TPM hardware components
1 Article Purpose
TPM is an international standard for a secure cryptoprocessor designed to secure hardware through integrated cryptographic keys.
TPM includes a high security level and a security certification, that is graduated with the evaluation assurance level (EAL).
The purpose of this article is to:
- list the TPM hardware components that might be connected to the different boards
- link these components to the corresponding software framework(s)
- point to the component datasheets
- explain, when necessary, how to configure these components.
2 Software frameworks
|Security||TPM||TPM Software Stack|
The ST33TPM12 is built on a 32-bit ARMTemplate:Sup reduced instruction set computing (RISC) processor which provides high cryptographic and general performances. A NESCRYPT crypto-processor is also provided to efficiently support all public key cryptographic algorithms.
With ST33TPM12 devices, ST provides an EAL4+ certified solution embedding a secure cryptoprocessor with dedicated hardware accelerators that improve the global platform security.
Multiples services are available using TPM (mostly in PC and mobile devices):
- Cryptographic keys generation, protection, management and utilization
- Cryptographic device identity
- Secure logging, log-reporting and attestation
- Secure non volatile storage
- Other functions including hashing, random number generator and secure clock
Several use cases are available:
- Platform integrity: the boot process relies on TPM for software integrity and authentication during each boot stage
- Disk encryption: encrypt and decrypt drive using TPM crypto core
- Password protection, ...
The STM33TPM12 is provided with different interfaces:
3.2 Support in Linux Kernel
TPM is ready to be used with OpenSTLinux distribution.
The TPM drivers (I2C and SPI) are part of the following kernel driver bindings:
TPM support relies on a TCG open source TPM2 Software Stack (TSS).
3.3 Support in U-BOOT
TPM is supported with existing uclass of the 'Driver Model'.
- Trusted Computing Group