TPM-Module

TrustedPlatformModuleTrustedPlatformModule(TPM)1.2SolutionRyanWuSr.ApplicationEngineerAIMADSSECRyan.wu@infineon.com+886-912439799Infineon’sTPM1.2RoadmapInfineon’sTPM1.2RoadmapInfineon’sTPM1.2HardwareInfineon’sTPM1.2HardwareInfineon’sTPM1.2BIOSSupportInfineon’sTPM1.2BIOSSupportInfineon’sTPM1.2SolutionInfineon’sTPM1.2SolutionTableofcontentsTrustedPlatformModule(TPM)1.2ToolingTrustedPlatformModule(TPM)1.2ToolingInfineon’sTPM1.2SolutionOverviewInfineon’sTPM1.2SolutionOverviewTPMBlockDiagramTrustedPlatformModule(TPM)1.2SecureController(16bitCPU)RAM(12KB)Activeshield+Sensors(voltage,freq)ROM(208KB)EEPROM(68KB)AsymmetricKeyGeneratorAdvanceCryptoEngine(RSA)upto2048bitTrueRNG(TRNG)ActiveShieldLPCI/OSupportIntelLTarchitectureLPCextensionsHASH(SHA1,MD-5)TickCounterMemoryControllerHUB(MCH)I/OControllerHUB(ICH)FirmwareHUB(FWH)CPULPCSuperI/OControllerSerialPortParallelPortPS/2MousePS/2KeyboardDisketteDriveConnectorLPCBus,33MHzTrustedPlatformModule(TPM)1.2AHABusSystemBusSMBusPCIBusInfineon’sTPM1.2SolutionOverviewPCMotherboardBlockDiagramInfineonTPMSolutionOverviewBIOSDriversandTCGSoftwareStack(TSS)2.0ApplicationsTPM-CSPMS-CAPI/PKCS#11TCSPITSSCoreServiceTPMDeviceDriverTPMSLB9635TT1.2TPM-OSandApplicationLPCExtensionMPBIOSTPM-DDPC-BIOSw/TPM/TPSBIOS-APIMABIOSTPM-DDBoot-BIOSInfineonApplication&ManagementSoftwareTPMDeviceDriverLibraryTDDLITSPITSSServiceProviderInfineonHostSoftware2.0Enhancements„MainFeaturesEnhancements–WLANsupportforenterpriseandpeer-to-peerenvironments–SmartCardandSecureUSBTokenSupport–SupportofTCGMainSpecification1.2–EnhancedManagementFunctionality(InfineonAPI)–BiometricFingertipSensorSupport–PKCS#12Support–UsersPasswordRecoveryInfineon’sTPM1.2HardwareOverview“SLB9635TT1.2”Infineon’sTPM1.2HardwareOverviewIntegratedCircuitDiagramPSDTSSCoreServiceTPMDeviceDriverTPMSLB9635TT1.2TPMDeviceDriverLibraryTSSServiceProviderTPM-CSPMS-CAPI/PKCS#11InfineonAPIInfineonApplicationCustomerApplicationInfineon'sTPM1.2willbecertifiedatEvaluationAssuranceLevel(EAL)4MediumatTÜViTLabsinGermany•SmallLowprofileTSSOP-28package•GreenpackageP-TSSOP-28-1Outline62mm²BoardSpaceFootprintofTSSOP-28-6andTSSOP-28-2A1BLeA2TSSOP28-2A1---A26.1mmB0.4mmL1.3mme0.65mmTSSOP28-6PackagingasspecifiedintheTCGPCClientSpecification1.2A17.8mmA2---B0.4mmL1.3mme0.65mmGNDGPIOPACCESSTestITestIO/BADD3VGND89101112131412356742120191817161528272624232225LCLKLAD23VGNDLAD3LRESETCLKRUNLPCPD*SERIRQLAD03VLAD1LFRAMEGNDXTALI/32kXTALO3VSBGPIO*LPCPD–Mustbeconnectedtoactivesignal+PinasspecifiedinTCGPCClientSpec1.2TPM1.2:TypicalSchematicComparisonofSLD9630TT1.1andSLB9635TT1.2FeaturesSLD9630TT1.1SLB9635TT1.2TCGCompliantTCG1.1BTCG1.2NumberofPCR’ssupported1624TransportProtectionNoYesDictionaryattackpreventionNoYesOwnerDelegationNoYesNumberofGPIOpinsupported02LPCExtensionsInterfaceSupportNoYesHardwareHashAcceleratorYesYesTrueRandomNumberGenerator(TRNG)YesYesPower-savingSleepModeYesYesSingle33MHzClockYesYesReal-timeClockwithExternalBatteryNoYesPin-outComplianttoTCGTPMInterfaceSpecificationNoYesSecurityFeaturesYesYesBasedonHigh-secureChipCardControllerYesYesw/3xFasterCoreCertificationsEAL3EAL4Medium(Targeted)LocalitySupportNoYesPowerDownSupport(LPCPD#)YesYesCLKRUN#SupportYesYesFirmwareFliedUpgradeCapabilitiesYesYesNon-VolatileStorageforManufacturersandOwnersNoYesAdvancedCryptoEngine(ACE)withRSAsupportupto2048bitkeylengthYesYesInfineonHardwareSupportTPM1.2EvaluationBoard„Krypton1.0–SupportsInfineon’sTPM1.2–DesignedforDesktop&MobilePCs–BADDandPPJumpers–SelectableOnboardCrystalorExternalClk.–Build-inLED’sforGPIO–ApplicationNoteLCLKLFRAMEnLRESETnLAD3VCC(3.3V)LAD0NCVSBGNDLPCPDnGNDKeyNCLAD2LAD1GNDNCSERIRQCLKRUNnNCPSDTSSCoreServiceTPMDeviceDriverTPMSLB9635TT1.2TPMDeviceDriverLibraryTSSServiceProviderTPM-CSPMS-CAPI&PKCS#11IFXAPIIFXApplicationCustomerApplicationPinOutofLPCConnectorTPM1.2EvaluationBoard-SchematicsInfineon’sTPM1.2PCBIOSSupportTPM-BIOS-DriverDevelopmentGoals„CustomersupportforTPM-SW-IntegrateintotheBIOS–ProvidetwodriversnamelyMemoryAbsent(MA)DriverandMemoryPresent(MP)DriverforStaticCoreRootofTrustsMeasurement(S-CRTM)accessthroughLocality0.–InterfacesforthesedriversarebasedontheTCGPCClientSpecificImplementationSpecificationForConventionalBIOS.–BothdriversprovideastandardobjectformattotheBIOSvendor.„TotalTPMdeviceinitialization.„Handlingforallcommunicationerrors.„EnclosetheTPM-Vendorspecificprotocolhandling.„IntegrationofthebasicTPM-I/O-Functions.„Supportofboth16bitand32bitMA/MPdrivers.TPM-BIOS-DriverSystemSoftwareOverviewApplication(BIOS)MeasureddataMAorMP-DrivermoduleControl-FunctionsTPM-Protocol-FunctionsPCI-ChipSet-ControlTPM-Control-ToolsTPM-Base-I/OTPM1.2DeviceMain-Board-ChipsetMAorMP-DriverInterfaceTPM-BIOS-Driver(MA-Driver)InterfaceOverview„MAInitTPM:FirstcalltoinitializethedriverandthenTPMdevice„MAHashAllExtendTPM:ThisfunctionhashesthefirstBIOSareatoestablishtheRTM„MAPhysicalPresenceTPM:ThisfunctionrepresentsthePhysicalPresenceoperationoftheTPM-FWoperationsetTPM-BIOS-Driver(MP-Driver)InterfaceOverview„MPInitTPM:FirstcalltoinitializethedriverandthentheTPMdevice„MPCloseTP