Recent discussions
Hi,
I can see that SLB9672 is pin to pin compatible with SLB9670, but package name is different. Are they still footprint compatible?
Apart for SN or PN identification, are these two compatible software wise?
Thanks
HI I am looking IBIS file for SLM9670AQ20FW1311XTMA1, can you please provide this IBIS file, we need to do signal integrity simulation.
Hi,
I need Linux device driver and steps to interface OPTIGA™ TPM SLM 9670 TPM2.0 with TI AM437x processor over SPI interface.
I am new to Linux Device Drivers as well as the OPTIGA™ TPM SLM 9670 TPM2.0 chip, so I would also need steps to integrate the device driver.
Thx,
Kiran.
Show Less
Hello
I have a few of the SLB9670 TPM 2.0 chips installed in a batch of embedded Linux devices. They work fine, but they do not have fips certification marked in their fixed properties. The product page, however, says:
"FIPS 140-2 certified FW available via FW update"
Is it possible to install the firmware update in order to upgrade the SLB9670 in the field? How?
Is this firmware update available, and under what conditions?
Regards. Jorgen.Pihlflyckt@ajeco.fi
Show LessHaving issue with Infineon TPM v2.0 complicating Windows 11 update! I have a brand new Intel i5 desktop pc (Asus D700SA) and I'm attempting to update to Windows 11.
The Microsoft update process balks and I get a message stating that I must MANUALLY UNINSTALL my Infineon TPM. My TPM is version 2.0 which Microsoft says is OK in order to update to Win11.
Anyone else experience this? What's up?!
The Microsoft update process balks and I get a message stating that I must MANUALLY UNINSTALL my Infineon TPM. My TPM is version 2.0 which Microsoft says is OK in order to update to Win11.
Anyone else experience this? What's up?! Show Less
Can anyone give the support for how to use TPM for storing the secure boot keys in imx6/imx8 series platforms. All the suggestions are highly appreciated. Show Less
- TPM_A: The TPM where I created a key.
- TPM_A_KEY: The key generated in TPM_A that I want to create a duplicate of.
- TPM_B: The TPM where I want to import the duplicate.
- TPM_B_KEY: The ECC P-256 key generated in TPM_B which I want to use to wrap the duplicate create in TPM_A of TPM_A_KEY.
As part of this process, I need to import the public part of TPM_B_KEY in TPM_A, for which I use the LoadExternal TPM command, which allows me to load the external public part (TPM2B_PUBLIC), the private part is set to the empty buffer, TPM_B_KEY has the attributes DECRYPT and RESTRICTED.
In the SLB9670 Module I am unable to do this, I receive a 0x101 error (TPM_RC_FAILURE) and the TPM enters into Failure Mode, unable to process any other commands. In the SLM9670 it works OK, same for Microsoft TPM Simulator, I do not receive any other errors. The TPM2B_PUBLIC structure has no errros, it contains the symmetric algo for wrapping, the public components X and Y...
I am using a HMAC session for the command, but without a session it is also possible to reproduce.
I have also noticed that I am able to import keys with SIGN as the only attribute, but if I try to load it with a session it enters into Failure Mode.
I am able to create the duplicate successfully, import it... with the Microsoft TPM Simulator and also with the SLM9670 (Vendor String: 13.11.4555) module, without any changes in the code.
This all seems quite strange, so I am thinking that perhaps this is an errata or undefined behaviour in the SLB9670 chip, and I was wondering if someone at Infineon would be able to look at this. I can provide TCTI communication traces if required, but I think it should be easy to reproduce, just call LoadExternal with a decrypt/restrict ECC NIST P256 key.
Many thanks for your help. Show Less
I've got the following device: OPTIGA™ TPM SLx 9670 TPM2.0 with SPI Interface in a Raspberry Pi 3 (https://www.infineon.com/dgdl/Infineon-App-Note-SLx9670-TPM2.0_Embedded_RPi_DI_SLx-AN-v01_30-EN.pdf?fileId=5546d46267c74c9a01684b96e69f5d7b). I am trying to get the EK certificate but is seems that it is absent. I'm using the following command to fetch:
tpm2_nvread --index 0x1c00002 -a 0x40000001
I'm getting the following response:
ERROR: Tss2_Sys_NV_ReadPublic(0x18B) - tpm:handle(1):the handle is not correct for the use
ERROR: Failed to read NVRAM public area at index 0x1C00002
ERROR: Unable to run tpm2_nvread
Here is a list of all NV indices (empty):
pi@raspberrypi:~ $ tpm2_nvlist
pi@raspberrypi:~ $
Does Infineon have a EK certification server to restore the EK certificate? As far as I know this certificate should be already available but it is missing...
Thank you. Show Less
as shown in this log snippet:
TBOOT: tboot: supported alg count = 2
TBOOT: tboot: hash alg = 00000004
TBOOT: tboot: hash alg = 0000000B
TBOOT: TPM:CreatePrimary creating hierarchy handle = 40000007
(10 to 40 seconds elapse here)
TBOOT: TPM:CreatePrimary created object handle = 80000000
TBOOT: TPM attribute:
TBOOT: extend policy: 2
TBOOT: current alg id: 0x4
TBOOT: timeout values: A: 750, B: 2000, C: 75000, 😧 750
I'm puzzled as to why the time this takes varies so widely. The longer times are killing us as we have some bootup time deadlines, and the unpredictability complicates things even more. Sometimes it's fast, sometimes it's slow.
There doesn't seem to be any pattern, nor is it influenced by whether the system is starting from a powered-off state or
just a warm reboot. I suspect it may have to do with the TPM trying to gather enough entropy to generate the random number that forms the seed for the NULL hierarchy although that's just a guess. Can anyone from inside
or outside Infineon comment on why the time is so variable? Show Less