Security & Smart Card Forum Discussions
Browse the Community
OPTIGA™ Trust
High-end easy to use security solutions that provide an anchor of trust for your application, connecting IoT devices to the cloud, giving billons of device its own unique identity, pre-personalized turnkey solutions, zero-touch onboarding, high performance, ... We did not meet your expectations? Let us know!
OPTIGA™ TPM
OPTIGA™ TPM (Trusted Platform Module) offers a broad portfolio of standardized security controllers to protect the integrity and authenticity of embedded devices and systems. With a secured key store and support for a variety of encryption algorithms, OPTIGA™ TPM security chips provide robust protection for critical data and processes through their rich functionality. OPTIGA™ TPM security controllers are ideal for platforms running both Windows and Linux and its derivatives (SLB 9645 product versions for Chrome OS available). Based on Trusted Computing Group (TCG) standards, they support the TPM 1.2 or the latest innovative TPM 2.0 standard.
SECORA™ Blockchain
SECORA™ Blockchain is a fast, easy-to-use Java Card™ solution supporting best-in-class security for block chain system implementations. By providing a safe “vault” for user credentials, SECORA™ Blockchain can reduce the final user’s commercial risk and helps to increase trust in the block chain system.
CIPURSE™
Open, international standards such as CIPURSE™ are the best way to ensure interoperability across secured, cost-effective and flexible multi-applications schemes supporting fare collection. Infineon is the world’s first supplier of a complete CIPURSE™ certified product portfolio.
OPTIGA™ Connect
OPTIGA™ Connect is a family of turnkey eSIM security solutions for easy, flexible and secured cellular connectivity. They are optimized for specific requirements of industrial and IoT applications as well as those of consumer devices.<br> NOTE: We currently support only <b>OPTIGA™ Connect IoT</b> on this forum. For queries on OPTIGA™ Connect Consumer, please create a case at <a href="https://mycases.infineon.com/">https://mycases.infineon.com/</a>.
Featured Discussions
Hello everyone,
I have been working with an Optiga Trust Mv3 for quite some time now. I have used it directly using the provided API available here (https://github.com/Infineon/optiga-trust-m) but also with an OpenSSL Engine which I developed for OpenSSL 1.1.1, based on the example provided in this repos (https://github.com/Infineon/linux-optiga-trust-m).
Now, as I am also working with an embedded device running MbedTLS and using an Optiga Trust Mv3, I would like to use the equivalent of an OpenSSL Engine for MbedTLS. I read about PSA Drivers (https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/psa-driver-interface.md), which seems to be what I am looking for, however I can't find any PSA driver implementation example taking advantage of a Secure Element. My goal would of course to be able to seamlessly use MbedTLS with the Optiga Trust M.
Would you have any resources on this topic, such as a repo explaining how to use a PSA driver with the Trust M ?
Thank you for your help,
Regards,
Maxime
Show LessHi,
can i get the IBIS model of SLB9673XU20FW2610XTMA1 for signal integrity
thanks
Hi,
We were trying to run tpm commands to create Attestation key using Google-attestation opensource package on freebsd. However, it fails with the error: warning code 0x2 : out of memory for object contexts
Can you please help us with following:
1) Is Optiga tpm2 supported on FreeBSD
i) If not, are there any other software pkgs that can be used.
2) Do you have an SDK to interact with the TPM2 device. Please share the relevant documentation.
Regards
Shashi
Show LessGood afternoon, I'm looking for some assistance with an Intune pre-provisioning issue.
Installed in: HP ZBook Fury G9 Mobile Workstation
Processor: Intel Core i7-12800HX
OS: Windows 11 Pro 23H2 (OS Build 22631.3155)
Intune Enrollment - Hybrid - Whiteglove enroll.
Issue: "Something happened, and TPM attestation timed out."
TPM Present: True
TPM Version: 2.0
TPM Manufacturer ID: IFX
TPM Manufacturer Full Name: Infineon
TPM Manufacturer Version: 15.22.16832.0
PPI Version: 1.3
Is Initialized: True
Ready for Storage: True
Ready for Attestation: True
Is Capable For Attestation: True
Clear Needed to Recover: False
Clear Possible: True
TPM Has Vulnerable Firmware: False
Bitlocker PCR7 Binding State: Binding Possible
Maintenance Task Complete: True
TPM Spec Version: 1.59
TPM Errata Date: Thursday, June 18, 2020
PC Client Version: 1.05
Lockout Information:
-Is Locked Out: False
-Lockout Counter: 0
-Max Auth Fail: 31
-Lockout Interval: 600s
-Lockout Recovery: 86400s
Contents of CertReq_enrollaik_Output:
v2.0
TPM-Version:2.0 -Level:0-Revision:1.59-VendorID:'IFX '-Firmware: 983062.4308992
GetEKCertInfo
EnrollStage = 30
GetCACert = 0ms
GetCACaps = 0ms
CreateRequest = 0ms
SubmitRequest = 0ms
ProcessResponse1 = 0ms
SubmitChallengeAnswer = 0ms
ProcessResponse2 = 0ms
Enroll = 0ms
Total = 578ms
Certificate Request Processor: Element not found. 0x80070490 (WIN32: 1168 ERROR_NOT_FOUND)
Additional Info: I'm connected to internet and can ping well-known DNS servers.
Contents of TpmHliInfo_Output:
2024-02-23T20:16:30
TpmHLI GetVersion result: 0x00000000
TpmHLI Version: 2.0
Manufacturer: Infineon
VendorId: SLB9672
Uefi Is Present: Yes
TpmHLI IsReady for Storage result: 0x00000000
Ready: True
Bits: 0x0000000000000000
TpmHLI IsReady for Attestation result: 0x00000000
Ready: True
Bits: 0x0000000000000000
Additional Troubleshooting Steps:
- I've already updated Windows 11 Pro to the current version and installed all security updates via powershell, BIOS from HP is updated to most recently version. I've re-imaged with a factory image using an USB Stick, I've reset the device as well.
- Removed the device and hardware id has from Intune, re-exported using the Get-AutopilotInfo script and imported it back into Intune via the portal.
- Cleared the TPM twice now.
- Other models HP ZBook Fury G8 (Prior model) and HP ZBook Fury G10 (Current model) have had absolutely no issues whatsoever pre-provisioning.
Please advise.
Show LessI have been testing my Raspberry Pi 4 with SWTPM with TPM9670 raspberry pi dev board plugged in (never removed), and after that I've been trying to retrieve the MFG CA number. However, after following the process shown in link with fresh installed OS, and following the process in link (section: NVM and Certificate Management), it somehow shows it's from IBM and titled IBM's SW TPM (image below). Method shown in link doesn't help as well. SLM 9670
Since it is not supported to upload .der, .crt, and .pem filetypes, I've zipped generated "ekcert.der", "ifx_rsa_cert.crt", and "ifx_rsa_cert.pem" in attached zip file.
While at the same time, executing "Setup/Get TPM capability (fixed)" does return I believe correct info as shown in the following image.
I have tried resetting the TPM board, reinstall OS, but this result persists. Is there any method to either fully reset to factory state, or is there any fix possible?
Show Less
I'm selecting a TPM for my application, likely SLB 9672. Where can I go to confirm the commands which this TPM supports?
The OPTIGA TPM SLB 9672 datasheet says it is based on the following specification:
“TCG PC Client Platform TPM Profile (PTP) Specification”, Family 2.0, Level 00, Rev. 01.05 v14,
September 4, 2020, TCG
Table 8 of this specification lists which commands are mandatory/optional. For those that are optional, which do the various OPTIGA TPMs support?
In other words, what would be the result of the TPM2_GetCapability command (inspecting TPM_CAP_COMMANDS)?
Show LessI am using "optiga_crypt_ecc_generate_keypair" to generate a keypair but I get " 0x202 (CMD ERROR)". can you please let me know whats wrong here.
Here's my API.
Hello guys,
I tried to use the infineon TPM utility to test TPM ( https://github.com/Infineon/eltt2?tab=readme-ov-file ),
based on Ubuntu: 22.04, kernel: 6.2.0-36-generic, but the test result is failed as below:
and I already checked kernel 5.15 is PASS, so could anybody know what's the problem on kernel 6.2 ?
smartconx_target@Q!w2e3r4t5y6u7i8o9p0||/t5/OPTIGA-TPM/Module-TPM-2-0-SLB-9670-XQ-2-0-used-the-infineon-TPM-utility-to-test-TPM-failed/td-p/706081
Show Less