Security & Smart Card Forum Discussions
Browse the Community
OPTIGA™ Trust
High-end easy to use security solutions that provide an anchor of trust for your application, connecting IoT devices to the cloud, giving billons of device its own unique identity, pre-personalized turnkey solutions, zero-touch onboarding, high performance, ... We did not meet your expectations? Let us know!
OPTIGA™ TPM
OPTIGA™ TPM (Trusted Platform Module) offers a broad portfolio of standardized security controllers to protect the integrity and authenticity of embedded devices and systems. With a secured key store and support for a variety of encryption algorithms, OPTIGA™ TPM security chips provide robust protection for critical data and processes through their rich functionality. OPTIGA™ TPM security controllers are ideal for platforms running both Windows and Linux and its derivatives (SLB 9645 product versions for Chrome OS available). Based on Trusted Computing Group (TCG) standards, they support the TPM 1.2 or the latest innovative TPM 2.0 standard.
SECORA™ Blockchain
SECORA™ Blockchain is a fast, easy-to-use Java Card™ solution supporting best-in-class security for block chain system implementations. By providing a safe “vault” for user credentials, SECORA™ Blockchain can reduce the final user’s commercial risk and helps to increase trust in the block chain system.
CIPURSE™
Open, international standards such as CIPURSE™ are the best way to ensure interoperability across secured, cost-effective and flexible multi-applications schemes supporting fare collection. Infineon is the world’s first supplier of a complete CIPURSE™ certified product portfolio.
Featured Discussions
Hello everyone, I am using raspberry Pi 4 board along with bullseye OS and Infineon SLB9670 TPM. After booting the OS, I am reading the PCR values and it showing all Zeroes. At this time I am able to extend the PCR values. My query is that why PCR values are not extending during boot process or what should I do for PCR extension?
Show LessHi All,
Please let me know what is the issue here.
I have SLI 9670 on my custom board.
SLI 9670 is connected over SPI bus to S32G2 processor.
Linux kernel probe fails.
1. Reading of vendor id used to fail with below error.
tpm_tis_spi: probe of spi1.0 failed with error -110
Problem resolved by driving RST pin permanently high in device-tree pin-configuration.
+ gamma-tpm-9670-rst-hog {
+ gpio-hog;
+ gpios = <13 GPIO_OPEN_DRAIN>;
+ output-high;
+ line-name = "gamma-tpm-9670-rst";
+ };
2. Now this error is noticed.
vendor: 0x1000000 - Is the read vendor id correct? Please confirm.
wait_startup: returns -1
Returning error -ENODEV
drivers/char/tpm/tpm_tis_core.c:
tpm_tis_core_init()
{
if (wait_startup(chip, 0) != 0) {
rc = -ENODEV;
pr_err("Returning error -ENODEV\n");
goto out_err;
}
/* Before we attempt to access the TPM we must see that the valid bit is set.
* The specification says that this bit is 0 at reset and remains 0 until the
* 'TPM has gone through its self test and initialization and has established
* correct values in the other bits.'
*/
static int wait_startup(struct tpm_chip *chip, int l)
{
......
} while (time_before(jiffies, stop));
pr_err("wait_startup: returns -1\n");
return -1;
}
Thanks & Regards,
Gangadhar
@sneha_prahalad , @Sharath , @ataulmanan
Show Less
Hi,
We are working on implementing secure boot process using the SLB9673 TPM2.0 in AM5748. We are able to communicate with tpm2 using the tss tools.
Following are the list of commands that we are able to access. Do you believe the current list is sufficient or do we need additional commands to better support our needs in future.
tpm2_activatecredential tpm2_hash tpm2_pcrextend
tpm2_certify tpm2_hmac tpm2_pcrlist
tpm2_create tpm2_listpersistent tpm2_quote
tpm2_createpolicy tpm2_load tpm2_rc_decode
tpm2_createprimary tpm2_loadexternal tpm2_readpublic
tpm2_dictionarylockout tpm2_makecredential tpm2_rsadecrypt
tpm2_encryptdecrypt tpm2_nvdefine tpm2_rsaencrypt
tpm2_evictcontrol tpm2_nvlist tpm2_send
tpm2_getcap tpm2_nvread tpm2_sign
tpm2_getmanufec tpm2_nvreadlock tpm2_startup
tpm2_getpubak tpm2_nvrelease tpm2_takeownership
tpm2_getpubek tpm2_nvwrite tpm2_unseal
tpm2_getrandom tpm2_pcrevent tpm2_verifysignature
Our first requirement is about configuring the secure boot using tpm2
Could you also help us with the detailed steps on how to configure the TPM2 for secure boot with the help of tpm2 commands.
Additionally, we've encountered an issue where we are unable to clear the DA Lockout (Dictionary Lockout) mode. Whenever we attempt to clear the lockout using tpm2_dictionarylockout, we're presented with the following error code - 0x921.
Thanks and regards,
Mythreyi U
Show LessHello Everyone, Is there any way/ command for TPM2.0 to find out the origin/locality of the command? I mean from where it is initiated. Or any function in ESAPI library?
Show LessHi All,
I have work with SLB9873, but when i di with Linux kernel V5.1 it got issue, not working,
so does Linux Kernel V5.1 support SLB9873? Does any one work done with Linux Kerner v5.1 before?
thank you,
Show LessIs the Infineon NFC Secure Access Module "NFCSAM" available in a Chip Card ID-1 - preferable with an ID-000 (2FF Form Factor mini-SIM) cutout?
Vince
Show Less
I hope this post finds you all well. Today, I would like to address a specific topic that has been causing some challenges for users of Red Hat systems who are working with Infineon devices. We have identified certain issues with kernel modules and drivers for Infineon devices, and I would like to open up a discussion to gather insights, experiences, and possible solutions from the community.
Here are some of the key points related to this topic:
-
Identification of the Issue: Users have reported difficulties in properly configuring and utilizing Infineon devices on Red Hat systems due to problems with kernel modules and drivers. These issues have resulted in limited functionality, poor performance, or even complete failure to recognize the devices.
-
Affected Infineon Devices: While the issue is not limited to a specific device, it has been observed across various Infineon hardware components such as security controllers, TPMs (Trusted Platform Modules), smart card readers, and other related devices.
-
Red Hat System Versions: The issues have been reported on different versions of Red Hat systems, including both the Enterprise Linux (RHEL) distribution and the community-driven Fedora project. It is important to note that these problems may not be exclusive to Red Hat, but it is the focus of this discussion.
-
Possible Causes: The problems may stem from compatibility issues between Infineon device firmware, kernel versions, and associated drivers. It is also plausible that some configuration settings or dependencies need to be properly addressed to ensure seamless integration.
Given the importance of Infineon devices in various fields such as security, encryption, and authentication, it is crucial to establish a robust and reliable solution for Red Hat users. Therefore, I invite all community members who have encountered or have insights on these issues to participate in this discussion.
Show LessI want porting TPM SLB9672 on my custom board through the SPI, I have been porting SLB9670 on my custom board,It's work,but SLB9672 can not work when using the same step.I know SLB9670 and SLB9672 used the same driver,but I can not get any information from TPM, What should I do?
Show Less