Security & Smart Card Forum Discussions
Browse the Community
OPTIGA™ Trust
High-end easy to use security solutions that provide an anchor of trust for your application, connecting IoT devices to the cloud, giving billons of device its own unique identity, pre-personalized turnkey solutions, zero-touch onboarding, high performance, ... We did not meet your expectations? Let us know!
OPTIGA™ TPM
OPTIGA™ TPM (Trusted Platform Module) offers a broad portfolio of standardized security controllers to protect the integrity and authenticity of embedded devices and systems. With a secured key store and support for a variety of encryption algorithms, OPTIGA™ TPM security chips provide robust protection for critical data and processes through their rich functionality. OPTIGA™ TPM security controllers are ideal for platforms running both Windows and Linux and its derivatives (SLB 9645 product versions for Chrome OS available). Based on Trusted Computing Group (TCG) standards, they support the TPM 1.2 or the latest innovative TPM 2.0 standard.
SECORA™ Blockchain
SECORA™ Blockchain is a fast, easy-to-use Java Card™ solution supporting best-in-class security for block chain system implementations. By providing a safe “vault” for user credentials, SECORA™ Blockchain can reduce the final user’s commercial risk and helps to increase trust in the block chain system.
CIPURSE™
Open, international standards such as CIPURSE™ are the best way to ensure interoperability across secured, cost-effective and flexible multi-applications schemes supporting fare collection. Infineon is the world’s first supplier of a complete CIPURSE™ certified product portfolio.
OPTIGA™ Connect
OPTIGA™ Connect is a family of turnkey eSIM security solutions for easy, flexible and secured cellular connectivity. They are optimized for specific requirements of industrial and IoT applications as well as those of consumer devices.<br> NOTE: We currently support only <b>OPTIGA™ Connect IoT</b> on this forum. For queries on OPTIGA™ Connect Consumer, please create a case at <a href="https://mycases.infineon.com/">https://mycases.infineon.com/</a>.
Featured Discussions
I created a AES Key and make it persistent handles-persistent(0x81010020)
but I can't use the handle value, even It dosen't work tpm2_evictcont -c 0x81010020
I think.. slb9672 chip(my chip) can't find the handle value which linked context file..
(mysymmetrickey.ctx is WORK!)
The problem only occurs on one chip and not on the other.
It didn't happen at first and it does happen at some point
Esys_TR_GetTpmHandle() is work, but only tpm2_tools command not work..
tpm2_clear command erase the handles, but the problem occur continuously..
# tpm2_getcap handles-persistent
- 0x81010020
# tpm2_evictcontrol -c 0x81010020
ERROR: Invalid serialized ESYS_TR size, got: 0
ERROR:esys:/usr/src/debug/tpm2-tss/3.2.0-r0/src/tss2-esys/esys_tr.c:356:Esys_TR_Close() Error: Esys handle does not exist (70018).
ERROR: Esys_TR_Close(0x70018) - esapi:The ESYS_TR resource object is bad
ERROR: Unable to run tpm2_evictcontrol
# tpm2_encryptdecrypt -c 0x81010020 -o mysecret.enc mysecret
WARN: Using a weak IV, try specifying an IV
ERROR: Invalid serialized ESYS_TR size, got: 0
ERROR: Invalid object key authorization
ERROR: Unable to run tpm2_encryptdecrypt
Show Less
Hello,
I would like to confirm an issue I have with the SLB9670. My research led me to this thread (https://community.infineon.com/t5/OPTIGA-TPM/IMX8MM-SLB9670-TPM2-Self-test-error/td-p/454162), which seems to suggest everything is normal, but it links to the RPI3. I want to make sure the same applies to the RPI4.
During bootup, I see the following Kernel messages:
[ 9.194573] tpm_tis_spi spi0.1: 2.0 TPM (device-id 0x1B, rev-id 22)
[ 9.197032] tpm tpm0: A TPM error (256) occurred attempting the self test
[ 9.197057] tpm tpm0: starting up the TPM manually
This is slightly annoying, but I can see tpm0
and tpmrm0
in the device section:
user@cm4:~/eltt2 $ ls /dev/tpm*
/dev/tpm0 /dev/tpmrm0
sudo tpm2_gettestresult
status: success
0x00000000: 0xCE 0xFB 0xBB 0x85 0xF2 0x29 0x63 0x1F 0x6A 0xC4 0xDD 0x18 0xC6 0x15 0x25 0x94
0x00000010: 0x48 0x06 0x78 0x92
Finally, sudo tpm2_selftest -f returns 0
Is it safe to assume that my TPM is working correctly despite those messages? It seems like it, but I would appreciate some confirmation.
Thank you!
Show LessDears,
SLS32AIA010ML 规格书里面写的I2C基地址是0X30,实际测试是0X24,帮忙确认下,谢谢!
Thanks!
alex.Wang
Hello, I am creating a small example applet with for the Secora ID X. I realized that an empty applet skeleton (i.e. no functionality) used as the default applet; the first APDU call always takes around 20 ms. Is there a way to get rid of this penalty?
Thanks
Show LessHello,
We are currently working on tpm2.0 for SLB9673 with AM5748 soc
We would like to know if there exists a secure boot method that uses the TPM2 commands to verify the kernel integrity at the u-boot stage. Specifically that utilises the TPM2 functionalities to ensure the authenticity and integrity of the kernel image during the boot process.
Also, any resources, documents, or references that provide detailed information on this topic would be helpful.
Thanks and Regards,
Mythreyi
Hi team,
we are using the slb9673 tpm2 chip for hardware security in our embedded project which as AM5748 soc,
We need to implement secure boot for the same, can you please give us a detailed procedure and software requirements to implement secure boot.
regards,
Yashwanth T L
Show LessHello,
Does Infineon have any TPM 2.0 chips in their portfolio that is targeting FIPS 140-3 certification?
The were none back in July 2022 according to the following thread, but wondering if plans have changed in the past ~2 years: Solved: TPM Module FIPS 140-3 Compliant - Infineon Developer Community
Thanks,
John
Hi,
I get this error when trying to interface SLB9670 with BeagleBone Balck over SPI1, bus with CS1:
tpm_tis_spi: probe of spi1.1 failed with error -110
This is my overlay:
/dts-v1/;
/plugin/;
/ {
compatible = "ti,beaglebone","ti,am335x-boneblack", "ti,beaglebone-black";
part-number = "BB-SPI1-SLB9670";
version = "00A0";
fragment@0 {
target = <&am33xx_pinmux>;
__overlay__ {
pinmux_spi1_pins: pinmux_spi1_pins {
pinctrl-single,pins = <
0x190 0x33 /* spi1_sclk,MODE3 */
0x194 0x33 /* spi1_d0, MODE3 */
0x198 0x33 /* spi1_d1, MODE3 */
0x164 0x32 /* spi1_cs1, MODE2 */
>;
};
};
};
fragment@1 {
target = <&spi1>;
__overlay__ {
pinctrl-0 = <&pinmux_spi1_pins>;
status = "okay";
};
};
fragment@2 {
target = <&spi1>;
__overlay__ {
#address-cells = <1>;
#size-cells = <0>;
slb9670: slb9670@1 {
compatible = "infineon,slb9670";
reg = <1>;
#address-cells = <1>;
#size-cells = <0>;
spi-max-frequency = <32000000>;
};
};
};
};
Reset has pull-up.
This is what I have included and compiled in my kernel image:
CONFIG_TCG_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
CONFIG_TCG_TIS_SPI=y
I can see that tis-spi driver for tpm2.0 is loaded under /sys/bus/spi/drivers (I compiled it with kernel).
There is also SPI1.1 device visible under /sys/bus/spi/devices
In short, SPI1 is working because I use it for ENC28J60 ethernet PHY with CS0.
For SLB9670 I use P9_42 pin in mode 2 as CS1, but without any luck to establish connection with SLB.
Can somone tell me more about error -110 and how to fix it amd get things working.
Thanks
Show Less
Hello everyone,
I have been working with an Optiga Trust Mv3 for quite some time now. I have used it directly using the provided API available here (https://github.com/Infineon/optiga-trust-m) but also with an OpenSSL Engine which I developed for OpenSSL 1.1.1, based on the example provided in this repos (https://github.com/Infineon/linux-optiga-trust-m).
Now, as I am also working with an embedded device running MbedTLS and using an Optiga Trust Mv3, I would like to use the equivalent of an OpenSSL Engine for MbedTLS. I read about PSA Drivers (https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/psa-driver-interface.md), which seems to be what I am looking for, however I can't find any PSA driver implementation example taking advantage of a Secure Element. My goal would of course to be able to seamlessly use MbedTLS with the Optiga Trust M.
Would you have any resources on this topic, such as a repo explaining how to use a PSA driver with the Trust M ?
Thank you for your help,
Regards,
Maxime
Show Less