In anticipation of emerging trusted platform module (TPM) product capabilities, as well as requirements for device identification, authentication, encryption, measurement, and device integrity, DoD Components will ensure new computer assets (e.g., server, desktop, laptop, thin client, tablet, smartphone, personal digital assistant, mobile phone) procured to support DoD will include a TPM version 1.2 or higher where required by DISA STIGs and where such technology is available.
US Department of Defence
Instruction NUMBER 8500.01
March 14, 2014
TPM (Trusted Platform Module) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.
What is TPM for? Is it really necessary?
Digital security is the computer equivalent of disaster insurance. Few people care very much about it or give it much thought, and everyone hates paying for it… until a catastrophe hits. Then we are either really glad we had it or really sad that we didn’t have enough of it or didn’t have it at all.
The TPM was designed as one of the core building blocks for digital security solutions. The November 2013 “Report to the President: Immediate Opportunities for Strengthening the Nation’s Cybersecurity” recommends “the universal adoption of the Trusted Platform Module (TPM), an industry-standard microchip designed to provide basic security-related functions, primarily involving encryption keys, including for phones and tablets.” Computers and devices that incorporate a TPM are able to create cryptographic keys and encrypt them so they can be decrypted only by the TPM.
Trusted Platform Module provides:
- A random number generator
- Facilities for the secure generation of cryptographic keys for limited uses
- Remote attestation: Creates a nearly unforgeable hash key summary of the hardware and software configuration. The software in charge of hashing the configuration data determines the extent of the summary. This allows a third party to verify that the software has not been changed.
- Binding: Encrypts data using the TPM bind key, a unique RSA key descended from a storage key.
- Sealing: Similar to binding, but in addition, specifies the TPM state for the data to be decrypted (unsealed).
TPM2 compatibility and firmware update
Our TPM2 modules firmware has been upgraded to 5.63.3144.0 version, which mitigates ROCA vulnerability. We provide TPM2 compatible with 2x10p LPC header and TPM2 compatible with 2x5p LPC header (populated on Librebox platform).
TPM2 module features
Details below refer to models our company has in offer
- Infienon TPM SLB9665TT20FW561XUMA1
- Operating voltage 3-3.3V
- Meeting Intel TXT, Microsoft Windows and Google Chromebook certification criteria for successful platform qualification
- True Random Number Generator (TRNG)
- Full personalization with Endorsement Key (EK) and EK certificate
- Supports the LPC interface and interrupts are communicated with the serial interrupt (SERIRQ) protocol