Overview

As the number of products connected to networks increases year by year, attacks using AI are also becoming more widespread. Against this background, various security bills and standards, such as the European Cyber Resilience Act, are being formulated, and companies are scrambling to respond.

In this article, we will provide an overview of TPM, an IC chip specialized for security, and introduce the procedure for testing the operation of a TPM evaluation board using Raspberry Pi.
Security ICs such as TPM are also called secure elements, and have extremely strong resistance (tamper resistance) to external attacks such as side channel attacks, fault exploitation attacks, and reverse engineering.
In addition to software-based measures against cyber attacks, by taking security measures from a hardware perspective, it is possible to support and promote responses to various security requirements.

Basic knowledge of TPM

TPM (Trusted Platform Module) is a security IC based on specifications established by a standards organization called TCG (Trusted Computing Group). The latest version of TPM is TPM2.0, whose security has not yet been breached since its release in October 2014. Please note that it is not compatible with the older version, TPM1.2.

It attracted attention when it was specified in the system requirements for Windows 11, which was announced in June 2021, and it may become mandatory for the upcoming release of Windows 12. In addition, due to the aforementioned strengthening of legal regulations and the increasing risk of cryptographic analysis using quantum computers, TPMs are being adopted not only in PCs but also in various IoT devices and industrial equipment.

The design is focused on securely storing encryption keys, and enables security functions such as protecting data that uses encryption keys, improving the security of certificates, and detecting tampering.

Checking TPM operation using Raspberry Pi

This time, we used the OPTIGA™ TPM SLB9672 evaluation board provided by Infineon. In order to operate the TPM, a device driver and middleware are required. In this operation check, we used the Embedded Linux TPM Toolbox 2 (ELTT2) as the middleware.
ELTT2 is a single file executable intended for testing, diagnosing and basic state modification of TPM 2.0 devices. Available on Github, the tool is designed for use on Linux systems with TPM 2.0 and is easy to build and run with gcc.

Evaluation board operating environment

hardware

◦Raspberry Pi 3 Model B V1.2 ： Raspberry Pi OS（64-bit）

◦OPTIGA TPM SLB9672 RPI EVAL

software

◦ELTT2

Preparing for the demo

1. Install Raspberry Pi OS

- Write "Raspberry Pi OS" using Raspberry Pi Imager

2. Check the TPM device driver

- After booting the Raspberry Pi, run the following to check if the TPM is recognized.

 - $ ls -l /dev/tpm*

3. Preparation of ELTT2

- Download the source code from Github (https://github.com/Infineon/eltt2)

- Use the make command to compile the source code and generate "eltt2"

Test Example

Invoke the command as follows:

 - $ sudo ./eltt2 <option(s)>

①sudo ./eltt2 -g

Read the fixed properties of the TPM

➁sudo ./eltt2 -s [hash algorithm] <data bytes>

Hash specific data using SHA-1/256/384 hashing algorithms

③sudo ./eltt2 -G <data length>

Gets the specified amount of random bytes.

*The following specifies random bytes 08h and 14h

④sudo ./eltt2 -e [hash algorithm] <PCR index> <PCR digest>

Extend (add) a new value to the specified PCR (Platform Configuration Register) and perform a hash calculation.

⑤sudo ./eltt2 -r [hash algorithm] <PCR index>

Read the specified PCR value

⑥sudo ./eltt2 -z <PCR index>

Resets the specified PCR value to its initial state.

Summary

• The importance of security measures is growing due to the increase in network-connected devices and the sophistication of attacks using AI.
• Regulations such as the European Cyber Resilience Act are evolving and companies are being asked to respond to them.
• Hardware-based approaches as well as software-based approaches are effective for security measures
• TPM provides high tamper resistance and safely manages encryption keys.
• Using Infineon's TPM evaluation board and ELTT2, we performed basic functional tests of TPM 2.0.

Inquiry

If you have any questions about this product or would like a quote, please contact us using the form below.