Infineon and wolfSSL recently announced their collaborative Commitment to Trusted Computing.
wolfTPM is designed for embedded use and leverages all features in the TPM 2.0 specification. wolfTPM is ideal for resource constrained devices and runs on Windows, Linux, RTOS, and bare metal environments.
The Infineon OPTIGA TPM SLB 9672 supports Microsoft Windows and Linux environments. Infineon also offers software and tools to facilitate firmware updates for the TPM.
Today we add the Espressif ESP32 to the long list of devices with wolfTPM support. With the merge of the open source PR #351, our TPM library can now be used in the ESP-IDF for the Infineon 9673 I²C TPM 2.0 module, taking up only about 5×5 mm footprint for a PG-UQFN-32-1,-2 package.
In recent years, TPM gained more attention due to the requirement of Windows 11 machines to have a TPM module present to meet Microsoft’s Security Recommendations. In fact, many other[*1] devices have long taken advantage[*2] of the security features available in a TPM module.
Key features[*3] include :
- Optimized TPM device for IoT and ICT applications
- PQC-protected firmware update mechanism
- Compliant to TPM Main Specification, Family “2.0”, Level 00, Revision 01.59
- Certifications:
- CC, Version 3.1 Rev.5, level EAL4+, AVA_VAN.4 (moderate) according to TCG PC Client TPM Protection Profile (targeted)
- FIPS 140-2 level 2 (physical security level 3) (targeted)
- I2C interface
- Random Number Generator (RNG) implemented according to NIST SP800-90A using entropy source according to NIST SP800-90B
- Full personalization with 4 Endorsement Keys (EK) and 4 EK certificates (RSA 2048, RSA3072, ECC NIST P256, ECC NIST P384)
- Standard temperature range (-40°C .. +85°C) or enhanced temperature range (-40°C .. +105°C)
- PG-UQFN-32-1,-2 package
- Optimized for battery operated devices: low standby power consumption (typ. 120 µA)
- 24 PCRs (SHA-1, SHA-256 or SHA384)
- 51 kByte NV memory [*4]
- Unlimited amount of NV counters (only depending on NV memory utilization)
- Up to 3 loaded sessions (TPM_PT_HR_LOADED_MIN)
- Up to 64 active sessions (TPM_PT_ACTIVE_SESSIONS_MAX)
- Up to 3 loaded transient Objects (TPM_PT_HR_TRANSIENT_MIN)
- Up to 7 loaded persistent Objects (TPM_PT_HR_PERSISTENT_MIN)
- Pre-generation of up to 7 RSA key pairs
- RSA (1024, 2048, 3072 and 4096 bit)
- ECC (NIST P256, BN P256, NIST P384)
- SHA-1, SHA-256, SHA-384
- AES-128, AES-192, AES-256
Why use wolfTPM?
The perfect companion to the Infineon Hardware is the wolfTPM software library, making it easier than ever to easily use the hardware features in your project. Of particular interest is our ability to update the SLB9672 and SLB9673 firmware! See the related blog: Infineon wolfSSL Modus Toolbox Support and wolfTPM Firmware upgrade support,
Security Enhancement: Adding wolfTPM to your Espressif ESP32 projects brings a crucial layer of hardware-based security. By using a Trusted Platform Module (TPM), wolfTPM ensures that all cryptographic operations are handled within a secure chip away from the prying eyes of software attackers. This setup is ideal for maintaining the confidentiality and integrity of your data.
Open Source and Community-Driven: As with all other open-source wolfSSL libraries, wolfTPM thrives on community input and collaboration. This transparency not only helps in enhancing its security capabilities but also keeps it at the forefront of technological and security advancements.
Broad Platform Support: The new support for Espressif ESP32 is another example of wolfTPM’s commitment to versatility across different platforms. This is especially valuable for those working on IoT devices or embedded systems that demand secure, flexible hardware integration options.
Ease of Integration: wolfTPM is designed with developers in mind, offering an intuitive API that makes it easy to add security features into your applications. Whether you’re highly experienced or just getting started in the world of hardware security, wolfTPM comes with all the documentation and support you’ll need to get up and running quickly.
Performance and Efficiency: wolfTPM is both economical and powerful in terms of resource use, making it ideal for the resource-limited environments that are typical of devices such as the ESP32. The library ensures your cryptographic operations are efficient and fast.
Real-World Use Cases: wolfTPM is built to secure a wide variety of applications – from smart home devices ensuring your privacy, to industrial machines that need to operate under stringent security and safety measures. The introduction of wolfTPM to the ESP32 allows for even more applications to benefit from trusted computing technologies.
Compliance and Certification: Using TPM technology with wolfTPM can ease the path to meeting rigorous security standards and compliance demands, critical for many businesses and industries.
Learn more about wolfTPM
Stay tuned for more announcements, as we’ll be also supplying wolfTPM support for the ESP32 as an Espressif Registry Managed Component, along with our existing wolfSSL, wolfSSH, and wolfMQTT components.
Do you want to take security to the next level on your ESP32 project? Let us help you take advantage of all the capabilities of TPM.
Find out more
If you have any feedback, questions, or require support, please don’t hesitate to reach out to us at facts@wolfSSL.com, +1 425 245 8247, or open an issue on GitHub.
[*1] – See https://github.com/wolfSSL/wolfTPM?tab=readme-ov-file#hardware
[*2] – Governments recognize the importance of TPM 2.0 through ISO adoption (June 29. 2015)
[*3] – Copied from the Infineon OPTIGA™ TPM SLB 9673 TPM2.0 Data Sheet
[*4] – Actual usable NV memory slightly less.
Download wolfSSL Now