Browse the Community
OPTIGA™ Trust
High-end easy to use security solutions that provide an anchor of trust for your application, connecting IoT devices to the cloud, giving billons of device its own unique identity, pre-personalized turnkey solutions, zero-touch onboarding, high performance, ... We did not meet your expectations? Let us know!
OPTIGA™ TPM
OPTIGA™ TPM (Trusted Platform Module) offers a broad portfolio of standardized security controllers to protect the integrity and authenticity of embedded devices and systems. With a secured key store and support for a variety of encryption algorithms, OPTIGA™ TPM security chips provide robust protection for critical data and processes through their rich functionality. OPTIGA™ TPM security controllers are ideal for platforms running both Windows and Linux and its derivatives (SLB 9645 product versions for Chrome OS available). Based on Trusted Computing Group (TCG) standards, they support the TPM 1.2 or the latest innovative TPM 2.0 standard.
Recent discussions
Hi,
I am trying to interface SLB 9670VQ2.0 via SPI BUS and after configuring kernel to enable the required module, The device is going into time out mode. I also found a kernel patch which corresponds the problem of timeout but the patch is not currently integrated into the main line kernel.
https://lore.kernel.org/lkml/1229fbc4-0abd-376e-a9d7-ccdd6d56c2ae@gmx.de/t/
My question is,
If I spare a GPIO pin as a reset pin and assigned it to SLB 9670VQ2.0 then it will be enough for the SLB 9670VQ2.0 to come out of timeout phase or do i also need an implementation at the Linux kernel driver level to toggle the reset pin?
Regards
Ata
Show LessHi
I'm working on secure boot on TI omapl138 soc using TPM1.2 slb9645, I am able to detect TPM chip through I2C, But i didn't get any data sheet or technical reference module to know how TPM 1.2 works and register/memory addresses, To develop further can you please provide detailed documents of TPM 1.2 slb9645.
Thanks & regards
Yashwanth T L
Show LessHello,
I bought a evaluation board iridium 9645 ( IRIDIUM9645TPMI2CTOBO1), with a SLB9645 TPM 1.2, but I can't find any datasheet to plug this board on a raspberry pi 3B (40 pins header).
Could you provide the datasheet? If there is no datasheet, could you tell me what is the interest of the two jumpers, the 28 pins header, the 6 pins headers? The 26 pins header is for raspberry?
Where should I plug it on the header of my raspberry pi 3B, and in what way should I plug it?
Regards,
Nuliel
Show LessHello
Having trouble accessing documents and utilities. Get error like unable to authenticate. Tried firefox, chrome and edge same error.
"
Hi
I have tested several javacards (Feitian D11CR, Infineon JTOP, G&D Smart Cafe) over T=0 and here is what I have observed.
If applet returns some data in case 4 APDU, the JCRE signals with SW 0x61XX that there is data available which terminal should retrieve using GET RESPONSE APDU.
However, if applet returns some data in case 2 APDU and Le does not match number of bytes to be returned, JCRE signals with error SW 0x6CXX, instructing that the same C-APDU has to be resent with correct Le.
For legacy reasons there are terminals who know how to handle 0x61XX, but fail to handle 0x6CXX response. Is there a way how to force JCRE to handle case 2 APDUs using 0x61XX (GET RESPONSE) omegle voojio method?
Show LessCan anyone give the support for how to use TPM for storing the secure boot keys in imx6/imx8 series platforms. All the suggestions are highly appreciated. Show Less
according to the data sheet after successful writing of data . the NVM_ACT bit should be reset. but it doest get reset in my case. that means the NVM is still is progress.
can someone assist me in writing the data to NVM. Show Less
- TPM_A: The TPM where I created a key.
- TPM_A_KEY: The key generated in TPM_A that I want to create a duplicate of.
- TPM_B: The TPM where I want to import the duplicate.
- TPM_B_KEY: The ECC P-256 key generated in TPM_B which I want to use to wrap the duplicate create in TPM_A of TPM_A_KEY.
As part of this process, I need to import the public part of TPM_B_KEY in TPM_A, for which I use the LoadExternal TPM command, which allows me to load the external public part (TPM2B_PUBLIC), the private part is set to the empty buffer, TPM_B_KEY has the attributes DECRYPT and RESTRICTED.
In the SLB9670 Module I am unable to do this, I receive a 0x101 error (TPM_RC_FAILURE) and the TPM enters into Failure Mode, unable to process any other commands. In the SLM9670 it works OK, same for Microsoft TPM Simulator, I do not receive any other errors. The TPM2B_PUBLIC structure has no errros, it contains the symmetric algo for wrapping, the public components X and Y...
I am using a HMAC session for the command, but without a session it is also possible to reproduce.
I have also noticed that I am able to import keys with SIGN as the only attribute, but if I try to load it with a session it enters into Failure Mode.
I am able to create the duplicate successfully, import it... with the Microsoft TPM Simulator and also with the SLM9670 (Vendor String: 13.11.4555) module, without any changes in the code.
This all seems quite strange, so I am thinking that perhaps this is an errata or undefined behaviour in the SLB9670 chip, and I was wondering if someone at Infineon would be able to look at this. I can provide TCTI communication traces if required, but I think it should be easy to reproduce, just call LoadExternal with a decrypt/restrict ECC NIST P256 key.
Many thanks for your help. Show Less
I am playing this example from NordicSemi here:
https://infocenter.nordicsemi.com/index.jsp?topic=%2Fcom.nordic.infocenter.sdk5.v15.3.0%2Fifx_optiga_custom_example.html&cp=5_1_4_3_1_2
In this example, there is a test regarding key derivation as:
static void uc_key_derivation(void)
{
optiga_lib_status_t optiga_lib_status;
uint8_t info[100] = { 0 };
uint16_t info_len = 100;
uint16_t oid = 0xF1D0;
uint8_t shared_secret[64] = { 0 };
// Check if key derivation is supported (OPTIGA Trust X after version 1.20.1048)
optiga_lib_status = optiga_util_read_data(0xE0C2, 0, info, &info_len);
DEMO_OPTIGA_ERROR_CHECK(optiga_lib_status);
if (info[25] == 0x10 && info[26] == 0x48) // !!!! THIS CONDITION RETURNS TRUE
{
NRF_LOG_INFO("Key derivation not supported!\r\n");
NRF_LOG_FLUSH();
return;
}
As I understand, it checks the fw version of the OptigaX for if key derivation is supported or not. According to the reply of the TrustX device, the function returns with 'Key derivation not supported!' message.
The thing is that, in the datasheet (revision 2.6), it clearly says OptigaX supports key derivation in the first page.
Crypto ToolBox with ECC NIST P256, P384, SHA-256 (sign, verify, key generation, ECDH, key derivation)
I appreciate if anybody has any suggestion with that, if this is the case or not, and how to use key derivation with optigaX.
Best regards,
Vedat Show Less