Embedded World Product Showcase: Infineon Technologies OPTIGA TPM SLB 9672
June 14, 2022
Cybersecurity issues continue to plague modern electronic devices and will only continue to do so as quantum computing becomes mainstream. This powerful new class of processor is poised to break standard encryption and the PKI infrastructure that’s used by desktops, laptops, tablets, IoT devices, network infrastructure platforms, and more to authenticate who, or what, they’re communicating with.
But companies like Infineon are looking to head the quantum threat off at the pass with security solutions that integrate a post-quantum cryptography (PQC) protected firmware update mechanism based on XMSS signatures. For those unfamiliar with the terms, XMSS, or the eXtended Merkle Signature Scheme uses hash trees and one-time signatures to provide a high level of quantum resistance.
Now, the new OPTIGA TPM SLB 9672 natively supports the emerging encryption methodology to extend quantum resistance to remote firmware updates on embedded devices. It includes 51 kB of extended non-volatile memory is included for storing certificates and cryptographic keys, as is a security controller that supports 192-bit key lengths and performs cryptographic security operations 2x to 4x faster thanks to previous-generation devices.
Beyond XMSS support, the OPTIGA TPM SLB 9672 contains an array of built-in, hardware-based security, including:
- A NIST SP800-90A Random Number Generator (RNG)
- 24 Platform Configuration Registers for SHA-1, SHA-256, or SHA384
- Pre-generation of up to 7 RSA key pairs at 1024, 2048, 3072, or 4096 bits
- Support for ECC (NIST P256, BN P256, NIST P384), SHA1, SHA256, and SHA384
- 3 Endorsement Keys (EK) and 3 EK certificates (RSA 2048, ECC NIST P256, ECC NIST P384
- Up to 64 active sessions and 3 loaded sessions
It also supports built-in fail-safes like NIST SP 800-193 Platform Firmware Resiliency, which provides TPM firmware recovery in the event firmware is corrupted. Collectively, this feature set means that if an OPTIGA TPM SLB 9672 is deployed today using current algorithms that become compromised and firmware is lost or damaged, the quantum-resistant XMSS firmware upgrade ensures it can recover to normal operating status.
The OPTIGA TPM adheres to various standards such as FIPS 140-2 Level 2, Common Criteria EAL4+, and the Trusted Computing Group’s (TCG’s) TPM 2.0 standard version 1.59 requirements.
The Infineon OPTIGA TPM SLB 9672 in Action
On the environment front, the OPTIGA TPM SLB 9672 works with the latest versions of Linux and Microsoft Windows out of the box and also meets Intel® Trusted Execution Technology hardware requirements to make it an ideal candidate for use in PCs, servers, and connected device architectures.
Speaking of connected devices, the UQFN-32-packaged silicon can operate across temperature ranges from -40ºC to +105°C and have a low standby power consumption of just 120 µA (typ.). The TPM communicates with the rest of a host system using the SPI interface, which allows it to be used for operations like secure boot as well as an isolated cryptographic controller.
Developers can trial its functionality via the OPTIGA TPM SLB 9672 PC evaluation board, a plug-and-play device that accepts 3.3 V or 1.8 V power supplies and connects directly to PC motherboards over a SPI interface. This provides a baseline for accessing GUI-based development tools like the Infineon Embedded Linux TPM Toolbox 2 for TPM 2.0 for TPM startup and the OPTIGA TPM 2.0 Explorer GUI tool for Raspberry Pi, both of which are available on GitHub.
Getting Started with the Infineon OPTIGA TPM SLB 9672
In addition to tools like those mentioned above, engineers looking to get started with the OPTIGA TPM SLB 9672 can also access host software, application guides and documentation, and other tools from Infineon’s Github page. And once they’re ready to advance towards commercial production, the Infineon Security Partner Network (ISPN) provides access to professional resources that can help make the most of the advanced TPMs over their 10-plus-year supported lifecycle.
To learn more about or purchase the OPTIGA TPM SLB 9672 or its companion development kit, visit www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/optiga-tpm-slb-9672-fw15/?redirId=173335.
- OPTIGA TPM product page: www.infineon.com/OPTIGA-TPM-SLB9672
- Purchase the Infineon Optiga TPM: www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/optiga-tpm-slb-9672-fw15/?redirId=173335#order
- Infineon Optiga TPM GitHub: https://github.com/Infineon/optiga-TPM
- Infineon Optiga TPM data sheet: www.infineon.com/dgdl/Infineon-OPTIGA%20TPM%20SLB%209672%20FW15-DataSheet-v01_00-EN.pdf?fileId=8ac78c8c7f2a768a017f89965f764432
- Infineon Optiga TPM press release: www.infineon.com/cms/en/about-infineon/press/market-news/2022/INFCSS202202-051.html