needed.
 
 [Raspberry Pi 4](https://www.raspberrypi.com/products/raspberry-pi-4-model-b/)
 
-[OPTIGA™ Trust M S2GO](https://www.infineon.com/cms/en/product/evaluation-boards/s2go-security-optiga-m/)
+[OPTIGA™ Trust M MTR](https://www.infineon.com/cms/en/product/evaluation-boards/trust-m-mtr-shield/)
 
 [Shield2Go Adapter for Raspberry Pi](https://www.infineon.com/cms/en/product/evaluation-boards/s2go-adapter-rasp-pi-iot/)
 or Jumping Wire
@@ -30,32 +30,38 @@ can be used to perform provisioning by following the steps mentioned below.
 
 ```
  $ cd linux-optiga-trust-m/
- $ ./trustm_installation_aarch64_script.sh
+ $ git checkout provider_dev
+ $ git submodule update -f
+ $ ./provider_installation_script.sh
 ```
 
 -   Run the script to generate Matter test DAC for lock-app using the public key
     extracted from the Infineon pre-provisioned Certificate and store it into
-    0xe0e3
+    0xE0E0
 
 ```
 $ cd scripts/matter_provisioning/
-$ ./matter_dac_provisioning.sh
+$ ./matter_test_provisioning.sh
 ```
 
 _Note:_
 
-_By running this example matter_dac_provisioning.sh, the steps shown below are
+_By running this example matter_test_provisioning.sh, the steps shown below are
 executed:_
 
 _Step1: Extract the public key from the Infineon pre-provisioned
-Certificate(0xe0e0) using openssl command._
+Certificate(0xE0E0) using openssl command._
 
 _Step2: Generate DAC test certificate using the extracted public key, Signed by
 [Matter test PAI](https://github.com/project-chip/connectedhomeip/blob/v1.1-branch/credentials/development/attestation/Matter-Development-PAI-FFF1-noPID-Cert.pem)_.
 Please note that production devices cannot re-use these test keys/certificates.
 
 _Step3: Write DAC test certificate into OPTIGA™ Trust M certificate slot
-0xe0e3_
+0xE0E0._
 
-_Step4: Write Matter test PAI into OPTIGA™ Trust M certificate slot 0xe0e8
-and test CD into OPTIGA™ Trust M Arbitrary OID 0xf1e0._
+_Step4: Write Matter test PAI into OPTIGA™ Trust M certificate slot 0xE0E8
+and test CD into OPTIGA™ Trust M Arbitrary OID 0xF1E0._
+
+For certificate claim and OPTIGA™ Trust M MTR provisioning, please refer
+to our
+[README for Late-stage Provisioning](https://github.com/Infineon/linux-optiga-trust-m/blob/provider_dev/scripts/matter_provisioning/README.md#certificate-claiming)

examples/platform/infineon/trustm/DeviceAttestationCredsExampleTrustM.cpp

@@ -32,7 +32,7 @@
 
 /* Device attestation key ids for Trust M */
 #define DEV_ATTESTATION_KEY_ID 0xE0F0
-#define DEV_ATTESTATION_CERT_ID 0xE0E3
+#define DEV_ATTESTATION_CERT_ID 0xE0E0
 #define PAI_CERT_ID 0xE0E8
 #define CERT_DECLARATION_ID 0xF1E0