Browse the Community
High-end easy to use security solutions that provide an anchor of trust for your application, connecting IoT devices to the cloud, giving billons of device its own unique identity, pre-personalized turnkey solutions, zero-touch onboarding, high performance, ... We did not meet your expectations? Let us know!
OPTIGA™ TPM (Trusted Platform Module) offers a broad portfolio of standardized security controllers to protect the integrity and authenticity of embedded devices and systems. With a secured key store and support for a variety of encryption algorithms, OPTIGA™ TPM security chips provide robust protection for critical data and processes through their rich functionality. OPTIGA™ TPM security controllers are ideal for platforms running both Windows and Linux and its derivatives (SLB 9645 product versions for Chrome OS available). Based on Trusted Computing Group (TCG) standards, they support the TPM 1.2 or the latest innovative TPM 2.0 standard.
SECORA™ Blockchain is a fast, easy-to-use Java Card™ solution supporting best-in-class security for block chain system implementations. By providing a safe “vault” for user credentials, SECORA™ Blockchain can reduce the final user’s commercial risk and helps to increase trust in the block chain system.
Open, international standards such as CIPURSE™ are the best way to ensure interoperability across secured, cost-effective and flexible multi-applications schemes supporting fare collection. Infineon is the world’s first supplier of a complete CIPURSE™ certified product portfolio.
OPTIGA™ Connect is a family of turnkey eSIM security solutions for easy, flexible and secured cellular connectivity. They are optimized for specific requirements of industrial and IoT applications as well as those of consumer devices.<br> NOTE: We currently support only <b>OPTIGA™ Connect IoT</b> on this forum. For queries on OPTIGA™ Connect Consumer, please create a case at <a href="https://mycases.infineon.com/">https://mycases.infineon.com/</a>.
I have been testing my Raspberry Pi 4 with SWTPM with TPM9670 raspberry pi dev board plugged in (never removed), and after that I've been trying to retrieve the MFG CA number. However, after following the process shown in link with fresh installed OS, and following the process in link (section: NVM and Certificate Management), it somehow shows it's from IBM and titled IBM's SW TPM (image below). Method shown in link doesn't help as well. SLM 9670
Since it is not supported to upload .der, .crt, and .pem filetypes, I've zipped generated "ekcert.der", "ifx_rsa_cert.crt", and "ifx_rsa_cert.pem" in attached zip file.
While at the same time, executing "Setup/Get TPM capability (fixed)" does return I believe correct info as shown in the following image.
I have tried resetting the TPM board, reinstall OS, but this result persists. Is there any method to either fully reset to factory state, or is there any fix possible?
This seems similar to some other threads I've found:
Platform is a Gigabyte z97x-ud3h motherboard with an updated bios with tpm2.0 support.
SLB9665 has been updated to TPM20_5.63.3353.0.
With hashpolicy set to sha1 in the uefi, everything works perfectly, except for the obvious issue that sha1 is being used.
When set to sha2, the uefi indeed populates sha256 banks 0-7 and 11. However, Windows 11 still tries to use the sha1 bank for some reason, which obviously does not work.
As suggested in the other thread, I was able to use pcr_allocate to configure only a sha256 bank. And yet, Windows still "uses" sha1, which again fails.
How can I further troubleshoot? Is there some variable that needs adjusting with the tpm?
write_default_shared_secret.sh: 2: source: not found
rm: cannot remove '*.dat': No such file or directory
Generate default shared secret
Bypass Shielded Communication.
shm_open: Permission denied
We are currently working on tpm2.0 for SLB9673 , as this is new to us we would like to know whether SLB9673 supports disk encryption.
If so, could you provide us a brief explanation about disk encryption process that is performed and the necessary steps/procedure that is to be followed to perform the same.
Thanks and Regards,
Is SLB 9665TT2.0 compatible with ESXi version 8? The requirements are as follows:
- TPM 2.0
- SHA-256 hashing algorithm - SHA1 is not supported
- TIS/FIFO (First-In, First-Out) interface and not CRB (Command Response Buffer) - CRB is a no no according to VMWare docs.
I'm trying to decide between writing the pal layer for Zephyr OS using the official Trust M library (https://github.com/Infineon/optiga-trust-m) vs using the experimental Zephyr branch for Trust M (https://github.com/Infineon/zephyr-optiga).
There have been a couple of attempts to have Trust M support added to the Zephyr repo, but didn't seem to get very far. I'm not necessarily looking to add to a public repo, but I need reliable functionality with Zephyr. Although I've briefly looked into it, I don't have a solid gauge on the effect involved in writing a pal for Zephyr. Any advise is welcome!!
Can you please let me know the storage temperature range (MIN~MAX) for OPTIGA TRUST M SLS32AIA? This information is missing from both the ProductBrief and the datasheet.
We are now developing SLB9673 (package) in our platform and doing thermal test.
Correct me if I am wrong.
In the datasheet shows:
*standard temperature TA range is -40 to 85 degreeC &
*Enhance temperature TA range -40 to 105 degreeC.
1) Please help to provide PSI JT, normally system design use "PSI JT" to calculate the estimation of Tj(caculated).
2) If Tj(caculated) < 110 degreeC Tj(maximum junction temperature), then it will be safe?