TPM 2.0 with open-source software stack cuts down security integration efforts in industrial, automotive and IoT applications - IoT global network

Press Releases

TPM 2.0 with open-source software stack cuts down security integration efforts in industrial, automotive and IoT applications

March 19, 2021

Posted by: Anasia D'mello

Trusted Platform Modules (TPM) enable secured remote software updates, disc encryption and user authentication. Hence, they are crucial for connected industrial, automotive and other embedded devices.

To further facilitate seamless integration in Linux-based systems, Infineon Technologies AG now provides its OPTIGA™ TPM 2.0 solution with a comprehensive TSS* host software implementing the latest FAPI standard. Infineon has developed the open-source software jointly with Intel Corporation and Fraunhofer Institute for Secure Information Technology SIT.

By using Infineon’s plug-and-play OPTIGA TPM 2.0, IoT system integrators can significantly improve the security of connected products. Software integration with TSS-FAPI does not require specific skills in low-level security specifications and reduces source code development by a factor of up to 16.

Therefore, expenses and time to market can be reduced. Additionally, manufacturers can accelerate the process for certifying their industrial devices according to the IEC 62443 standard for industrial applications, which requires hardware-based safety from level 4 upwards.

The FAPI specification has been released recently as an international standard by the Trusted Computing Group (TCG). The specification is implemented in the TSS stack together with the associated tools and plug-ins. The TSS stack is open-source software, which allows seamless integration of the TPM 2.0 in Linux-based systems. This includes the support of typical Linux software for device authentication, data encryption, software updates and remote device management.

In addition, the FAPI enables the native support of the PKCS#11 standard as a generic interface for user authentication, single sign-on and e-mail encryption/signing. The FAPI provides a default configuration for cryptographic functionalities, system integration and automated processing of security mechanisms according to the latest state-of-the-art and industrial best-practices.

The OPTIGA TPM acts as a vault for sensitive data in connected devices and lowers the risk of data and production losses due to cyberattacks. Infineon’s TPMs are certified by independent certification bodies according to Common Criteria, an international set of guidelines and specifications developed for evaluating information security products. The TSS stack including the recent FAPI has been verified with the Infineon TPM portfolio to achieve compliance and interoperability.

Comment on this article below or via Twitter @IoTGN