TPM hardware components

来自百问网嵌入式Linux wiki
Zhouyuebiao讨论 | 贡献2020年5月8日 (五) 22:27的版本 (创建页面,内容为“== Article purpose== TPM is an international standard for a secure cryptoprocessor<ref name="TCG">[https://trustedcomputinggroup.org/ Trusted Computing Group]</ref>…”)
(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)

Article purpose

TPM is an international standard for a secure cryptoprocessor[1] designed to secure hardware through integrated cryptographic keys.

TPM includes a high security level and a security certification, that is graduated with the evaluation assurance level (EAL)[1].

The purpose of this article is to:

  • give an example of a TPM hardware component that might be connected to the different boards
  • link these components to the corresponding software framework(s)
  • point to the component datasheets
  • explain, when necessary, how to configure these components.

Software frameworks

Domain Peripheral Software frameworks Comment
Cortex-A7
secure
(OP-TEE)
Cortex-A7
non-secure
(Linux)
Cortex-M4

(STM32Cube)
Security TPM TPM Software Stack[2]

STPM4RasPI

Description

The STPM4RasPI[3] is an extension board on which one of ST33TPM12 devices is soldered (see list of possible devices below in this chapter). It could be directly connected on an STM32MP157C-DK2 board.

The ST33TPM12 is based on a 32-bit ARM® reduced instruction set computing (RISC) processor which provides high cryptographic and general performances. A NESCRYPT crypto-processor is also provided to efficiently support all public key cryptographic algorithms.

With ST33TPM12 devices, ST provides an EAL4+ certified solution embedding a secure cryptoprocessor with dedicated hardware accelerators that improve the global platform security.

Multiples services are available using TPM (mostly in PC and mobile devices):

  • Cryptographic keys generation, protection, management and utilization
  • Cryptographic device identity
  • Secure logging, log-reporting and attestation
  • Secure non volatile storage
  • Other functions including hashing, random number generator and secure clock

Several use cases are available:

  • Platform integrity: the boot process relies on TPM for software integrity and authentication during each boot stage
  • Disk encryption: encrypt and decrypt drive using TPM crypto core
  • Password protection, ...

The STM33TPM12 is provided with different hardware interfaces:

  • I2C : ST33TPM12I2C[4]
  • SPI : ST33TPM12SPI[5]
  • LPC : ST33TPM12SPI[6]