World’s First TPM 2.0 with Open-Source Software Stack Cuts Down Security Integration Efforts in Industrial, Automotive and IoT Applications

By Tiera Oliver

Associate Editor

Embedded Computing Design

March 30, 2021


World’s First TPM 2.0 with Open-Source Software Stack Cuts Down Security Integration Efforts in Industrial, Automotive and IoT Applications

Trusted Platform Modules (TPM) enable secured remote software updates, disc encryption, and user authentication.

They are important for connected industrial, automotive, and other embedded devices. To further facilitate seamless integration in Linux-based systems, Infineon Technologies AG now provides its OPTIGA TPM 2.0 solution with a comprehensive TSS* host software implementing the latest FAPI standard. Infineon has developed the open-source software jointly with Intel Corporation and Fraunhofer Institute for Secure Information Technology SIT.

By using Infineon’s plug-and-play OPTIGA TPM 2.0, IoT system integrators can improve the security of connected products. Per the company, software integration with TSS-FAPI does not require specific skills in low-level security specifications and reduces source code development by a factor of up to 16. Manufacturers can accelerate the process for certifying their industrial devices according to the IEC 62443 standard for industrial applications, which requires hardware-based safety from level 4 upwards.

The FAPI specification has been released recently as an international standard by the Trusted Computing Group (TCG). The specification is implemented in the TSS stack 1 together with the associated tools and plug-ins. The TSS stack is open-source software, which allows seamless integration of the TPM 2.0 in Linux-based systems. This includes the support of typical Linux software for device authentication, data encryption, software updates, and remote device management.

In addition, the FAPI enables the native support of the PKCS#11 standard as a generic interface for user authentication, single sign-on, and e-mail encryption/signing. The FAPI provides a default configuration for cryptographic functionalities, system integration, and automated processing of security mechanisms.

According to the company, the OPTIGA TPM acts as a vault for sensitive data in connected devices and lowers the risk of data and production losses due to cyberattacks. Infineon’s TPMs are certified by independent certification bodies according to Common Criteria, an international set of guidelines and specifications developed for evaluating information security products. The TSS stack including the recent FAPI has been verified with the Infineon TPM portfolio to achieve compliance and interoperability.

Application developers can use the OPTIGA TPM SLB 9670OPTIGA TPM SLI 9670, and OPTIGA TPM SLM 9670 Iridium boards, and TSS Quickstarter offered by Infineon to get started right away. Board and source code packages for the Infineon AURIX as well as for Arduino microcontrollers are available now.

More information about Infineon’s OPTIGA TPM is available at

More information about the Github Project (including the downloadable code) is available here.

*TSS – TPM Software Stack 3; FAPI – Feature API as specified by the Trusted Computing Group 2

Tiera Oliver, Associate Editor for Embedded Computing Design, is responsible for web content edits, product news, and constructing stories. She also assists with newsletter updates as well as contributing and editing content for ECD podcasts and the ECD YouTube channel. Before working at ECD, Tiera graduated from Northern Arizona University where she received her B.S. in journalism and political science and worked as a news reporter for the university’s student led newspaper, The Lumberjack.

More from Tiera