Page
117 days, 11 hours and 57 minutes - Jean-Christophe Trotin

TPM hardware components




1 Article Purpose[edit]

TPM is an international standard for a secure cryptoprocessor[1] designed to secure hardware through integrated cryptographic keys.

TPM includes a high security level and a security certification, that is graduated with the evaluation assurance level (EAL)[1].

The purpose of this article is to:

  • list the TPM hardware components that might be connected to the different boards
  • link these components to the corresponding software framework(s)
  • point to the component datasheets
  • explain, when necessary, how to configure these components.

2 Software frameworks[edit]

Domain Peripheral Software frameworks Comment
Cortex-A7
secure
(OP-TEE) 		Cortex-A7
non-secure
(Linux) 		Cortex-M4

(STM32Cube)
Security TPM TPM Software Stack[2]

3 ST33TPM12[edit]

3.1 Description[edit]

The ST33TPM12 is built on a 32-bit ARMTemplate:Sup reduced instruction set computing (RISC) processor which provides high cryptographic and general performances. A NESCRYPT crypto-processor is also provided to efficiently support all public key cryptographic algorithms.

With ST33TPM12 devices, ST provides an EAL4+ certified solution embedding a secure cryptoprocessor with dedicated hardware accelerators that improve the global platform security.

Multiples services are available using TPM (mostly in PC and mobile devices):

  • Cryptographic keys generation, protection, management and utilization
  • Cryptographic device identity
  • Secure logging, log-reporting and attestation
  • Secure non volatile storage
  • Other functions including hashing, random number generator and secure clock


Several use cases are available:

  • Platform integrity: the boot process relies on TPM for software integrity and authentication during each boot stage
  • Disk encryption: encrypt and decrypt drive using TPM crypto core
  • Password protection, ...

The STM33TPM12 is provided with different interfaces:

  • I2C : ST33TPM12I2C[3]
  • SPI : ST33TPM12SPI[4]
  • LPC : ST33TPM12SPI[5]


3.2 Support in Linux Kernel[edit]

TPM is ready to be used with OpenSTLinux distribution.
The TPM drivers (I2C and SPI) are part of the following kernel driver bindings:
Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt
Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt
Source code:
drivers/char/tpm/st33zp24/i2c.c
drivers/char/tpm/st33zp24/spi.c
TPM support relies on a TCG[1] open source TPM2 Software Stack (TSS)[2].

3.3 Support in U-BOOT[edit]

TPM is supported with existing uclass of the 'Driver Model'.

4 References[edit]

  1. 1.01.11.2 Trusted Computing Group
  2. 2.02.1 https://github.com/tpm2-software/tpm2-tss
  3. https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12i2c.html
  4. https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12spi.html
  5. https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12lpc.html

Trusted Platform Module

Evaluation Assurance Level

Open Portable Trusted Execution Environment

Inter-Integrated Circuit

Serial Peripheral Interface

Trusted Computing Group

TPM Software Stack

Retrieved from "https://wiki.st.com/stm32mpu/index.php?title=TPM_hardware_components&oldid=52311"

Attachments

Discussions