Security & Smart Card Forum Discussions

Hello,

I use Optiga Trust M Eval Kit to integrate Optiga Trust M in our product. We use the following example: 

https://github.com/Infineon/optiga-trust-m/blob/develop/examples/utilities/authenticate_chip/example_authenticate_chip.c

We observed that pal_crypt_verify_signature independently of Keys, Digest and Signature delivers return code 0xB380. This return code we cannot decrpyt according to the existing return codes. 
The return code is independent of the input data. We used input data from example_optiga_crypt_ecdsa_verify.c as well as python-generated random data. 

Please, explain why pal_crypt_verify_signature fails.

Best regards,

Show Less

Hi,

     I need Linux device driver and steps to interface OPTIGA™ TPM SLM 9670 TPM2.0 with TI AM437x processor over SPI interface.

     I am new to Linux Device Drivers as well as the OPTIGA™ TPM SLM 9670 TPM2.0 chip, so I would also need steps to integrate the device driver.

Thx,

Kiran.

 

 

Show Less

Hi.
I've got the following device: OPTIGA™ TPM SLx 9670 TPM2.0 with SPI Interface in a Raspberry Pi 3 (https://www.infineon.com/dgdl/Infineon-App-Note-SLx9670-TPM2.0_Embedded_RPi_DI_SLx-AN-v01_30-EN.pdf?fileId=5546d46267c74c9a01684b96e69f5d7b). I am trying to get the EK certificate but is seems that it is absent. I'm using the following command to fetch:

tpm2_nvread --index 0x1c00002 -a 0x40000001

I'm getting the following response:

ERROR: Tss2_Sys_NV_ReadPublic(0x18B) - tpm:handle(1):the handle is not correct for the use
ERROR: Failed to read NVRAM public area at index 0x1C00002
ERROR: Unable to run tpm2_nvread

Here is a list of all NV indices (empty):

pi@raspberrypi:~ $ tpm2_nvlist
pi@raspberrypi:~ $

Does Infineon have a EK certification server to restore the EK certificate? As far as I know this certificate should be already available but it is missing...

Thank you. Show Less

Having issue with Infineon TPM v2.0 complicating Windows 11 update! I have a brand new Intel i5 desktop pc (Asus D700SA) and I'm attempting to update to Windows 11.

The Microsoft update process balks and I get a message stating that I must MANUALLY UNINSTALL my Infineon TPM. My TPM is version 2.0 which Microsoft says is OK in order to update to Win11.

Anyone else experience this? What's up?!

Show Less

Having issue with Infineon TPM v2.0 complicating Windows 11 update! I have a brand new Intel i5 desktop pc (Asus D700SA) and I'm attempting to update to Windows 11.

The Microsoft update process balks and I get a message stating that I must MANUALLY UNINSTALL my Infineon TPM. My TPM is version 2.0 which Microsoft says is OK in order to update to Win11.

Anyone else experience this? What's up?! Show Less

Hi,

TPM2 Tools demonstrates generating an Endorsement Credential Certificate using an endorsement public key and an ekcertservice URL;
https://github.com/tpm2-software/tpm2-tools/blob/3.X/test/system/test_tpm2_getmanufec.sh

Is there a similar URL for Infineon Optiga URLs? Or how is the endorsement certificate generated for these TPMs?

The following page appears to document the relevant CA's but not how to generate the EK certificate, as far as I can understand. https://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates/ Show Less