The OPTIGA™ TPM 2.0 is a ready-to-use security building block, which is fully compliant with the Trusted Computing Group (TCG) specifications, to protect the platform integrity and authenticity of connected devices. It can also be used to protect encryption keys, and sensitive data so that attackers and malware can't access or tamper with that data.
All OPTIGA™ TPM 2.0 products are based on Infineon's advanced hardware security technology and certified according to common criteria and FIPS security certification, making them an ideal solution for PC, servers, network infrastructure equipment (e.g., gateways, routers, wireless access points and switches) and other IoT devices with strong security requirements.
Why is software-only security often not enough?
Keeping secret keys safe and well secured is at the heart of IoT security. See below why OPTIGA™ TPM is the preferred choice for this challenge.
- High-end security controller with advanced cryptographic algorithms implemented in hardware (e.g. RSA & ECC256, SHA-256)
- Common Criteria (EAL4+) and FIPS security certification
- Flexible integration thanks to SPI, I2C or LPC interface support
- Reduced risk based on proven technology
- Fast time to market through concept reuse
- Easy integration into all platform architectures and operating systems (Windows, Linux & derivatives)
- Automatic device onboarding (e.g., AWS Greengrass and Azure IoT edge)
- Device health attestation
- Device identity for network access control
- Secret (configuration data, IP, and etc) protection
- Secured communication with TLS
- Secured firmware update
- Secured key storage
- Verification of device authenticity
Here you will find a list of relevant resouces which can can help you to study and learn TPM2.0.
CMD-line and GUI tools running on Linux:
- ELTT2 - Infineon Embedded Linux TPM Toolbox 2 for TPM 2.0 for a quick TPM startup
- Startup tool with basic functions in CMD-line
- Can be compiled on Linux, other OS, and embedded platforms
- OPTIGA™ TPM 2.0 Explorer GUI tool for Raspberry Pi
- The ease of use of GUI has made it possible for all users in general, regardless of experience or knowledge, to access all kinds of OPTIGA™ TPM 2.0 features and use cases for commonly use
OPTIGA™ TPM 2.0 host code and documentations are now available as open source repository on GitHub:
- AWS IoT Greengrass Hardware Security Integration (archived)
- PKCS11 token creation
- TPM-based remote attestation
- TPM 2.0 integration for PSoC 6 Wi-Fi BT Prototyping Kit to enable TPM backed onboarding to AWS IoT Core
- TPM 2.0 used with EK based onboarding
- TPM 2.0 backed Linux Trusted and Encrypted Keys
- TPM 2.0 in U-Boot on Raspberry Pi 4
- Extend measurements to TPM 2.0 PCR in U-Boot on Raspberry Pi 4
- TPM 2.0 command reference and code examples
- Guide to Integrating TPM 2.0 with the Android Open Source Project (AOSP)
These documents are intended for customers who want to evaluate how to start with the TPM software integration for their target applications:
- OPTIGA™ TPM2.0 RPi Quick starter User Guide
- OPTIGA™ TPM2.0 solution: Learn how Infineon is simplifying your IoT security
- Integration of an OPTIGA™ TPM SLx 9670 TPM2.0 with SPI Interface in a Raspberry Pi® 4 Linux environment
- Integration of TLS Functionality for OPTIGA™ TPM SLx 9670 TPM 2.0
- Integration of an OPTIGA™ TPM SLx 9670 TPM2.0 with SPI Interface in a Raspberry Pi® 3 Linux environment with integrated TPM Driver
- Integration of an OPTIGA™ TPM SLx 9670 TPM2.0 with SPI Interface in a Raspberry Pi® 3 Linux environment with TPM Driver Patch
- Infineon SLB 9645 / SLB 9670 TPM 1.2 with Embedded Platform Integration on a Raspberry Pi® 2
- OPTIGA™ TPM1.2 SLB 9645 RPi B Beagle Board Linux
