Infineon enables open source security TPM 2.0 software stack
An open source software stack for the Trusted Platform Module (TPM) 2.0 has been announced by Infineon Technologies.
It is designed for easier integration of the standardised hardware-based security into industrial and automotive applications, such as network equipment.
According to Infineon this is the the first open source TPM middleware that complies with the software stack (TSS) enhanced system application program interface (ESAPI) specification of the Trusted Computing Group (TCG).
“The ease of integration on Linux and other embedded platforms that comes with the release of the TPM 2.0 ESAPI stack speeds up the adoption of TPM 2.0 in embedded systems such as network equipment and industrial systems,” said Gordon Muehl, Global CTO Security at Huawei.
“We are currently seeing great interest in enhancing the security of IoT, IIoT, Industry 4.0 and automotive applications,” adds Michael Roeder, manager technology engineering and services at Avnet Silica. “The availability of the open source TSS ESAPI layer simplifies the integration of TPM 2.0 in all kinds of applications and is well aligned to our own open source approach to security.”
The Infineon Security Partner Network (ISPN) offers a variety of software libraries that meet the requirements of different applications and target platforms.
Infineon funded the development of the ESAPI by partner Fraunhofer Institute for Secure Information Technology (SIT). The Infineon-funded ESAPI layer is based on the SAPI layer developed by Intel. It includes a new layer of API functions to simplify the use and integration of the TPM. Another enhancement is ease of establishing a connection with the TPM through an application, secured communication between the host CPU and the TPM, and authorisation using message authentication codes (HMAC).
Based on the ESAPI layer, the stack includes support for OpenSSL. It can use the Infineon OPTIGA TPM to protect device communication secured with SSL/TLS via a standardised interface by deploying TPM 2.0 as a secured key store for OpenSSL.
The TSS stack and ESAPI layer are published under the permissive 2-clause BSD licence, which provides high flexibility and increases adoption. The ESAPI code was developed using industry standards, continuous integration and testing, a thorough two-person review process, and static code analysers like clang and Coverity, adds Infineon. In addition, the stack was tested and evaluated on Infineon OPTIGA TPM SLB 9670 with the latest TPM specifications. Future enhancements will include support for Cryptsetup/LUKS disk encryption and a version featuring ESAPI support for TPM tools.
Application developers can use the OPTIGA TPM SLB 9670 Iridium boards offered by Infineon and download the TSS code via Github to get started right away. Source code packages for the Infineon AURIX as well as for Arduino microcontrollers will be released in due course, assures Infineon.