OPTIGA™ TPM Forum Discussions
Hi,
can i get the IBIS model of SLB9673XU20FW2610XTMA1 for signal integrity
thanks
Hi,
We were trying to run tpm commands to create Attestation key using Google-attestation opensource package on freebsd. However, it fails with the error: warning code 0x2 : out of memory for object contexts
Can you please help us with following:
1) Is Optiga tpm2 supported on FreeBSD
i) If not, are there any other software pkgs that can be used.
2) Do you have an SDK to interact with the TPM2 device. Please share the relevant documentation.
Regards
Shashi
Show LessGood afternoon, I'm looking for some assistance with an Intune pre-provisioning issue.
Installed in: HP ZBook Fury G9 Mobile Workstation
Processor: Intel Core i7-12800HX
OS: Windows 11 Pro 23H2 (OS Build 22631.3155)
Intune Enrollment - Hybrid - Whiteglove enroll.
Issue: "Something happened, and TPM attestation timed out."
TPM Present: True
TPM Version: 2.0
TPM Manufacturer ID: IFX
TPM Manufacturer Full Name: Infineon
TPM Manufacturer Version: 15.22.16832.0
PPI Version: 1.3
Is Initialized: True
Ready for Storage: True
Ready for Attestation: True
Is Capable For Attestation: True
Clear Needed to Recover: False
Clear Possible: True
TPM Has Vulnerable Firmware: False
Bitlocker PCR7 Binding State: Binding Possible
Maintenance Task Complete: True
TPM Spec Version: 1.59
TPM Errata Date: Thursday, June 18, 2020
PC Client Version: 1.05
Lockout Information:
-Is Locked Out: False
-Lockout Counter: 0
-Max Auth Fail: 31
-Lockout Interval: 600s
-Lockout Recovery: 86400s
Contents of CertReq_enrollaik_Output:
v2.0
TPM-Version:2.0 -Level:0-Revision:1.59-VendorID:'IFX '-Firmware: 983062.4308992
GetEKCertInfo
EnrollStage = 30
GetCACert = 0ms
GetCACaps = 0ms
CreateRequest = 0ms
SubmitRequest = 0ms
ProcessResponse1 = 0ms
SubmitChallengeAnswer = 0ms
ProcessResponse2 = 0ms
Enroll = 0ms
Total = 578ms
Certificate Request Processor: Element not found. 0x80070490 (WIN32: 1168 ERROR_NOT_FOUND)
Additional Info: I'm connected to internet and can ping well-known DNS servers.
Contents of TpmHliInfo_Output:
2024-02-23T20:16:30
TpmHLI GetVersion result: 0x00000000
TpmHLI Version: 2.0
Manufacturer: Infineon
VendorId: SLB9672
Uefi Is Present: Yes
TpmHLI IsReady for Storage result: 0x00000000
Ready: True
Bits: 0x0000000000000000
TpmHLI IsReady for Attestation result: 0x00000000
Ready: True
Bits: 0x0000000000000000
Additional Troubleshooting Steps:
- I've already updated Windows 11 Pro to the current version and installed all security updates via powershell, BIOS from HP is updated to most recently version. I've re-imaged with a factory image using an USB Stick, I've reset the device as well.
- Removed the device and hardware id has from Intune, re-exported using the Get-AutopilotInfo script and imported it back into Intune via the portal.
- Cleared the TPM twice now.
- Other models HP ZBook Fury G8 (Prior model) and HP ZBook Fury G10 (Current model) have had absolutely no issues whatsoever pre-provisioning.
Please advise.
Show LessI have been testing my Raspberry Pi 4 with SWTPM with TPM9670 raspberry pi dev board plugged in (never removed), and after that I've been trying to retrieve the MFG CA number. However, after following the process shown in link with fresh installed OS, and following the process in link (section: NVM and Certificate Management), it somehow shows it's from IBM and titled IBM's SW TPM (image below). Method shown in link doesn't help as well. SLM 9670
Since it is not supported to upload .der, .crt, and .pem filetypes, I've zipped generated "ekcert.der", "ifx_rsa_cert.crt", and "ifx_rsa_cert.pem" in attached zip file.
While at the same time, executing "Setup/Get TPM capability (fixed)" does return I believe correct info as shown in the following image.
I have tried resetting the TPM board, reinstall OS, but this result persists. Is there any method to either fully reset to factory state, or is there any fix possible?
Show Less
I'm selecting a TPM for my application, likely SLB 9672. Where can I go to confirm the commands which this TPM supports?
The OPTIGA TPM SLB 9672 datasheet says it is based on the following specification:
“TCG PC Client Platform TPM Profile (PTP) Specification”, Family 2.0, Level 00, Rev. 01.05 v14,
September 4, 2020, TCG
Table 8 of this specification lists which commands are mandatory/optional. For those that are optional, which do the various OPTIGA TPMs support?
In other words, what would be the result of the TPM2_GetCapability command (inspecting TPM_CAP_COMMANDS)?
Show LessHello guys,
I tried to use the infineon TPM utility to test TPM ( https://github.com/Infineon/eltt2?tab=readme-ov-file ),
based on Ubuntu: 22.04, kernel: 6.2.0-36-generic, but the test result is failed as below:
and I already checked kernel 5.15 is PASS, so could anybody know what's the problem on kernel 6.2 ?
smartconx_target@Q!w2e3r4t5y6u7i8o9p0||/t5/OPTIGA-TPM/Module-TPM-2-0-SLB-9670-XQ-2-0-used-the-infineon-TPM-utility-to-test-TPM-failed/td-p/706081
Show LessIs an Optiga TPM the recommended secure element for a TI based DSP system?
Does Infineon offer application notes or examples to avoid easy mis-steps when attempting to secure a DSP based system?
A helpful document on 'Open Source TPM Support' was helpful, but would prefer existing knowledge on this particular case if available. Reference https://www.infineon.com/dgdl/Linux%20and%20Open%20Source%20activities%20for%20Trusted%20Computing%20and%20TPM%20applications.pdf?fileId=db3a304412b407950112b4165abb2043
Greg
Show Lessfor the attached links ( https://www.infineon.com/dgdl/Infineon-Customer_presentation_OPTIGA_TPM_SLB_9672-Presentations-v01_00-EN.pdf?fileId=8ac78c8c8afe5bd0018b180e3f2535ff ) & ( https://www.infineon.com/dgdl/Infineon-Customer_presentation_OPTIGA_TPM_SLB_9673-Presentations-v01_00-EN.pdf?fileId=8ac78c8c8afe5bd0018b18b4cb5c396a) , i need to know if all the series ( SLB 9670 & SLB 9672 & SLB 9673 ) have ( 2035 ) PLP or availability expected based on these links or not?
Show LessThis seems similar to some other threads I've found:
* https://community.infineon.com/t5/OPTIGA-TPM/SLB-9665TT2-0-SHA256-Linux-support/td-p/398514
* https://answers.microsoft.com/en-us/insider/forum/all/bug-of-the-bootloaderfwefi-the-new-version/e28b2930-2d17-4338-befe-6a787410d1d6
Platform is a Gigabyte z97x-ud3h motherboard with an updated bios with tpm2.0 support.
SLB9665 has been updated to TPM20_5.63.3353.0.
With hashpolicy set to sha1 in the uefi, everything works perfectly, except for the obvious issue that sha1 is being used.
When set to sha2, the uefi indeed populates sha256 banks 0-7 and 11. However, Windows 11 still tries to use the sha1 bank for some reason, which obviously does not work.
As suggested in the other thread, I was able to use pcr_allocate to configure only a sha256 bank. And yet, Windows still "uses" sha1, which again fails.
How can I further troubleshoot? Is there some variable that needs adjusting with the tpm?
Thanks
Show Less