Security & Smart Card Forum Discussions

Hello,

We are currently working on tpm2.0 for SLB9673 with AM5748 soc
We would like to  know if there exists a secure boot method that uses the TPM2 commands to verify the kernel integrity at the u-boot stage. Specifically that utilises the TPM2 functionalities to ensure the authenticity and integrity of the kernel image during the boot process.

Also, any resources, documents, or references that provide detailed information on this topic would be helpful.

Thanks and Regards,
Mythreyi

Show Less

Hi,
I get this error when trying to interface SLB9670 with BeagleBone Balck over SPI1, bus with CS1:

tpm_tis_spi: probe of spi1.1 failed with error -110

This is my overlay:

/dts-v1/;
/plugin/;

/ {
compatible = "ti,beaglebone","ti,am335x-boneblack", "ti,beaglebone-black";

part-number = "BB-SPI1-SLB9670";
version = "00A0";

fragment@0 {
target = <&am33xx_pinmux>;
__overlay__ {
pinmux_spi1_pins: pinmux_spi1_pins {
pinctrl-single,pins = <
0x190 0x33 /* spi1_sclk,MODE3 */
0x194 0x33 /* spi1_d0, MODE3 */
0x198 0x33 /* spi1_d1, MODE3 */
0x164 0x32 /* spi1_cs1, MODE2 */
>;
};
};
};

fragment@1 {
target = <&spi1>;
__overlay__ {
pinctrl-0 = <&pinmux_spi1_pins>;
status = "okay";
};
};

fragment@2 {
target = <&spi1>;
__overlay__ {
#address-cells = <1>;
#size-cells = <0>;
slb9670: slb9670@1 {
compatible = "infineon,slb9670";
reg = <1>;
#address-cells = <1>;
#size-cells = <0>;
spi-max-frequency = <32000000>;
};
};
};
};

Reset has pull-up.

This is what I have included and compiled in my kernel image:
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
CONFIG_TCG_TIS_SPI=y

I can see that tis-spi driver for tpm2.0 is loaded under /sys/bus/spi/drivers (I compiled it with kernel).
There is also SPI1.1 device visible under /sys/bus/spi/devices

In short, SPI1 is working because I use it for ENC28J60 ethernet PHY with CS0.
For SLB9670 I use P9_42 pin in mode 2 as CS1, but without any luck to establish connection with SLB.

 

Can somone tell me more about error -110 and how to fix it amd get things working.

 

Thanks

 

Show Less

I have wired the TrustM shield2go adapter to my Raspberry Pi as per recommendation and installed the linux-optiga-trust-m stack as per the documentation. However, when I try any application , I get the following error : ./trustm_chipinfo 8085:Error in trustm_helper/trustm_helper.c:1092 _trustm_Open: Fail : optiga_util_open_application 8085:Error [0x0102] : OPTIGA comms API failed 8085:Error in trustm_helper/trustm_helper.c:1092 _trustm_Open: Fail : optiga_util_open_application 8085:Error [0x0102] : OPTIGA comms API failed 8085:Error in trustm_helper/trustm_helper.c:1127 trustm_Open: Error opening Trust M, EXIT. This leads me to believe that TRUSTM chip isnt interacting with my raspberry PI. How can I debug this. Show Less

How does one field firmware upgrade / OTA the SLB9762 FW16.12?

We need to upgrade the SLB9762 FW16.12 to the latest (FW16.13??) in an ARM-based Linux environment.

Any pointers, sample code, examples, white papers, etc appreciated.

Show Less

Has anyone encountered any challenges integrating the OPTIGA™ Trust M security chip with their IoT device? Looking for tips!

By

Hobert

 

Show Less