Difference between revisions of "TPM hardware components"

[quality revision] [pending revision]
m
(Description)
 
Template:ArticleMainWriter Template:ArticleApprovedVersion

1 Article Purposepurpose[edit]

TPM is an international standard for a secure cryptoprocessor[1] designed to secure hardware through integrated cryptographic keys.

TPM includes a high security level and a security certification, that is graduated with the evaluation assurance level (EAL)[1].

The purpose of this article is to:

  • list the give an example of a TPM hardware components component that might be connected to the different boards
  • link these components to the corresponding software framework(s)
  • point to the component datasheets
  • explain, when necessary, how to configure these components.

2 Software frameworks[edit]

Domain Peripheral Software frameworks Comment
Cortex-A7
secure
(OP-TEE)
Cortex-A7
non-secure
(Linux)
Cortex-M4

(STM32Cube)
Security TPM TPM Software Stack[2]

3 ST33TPM12 STPM4RasPI[edit]

3.1 Description[edit]

The STPM4RasPI[3] is an extension board on which one of ST33TPM12 is built on devices is soldered (see list of possible devices below in this chapter). It could be directly connected on an STM32MP157C-DK2 board.

The ST33TPM12 is based on a 32-bit ARMTemplate:Sup ® reduced instruction set computing (RISC) processor which provides high cryptographic and general performances. A NESCRYPT crypto-processor is also provided to efficiently support all public key cryptographic algorithms.

With ST33TPM12 devices, ST provides an EAL4+ certified solution embedding a secure cryptoprocessor with dedicated hardware accelerators that improve the global platform security.

Multiples services are available using TPM (mostly in PC and mobile devices):

  • Cryptographic keys generation, protection, management and utilization
  • Cryptographic device identity
  • Secure logging, log-reporting and attestation
  • Secure non volatile storage
  • Other functions including hashing, random number generator and secure clock

Several use cases are available:

  • Platform integrity: the boot process relies on TPM for software integrity and authentication during each boot stage
  • Disk encryption: encrypt and decrypt drive using TPM crypto core
  • Password protection, ...

The STM33TPM12 is provided with different hardware interfaces:

  • I2C : ST33TPM12I2C[34]
  • SPI : ST33TPM12SPI[45]
  • LPC : ST33TPM12SPI[56]


3.2 Support in Linux Kernel[edit]

TPM is ready to be used with OpenSTLinux distribution.

The TPM drivers (I2C and SPI) are part of the following kernel driver bindings:

Source code:

TPM support relies on a TCG[1] open source TPM2 Software Stack (TSS)[2].

3.3 Support in U-BOOT[edit]

TPM is supported with existing uclass of the 'Driver Model'.

4 References[edit]



<noinclude>

{{ArticleBasedOnModel | [[Hardware components article model]]}}
{{ArticleMainWriter | LionelD}}
{{ ArticleApprovedVersion|LionelD| GeraldB (Passed 17'Aug18) | No previous approved version | BrunoB - 18Dec'18 - 10092 | 21Nov'18 }} 
[[Category:Security hardware components]]
[[Category:Security]]</noinclude>


== Article Purpose== Article purpose==
TPM is an international standard for a secure cryptoprocessor<ref name="TCG">[https://trustedcomputinggroup.org/ Trusted Computing Group]</ref> designed to secure hardware through integrated cryptographic keys.

TPM includes a high security level and a security certification, that is graduated with the evaluation assurance level (EAL)<ref name="TCG" />. <br />


The purpose of this article is to:
* list the TPM hardware componentsgive an example of a TPM hardware component that might be connected to the different [[:Category:ST boards|boards]]
* link these components to the corresponding software framework(s)
* point to the component datasheets
* explain, when necessary, how to configure these components.

==Software frameworks==
{{:Internal_peripherals_software_table_template}}
 | {{Green|Security}}
 | {{Green|TPM}}
 |
 | {{Green|TPM Software Stack<ref name="TSS">https://github.com/tpm2-software/tpm2-tss</ref>}}
 | 
 |
 |-
 |}

==ST33TPM12==
STPM4RasPI=====Description===
The ST33TPM12 is built on STPM4RasPI<ref>https://www.st.com/en/evaluation-tools/stpm4raspi.html#overview</ref> is an extension board on which one of  ST33TPM12 devices is soldered (see list of possible devices below in this chapter). It could be directly connected on an [[Getting_started/STM32MP1_boards/STM32MP157C-DK2|STM32MP157C-DK2]] board. 

The ST33TPM12 is based on a 32-bit ARM{{<sup>|&reg;}}</sup> reduced instruction set computing (RISC) processor which provides high cryptographic and general performances. A NESCRYPT crypto-processor is also provided to efficiently support all public key cryptographic algorithms.

With ST33TPM12 devices, ST provides an EAL4+ certified solution embedding a secure cryptoprocessor with dedicated hardware accelerators that improve the global platform security.<br />


Multiples '''services''' are available using TPM (mostly in PC and mobile devices):
* Cryptographic keys generation, protection, management and utilization
* Cryptographic device identity
* Secure logging, log-reporting and attestation
* Secure non volatile storage
* Other functions including hashing, random number generator and secure clock<br />


Several '''use cases''' are available:
* Platform integrity: the boot process relies on TPM for software integrity and authentication during each boot stage
* Disk encryption: encrypt and decrypt drive using TPM crypto core
* Password protection, ...

The STM33TPM12 is provided with different '''hardware interfaces''':
* I2C : ST33TPM12I2C<ref>https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12i2c.html</ref>

* SPI : ST33TPM12SPI<ref>https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12spi.html</ref>

* LPC : ST33TPM12SPI<ref>https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12lpc.html</ref>
<br>


=== Support in Linux Kernel ===
TPM is ready to be used with [[OpenSTLinux distribution|OpenSTLinux distribution]].<br>


The TPM drivers (I2C and SPI) are part of the following kernel driver bindings:<br>
*{{CodeSource | Linux kernel | Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt}}<br>
*{{CodeSource | Linux kernel | Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt}}<br>

Source code:<br>


*{{CodeSource | Linux kernel | drivers/char/tpm/st33zp24/i2c.c}}<br>
*{{CodeSource | Linux kernel | drivers/char/tpm/st33zp24/spi.c}}<br>

TPM support relies on a TCG<ref name="TCG"/> open source TPM2 Software Stack (TSS)<ref name="TSS"/>.<br>


=== Support in U-BOOT ===
TPM is supported with existing uclass of the 'Driver Model'.
* tpm
** uclass: {{CodeSource | U-Boot | drivers/tpm/tpm-uclass.c}}.
** driver: {{CodeSource | U-Boot | drivers/tpm/tpm_tis_st33zp24_i2c.c}}
** driver: {{CodeSource | U-Boot | drivers/tpm/tpm_tis_st33zp24_spi.c}}

==References==<references/>

<noinclude>

{{ArticleBasedOnModel | Hardware components article model}}
{{PublicationRequestId | 10092 | 2018-12-18 | BrunoB}}

[[Category:Security hardware components]]
[[Category:Security]]</noinclude>
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<noinclude>
+
== Article purpose==
{{ArticleBasedOnModel | [[Hardware components article model]]}}
 
{{ArticleMainWriter | LionelD}}
 
{{ ArticleApprovedVersion|LionelD| GeraldB (Passed 17'Aug18) | No previous approved version | BrunoB - 18Dec'18 - 10092 | 21Nov'18 }}
 
[[Category:Security hardware components]]
 
[[Category:Security]]
 
</noinclude>
 
 
 
== Article Purpose==
 
 
TPM is an international standard for a secure cryptoprocessor<ref name="TCG">[https://trustedcomputinggroup.org/ Trusted Computing Group]</ref> designed to secure hardware through integrated cryptographic keys.
 
TPM is an international standard for a secure cryptoprocessor<ref name="TCG">[https://trustedcomputinggroup.org/ Trusted Computing Group]</ref> designed to secure hardware through integrated cryptographic keys.
   
Line 13: Line 5:
   
 
The purpose of this article is to:
 
The purpose of this article is to:
* list the TPM hardware components that might be connected to the different [[:Category:ST boards|boards]]
+
* give an example of a TPM hardware component that might be connected to the different [[:Category:ST boards|boards]]
 
* link these components to the corresponding software framework(s)
 
* link these components to the corresponding software framework(s)
 
* point to the component datasheets
 
* point to the component datasheets
Line 29: Line 21:
 
  |}
 
  |}
   
==ST33TPM12==
+
==STPM4RasPI==
  +
===Description===
  +
The STPM4RasPI<ref>https://www.st.com/en/evaluation-tools/stpm4raspi.html#overview</ref> is an extension board on which one of  ST33TPM12 devices is soldered (see list of possible devices below in this chapter). It could be directly connected on an [[Getting_started/STM32MP1_boards/STM32MP157C-DK2|STM32MP157C-DK2]] board.
   
===Description===
+
The ST33TPM12 is based on a 32-bit ARM<sup>&reg;</sup> reduced instruction set computing (RISC) processor which provides high cryptographic and general performances. A NESCRYPT crypto-processor is also provided to efficiently support all public key cryptographic algorithms.
The ST33TPM12 is built on a 32-bit ARM{{sup|&reg;}} reduced instruction set computing (RISC) processor which provides high cryptographic and general performances. A NESCRYPT crypto-processor is also provided to efficiently support all public key cryptographic algorithms.
 
   
 
With ST33TPM12 devices, ST provides an EAL4+ certified solution embedding a secure cryptoprocessor with dedicated hardware accelerators that improve the global platform security.
 
With ST33TPM12 devices, ST provides an EAL4+ certified solution embedding a secure cryptoprocessor with dedicated hardware accelerators that improve the global platform security.
 
<br />
 
<br />
   
Multiples services are available using TPM (mostly in PC and mobile devices):
+
Multiples '''services''' are available using TPM (mostly in PC and mobile devices):
 
* Cryptographic keys generation, protection, management and utilization
 
* Cryptographic keys generation, protection, management and utilization
 
* Cryptographic device identity
 
* Cryptographic device identity
Line 43: Line 36:
 
* Secure non volatile storage
 
* Secure non volatile storage
 
* Other functions including hashing, random number generator and secure clock
 
* Other functions including hashing, random number generator and secure clock
<br />
 
   
Several use cases are available:
+
Several '''use cases''' are available:
 
* Platform integrity: the boot process relies on TPM for software integrity and authentication during each boot stage
 
* Platform integrity: the boot process relies on TPM for software integrity and authentication during each boot stage
 
* Disk encryption: encrypt and decrypt drive using TPM crypto core
 
* Disk encryption: encrypt and decrypt drive using TPM crypto core
 
* Password protection, ...
 
* Password protection, ...
   
The STM33TPM12 is provided with different interfaces:
+
The STM33TPM12 is provided with different '''hardware interfaces''':
 
* I2C : ST33TPM12I2C<ref>https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12i2c.html</ref>
 
* I2C : ST33TPM12I2C<ref>https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12i2c.html</ref>
 
* SPI : ST33TPM12SPI<ref>https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12spi.html</ref>
 
* SPI : ST33TPM12SPI<ref>https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12spi.html</ref>
Line 57: Line 49:
   
 
=== Support in Linux Kernel ===
 
=== Support in Linux Kernel ===
TPM is ready to be used with [[OpenSTLinux distribution|OpenSTLinux distribution]].<br>
+
TPM is ready to be used with [[OpenSTLinux distribution|OpenSTLinux distribution]].
  +
 
 
The TPM drivers (I2C and SPI) are part of the following kernel driver bindings:<br>
 
The TPM drivers (I2C and SPI) are part of the following kernel driver bindings:<br>
{{CodeSource | Linux kernel | Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt}}<br>
+
*{{CodeSource | Linux kernel | Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt}}<br>
{{CodeSource | Linux kernel | Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt}}<br>
+
*{{CodeSource | Linux kernel | Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt}}<br>
Source code:<br>
+
 
{{CodeSource | Linux kernel | drivers/char/tpm/st33zp24/i2c.c}}<br>
+
Source code:
{{CodeSource | Linux kernel | drivers/char/tpm/st33zp24/spi.c}}<br>
+
*{{CodeSource | Linux kernel | drivers/char/tpm/st33zp24/i2c.c}}<br>
  +
*{{CodeSource | Linux kernel | drivers/char/tpm/st33zp24/spi.c}}<br>
  +
 
 
TPM support relies on a TCG<ref name="TCG"/> open source TPM2 Software Stack (TSS)<ref name="TSS"/>.
 
TPM support relies on a TCG<ref name="TCG"/> open source TPM2 Software Stack (TSS)<ref name="TSS"/>.
 
<br>
 
<br>
Line 76: Line 71:
 
==References==
 
==References==
 
<references/>
 
<references/>
  +
  +
<noinclude>
  +
{{ArticleBasedOnModel | Hardware components article model}}
  +
{{PublicationRequestId | 10092 | 2018-12-18 | BrunoB}}
  +
  +
[[Category:Security hardware components]]
  +
[[Category:Security]]
  +
</noinclude>

Attachments

Discussions