查看“TPM hardware components”的源代码

== Article purpose==
TPM is an international standard for a secure cryptoprocessor<ref name="TCG">[https://trustedcomputinggroup.org/ Trusted Computing Group]</ref> designed to secure hardware through integrated cryptographic keys.

TPM includes a high security level and a security certification, that is graduated with the evaluation assurance level (EAL)<ref name="TCG" />. <br />

The purpose of this article is to:
* give an example of a TPM hardware component that might be connected to the different [[:Category:ST boards|boards]]
* link these components to the corresponding software framework(s)
* point to the component datasheets
* explain, when necessary, how to configure these components.

==Software frameworks==
{{:Internal_peripherals_software_table_template}}
 | {{Green|Security}}
 | {{Green|TPM}}
 |
 | {{Green|TPM Software Stack<ref name="TSS">https://github.com/tpm2-software/tpm2-tss</ref>}}
 | 
 |
 |-
 |}

==STPM4RasPI==
===Description===
The STPM4RasPI<ref>https://www.st.com/en/evaluation-tools/stpm4raspi.html#overview</ref> is an extension board on which one of  ST33TPM12 devices is soldered (see list of possible devices below in this chapter). It could be directly connected on an [[Getting_started/STM32MP1_boards/STM32MP157C-DK2|STM32MP157C-DK2]] board. 

The ST33TPM12 is based on a 32-bit ARM<sup>&reg;</sup> reduced instruction set computing (RISC) processor which provides high cryptographic and general performances. A NESCRYPT crypto-processor is also provided to efficiently support all public key cryptographic algorithms.

With ST33TPM12 devices, ST provides an EAL4+ certified solution embedding a secure cryptoprocessor with dedicated hardware accelerators that improve the global platform security.
<br />

Multiples '''services''' are available using TPM (mostly in PC and mobile devices):
* Cryptographic keys generation, protection, management and utilization
* Cryptographic device identity
* Secure logging, log-reporting and attestation
* Secure non volatile storage
* Other functions including hashing, random number generator and secure clock

Several '''use cases''' are available:
* Platform integrity: the boot process relies on TPM for software integrity and authentication during each boot stage
* Disk encryption: encrypt and decrypt drive using TPM crypto core
* Password protection, ...

The STM33TPM12 is provided with different '''hardware interfaces''':
* I2C : ST33TPM12I2C<ref>https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12i2c.html</ref>
* SPI : ST33TPM12SPI<ref>https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12spi.html</ref>
* LPC : ST33TPM12SPI<ref>https://www.st.com/content/st_com/en/products/secure-mcus/authentication-secure-iot/trusted-computing-solutions/st33tpm12lpc.html</ref>
<br>

=== Support in Linux Kernel ===
TPM is ready to be used with [[OpenSTLinux distribution|OpenSTLinux distribution]].

The TPM drivers (I2C and SPI) are part of the following kernel driver bindings:<br>
*{{CodeSource | Linux kernel | Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt}}<br>
*{{CodeSource | Linux kernel | Documentation/devicetree/bindings/security/tpm/st33zp24-spi.txt}}<br>

Source code:
*{{CodeSource | Linux kernel | drivers/char/tpm/st33zp24/i2c.c}}<br>
*{{CodeSource | Linux kernel | drivers/char/tpm/st33zp24/spi.c}}<br>

TPM support relies on a TCG<ref name="TCG"/> open source TPM2 Software Stack (TSS)<ref name="TSS"/>.
<br>

=== Support in U-BOOT ===
TPM is supported with existing uclass of the 'Driver Model'.
* tpm
** uclass: {{CodeSource | U-Boot | drivers/tpm/tpm-uclass.c}}.
** driver: {{CodeSource | U-Boot | drivers/tpm/tpm_tis_st33zp24_i2c.c}}
** driver: {{CodeSource | U-Boot | drivers/tpm/tpm_tis_st33zp24_spi.c}}

==References==
<references/>

<noinclude>
{{ArticleBasedOnModel | Hardware components article model}}
{{PublicationRequestId | 10092 | 2018-12-18 | BrunoB}}

[[Category:Security hardware components]]
[[Category:Security]]
</noinclude>