Skip to content

Device Error Codes

Jump to bottom
Artem Yushev edited this page Mar 23, 2023 · 7 revisions

The possible error codes returned from the security chip are listed in Table below (for more details please refer to the Solution Reference Manual). If multiple commands happen to produce subsequent errors then only the highest-numbered error code is stored.

Note: The error code will be returned in the following form: 0x8001, where the last byte corresponds to the error code in the table below, in this case "Invalid Object ID"

Field Code Description
No error 0x00 No Error
Invalid OID 0x01 Invalid OID
Invalid Password 0x02 Invalid Password
Invalid Param field 0x03 Invalid Param field in command
Invalid length field 0x04 Invalid Length field in command
Invalid parameter in data field 0x05 Invalid parameter in command data field
Internal process error 0x06 Internal process error
Access conditions not satisfied 0x07 Access conditions are not satisfied
Data object boundary exceeded 0x08 The sum of offset and data provided (offset + data length) exceeds the max length of the data object
Metadata truncation error 0x09 Metadata truncation error
Invalid command field 0x0A Invalid command field
Command out of sequence 0x0B Command or message out of sequence. Command out of sequence means that the command which expected to use certain resources are not available or not started at chip e.g. invoking the optiga_crypt_tls_prf_sha256() function (which is using session) before invoking the optiga_crypt_ecdh() function. Another example is a usage of the optiga_crypt_ecdh() and optiga_crypt_tls_prf_sha256() functions in the row using the Session OID without optiga_crypt_ecc_generate_keypair(), this leads to failure "of out of sequence" due to a lack of private key in Session OID slot
Command not available 0x0C
  • due to termination state of the application
  • due to Application closed
Insufficient buffer/ memory 0x0D Insufficient memory to process the command APDU
Counter threshold limit exceeded 0x0E Counter value crossed the threshold limit and further counting is denied.
Invalid Manifest 0x0F
  • The Manifest version provided is not supported or the Payload Version in Manifest has MSB set (Invalid Flag=1).
  • Invalid or un-supported manifest values or formats including CBOR parsing errors.
Invalid/Wrong Payload Version 0x10 The Payload Version provided in the Manifest is not greater than the version of the target object, or the last update was interrupted and the restarted/retried update has not the same version
Invalid metadata of the key/data object 0x11 A command is acting on metadata for key or data objects and the current metadata are invalid
Unsupported extension/identifier 0x24
  • An unsupported extension found in the message
  • Unsupported keyusage/Algorithm extension/identifier for the usage of Private key
Unsupported parameters 0x25
  • At least one parameter received in the handshake message is not supported
  • Unsupported parameter in the command APDU InData
Invalid certificate format 0x29 Invalid certificate(s) in certificate message with the following reasons.
Unsupported certificate algorithm 0x2A At least one cryptographic algorithm specified in the certificate is not supported (e.g. hash or sign algorithms).
Signature verification failure 0x2C Signature verification failure.
Integrity validation failure 0x2D Message Integrity validation failure (e.g. during CCM decryption).
Decryption Failure 0x2E Decryption Failure.
Authorization failure 0x2F Session random comparison failure or HMAC verification failure
Clone this wiki locally