2-TPM_Module-一种TPM芯片介绍

Trusted Platform Module Trusted Platform Module (TPM) 1.2 Solution Ryan Wu Sr. Application Engineer AIM ADS SEC Ryan.wu@infineon.com +886-912439799 Infineon’s TPM 1.2 RoadmapInfineon’s TPM 1.2 Roadmap Infineon’s TPM 1.2 HardwareInfineon’s TPM 1.2 Hardware Infineon’s TPM 1.2 BIOS SupportInfineon’s TPM 1.2 BIOS Support Infineon’s TPM 1.2 SolutionInfineon’s TPM 1.2 Solution Table of contents Trusted Platform Module (TPM) 1.2 ToolingTrusted Platform Module (TPM) 1.2 Tooling Infineon’s TPM 1.2 Solution Overview Infineon’s TPM 1.2 Solution Overview TPM Block Diagram Trusted Platform Module (TPM) 1.2 Secure Controller (16bit CPU) RAM (12 KB) Active shield +Sensors (voltage,freq) ROM (208 KB) EEPROM (68 KB) Asymmetric Key Generator Advance Crypto Engine (RSA) up to 2048bit True RNG (TRNG) Active Shield LPC I/O Support Intel LT architecture LPC extensions HASH (SHA1,MD-5) Tick Counter Memory Controller HUB (MCH) I/O Controller HUB (ICH) Firmware HUB (FWH) CPU LPC Super I/O Controller Serial Port Parallel Port PS/2 Mouse PS/ 2 Keyboard Diskette Drive Connector LPC Bus, 33MHz Trusted Platform Module (TPM) 1.2 AHA Bus System Bus SMBus PCI Bus Infineon’s TPM 1.2 Solution Overview PC Motherboard Block Diagram Infineon TPM Solution Overview BIOS Drivers and TCG Software Stack (TSS) 2.0 Applications TPM-CSP MS-CAPI/ PKCS#11 TCSPI TSS Core Service TPM Device Driver TPM SLB 9635 TT 1.2 TPM-OS and Application LPC Extension MP BIOS TPM-DD PC-BIOS w/ TPM/TPS BIOS-API MA BIOS TPM-DD Boot-BIOS Infineon Application & Management Software TPM Device Driver Library TDDLI TSPI TSS Service Provider Infineon Host Software 2.0 Enhancements „ Main Features Enhancements – WLAN support for enterprise and peer-to-peer environments – Smart Card and Secure USB Token Support – Support of TCG Main Specification 1.2 – Enhanced Management Functionality (Infineon API) – Biometric Fingertip Sensor Support – PKCS#12 Support – Users Password Recovery Infineon’s TPM 1.2 Hardware Overview “SLB9635TT1.2” Infineon’s TPM 1.2 Hardware Overview Integrated Circuit Diagram PSD TSS Core Service TPM Device Driver TPM SLB 9635 TT 1.2 TPM Device Driver Library TSS Service Provider TPM-CSP MS-CAPI/ PKCS#11 Infineon API Infineon Application Customer Application Infineon's TPM 1.2 will be certified at Evaluation Assurance Level (EAL) 4 Medium at TÜViT Labs in Germany • Small Low profile TSSOP-28 package • Green package P-TSSOP-28-1 Outline 62mm² Board Space Footprint of TSSOP-28-6 and TSSOP-28-2 A1 B L e A2 TSSOP28-2 A1 --- A2 6.1mm B 0.4mm L 1.3mm e 0.65mm TSSOP28-6 Packaging as specified in the TCG PC Client Specification 1.2 A1 7.8mm A2 --- B 0.4mm L 1.3mm e 0.65mm GND GPIO PACCESS TestI TestIO/BADD 3V GND 8 9 10 11 12 13 14 1 2 3 5 6 7 4 21 20 19 18 17 16 15 28 27 26 24 23 22 25 LCLK LAD2 3V GND LAD3 LRESET CLKRUN LPCPD* SERIRQ LAD0 3V LAD1 LFRAME GND XTALI/32k XTALO 3VSB GPIO * LPCPD – Must be connected to active signal + Pin as specified in TCG PC ClientSpec1.2 TPM 1.2 : Typical Schematic Comparison of SLD 9630 TT 1.1 and SLB 9635 TT 1.2 Features SLD 9630 TT 1.1 SLB 9635 TT1.2 TCG Compliant TCG1.1B TCG1.2 Number of PCR’s supported 16 24 Transport Protection No Yes Dictionary attack prevention No Yes Owner Delegation No Yes Number of GPIO pin supported 0 2 LPC Extensions Interface Support No Yes Hardware Hash Accelerator Yes Yes True Random Number Generator (TRNG) Yes Yes Power-saving Sleep Mode Yes Yes Single 33 MHz Clock Yes Yes Real-time Clock with External Battery No Yes Pin-out Compliant to TCG TPM Interface Specification No Yes Security Features Yes Yes Based on High-secure Chip Card Controller Yes Yes w/3x Faster Core Certifications EAL3 EAL4 Medium (Targeted) Locality Support No Yes Power Down Support (LPCPD#) Yes Yes CLKRUN# Support Yes Yes Firmware Flied Upgrade Capabilities Yes Yes Non-Volatile Storage for Manufacturers and Owners No Yes Advanced Crypto Engine (ACE) with RSA support up to 2048 bit key length Yes Yes Infineon Hardware Support TPM 1.2 Evaluation Board „ Krypton 1.0 – Supports Infineon’s TPM 1.2 – Designed for Desktop & Mobile PCs – BADD and PP Jumpers – Selectable On board Crystal or External Clk. – Build-in LED’s for GPIO – Application Note LCLK LFRAMEn LRESETn LAD3 VCC (3.3V) LAD0 NC VSB GND LPCPDn GND Key NC LAD2 LAD1 GND NC SERIRQ CLKRUNn NC PSD TSS Core Service TPM Device Driver TPM SLB 9635 TT 1.2 TPM Device Driver Library TSS Service Provider TPM-CSP MS-CAPI & PKCS#11 IFX API IFX Application Customer Application Pin Out of LPC Connector TPM 1.2 Evaluation Board - Schematics Infineon’s TPM 1.2 PC BIOS Support TPM-BIOS-Driver Development Goals „ Customer support for TPM-SW-Integrate into the BIOS – Provide two drivers namely Memory Absent (MA) Driver and Memory Present (MP) Driver for Static Core Root of Trusts Measurement (S-CRTM) access through Locality 0. – Interfaces for these drivers are based on the TCG PC Client Specific Implementation Specification For Conventional BIOS. – Both drivers provide a standard object format to the BIOS vendor. „ Total TPM device initialization. „ Handling for all communication errors. „ Enclose the TPM-Vendor specific protocol handling. „ Integration of the basic TPM-I/O-Functions. „ Support of both 16bit and 32bit MA/MP drivers. TPM-BIOS-Driver System Software Overview Application (BIOS) Measured data MA or MP-Driver module Control-Functions TPM-Protocol-Functions PCI-ChipSet-Control TPM-Control-Tools TPM-Base-I/O TPM 1.2 Device Main-Board- Chipset MA or MP - Driver Interface TPM-BIOS-Driver (MA-Driver) Interface Overview „ MAInitTPM: First call to initialize the driver and then TPM device „ MAHashAllExtendTPM: This function hashes the first BIOS area to establish the RTM „ MAPhysicalPresenceTPM: This function represents the PhysicalPresence operation of the TPM-FW operation set TPM-BIOS-Driver (MP-Driver) Interface Overview „ MPInitTPM: First call to initialize the driver and then the TPM device „ MPCloseTPM: Closes a connection in the TPM device „ MPGetTPMStatusInfo: Reads the current status info from the TPM device „ MPTPMTransmit: Transmits the data from the input buffer to the TPM and reads the response from the device Infineon’s TPM 1.2 Roadmap TPM Server Migration v1.0 Smart Card support prep. server based migration System Roadmap TPM Solution discontinued available in development new idea 2006Available Hardware HW: ES Ramp up SW: RC Final SLB 9635 TT 1.2 0.22 µm 208 kB ROM,12 kB RAM, 68 kB E²PROM ÂCE @ 33MHz 3DES / HACO TCG V1.2, LPC, Firmware SLB 9635 TT 1.2 0.22 µm 208 kB ROM,12 kB RAM, 68 kB E²PROM ÂCE @ 33MHz 3DES / HACO TCG V1.2, LPC, Firmware TPM Management SW Windows Based* 2007 Preliminary TPM Linux Prof. Package Stack Compliant to TCG v1.2 Server / Linux TPM Professional Package: Desktop Management for Notebooks and Desktop PCsTPM Professional Package: Desktop Management for Notebooks and Desktop PCs v2.5 TSS v1.2, 32 bit, more ISV integration D Attack v2.5 TSS v1.2, 32 bit, more ISV integration D Attack v2.5 SP1 Separate for 32 and 64 bit deployment USC 1.5 Application Suite v3.0 Vista ready Server support 64bit Add. Languages Application Software USC 2.0 Application Suite TPM Linux Prof. Package Management Application Examples 3rd party trusted OS: Xen virtualization Trusted Linux, Micro Kernel (embedded USC 3.0 Application Suite Infineon’s TPM 1.2 Solution Highlights and Unique Features „ TSSOP-28-2 Package ƒ Pin compatible to TSSOP-28-6 but optimized for notebooks and other low power devices ƒ Easy system notebook and desktop integration „ TCG Security Target ƒ Common Criteria v3.0 EAL 4 Medium* ƒ TCG standard compliant and secure „ Personalized with Endorsement Key (EK) Credential ƒ Personalization provided according to the TCG specification ƒ No EK creation by PC manufacturer required „ Secure firmware field update ƒ Update systems in the field to upgrades of the specification ƒ Remote error handling process ƒ Secure firmware update process is evaluated during security evaluation ƒ Provides system and TCG maintenance flexibility and security risk reduction * CC v3.0 certification is dependent on the completion of the TCG Protection Profile Trusted Platform Module (TPM) 1.2 Tooling TPM 1.2 Tooling „ Manufacturing Tool (Tool4TPM) – Allows TPM on Mother board to be tested under DOS base command – Tools can be modified via C programming. „ BIOS Simulation Tool – For platform without TPM-Enable BIOS. – Used for Enabling, Activating and to Set PhysicalPresence Flag „ BIOS Driver Tool – Provides the MA/MP library for BIOS integration. „ SDK – TPM Integration SDK – TPM Administration Kit – TPM Enhanced Authentication SDK. „ Secure Field Upgrade Tool – Allows TPM Firmware to be updated in the field TPM 1.2 Documents „ 1. Chips a. Infineon TPM SLB9635TT1.2 Databook Rev.1.0_print.pdf b. Infineon TPM SLB9635TT1.2_ErrataAndUpdates.pdf c. Infineon TPM SLB9635TT1.2 Basic Manufacturer App Note.pdf „ 2. BIOS a. IfxTPMBiosDrv32_BiosGuide v2_00_0000.pdf „ 3. Software a. IFX_TPM_Professional_Package_ ReleaseNotes.pdf b. IFX_TPM Driver Package2.5 - Release Notes_IFX.pdf c. SPI v1 0_TPM Professional Package v 3 0.pdf „ 4. DA a. SLB9635TT1.2_AN_DictionaryAttackDefense.pdf „ 5. Others a. Trusted Computing Starter Trusted Computing Overview.pdf b. Trusted Computing Anwendungen; Language: German Trusted Computing Anwendungen.pdf c. An Overview: The TCG Trusted Platform Module Specification Basic Knowledge EC2004.pdf d. Overview about Security Conformance Common Criteria Certificate Documents Security Conformance Common Criteria Certificate.pdf e. White Paper: TPM Common Criteria Security Evaluation White paper Security Conformance.pdf f. The TPM 1.1 Security Conformance Certificate TPM Security Certificate.pdf g. The full TPM1.1 Security Conformance Report according to Common Criteria TPM Security Certification Report.pdf h. Protection Profile (Common criteria) of the Trusted Platform Module TPM 1.1 PP_TCPATPMPP_V1.9.7.pdf i. TPM 1.2 Product Brief tpm1.2-hardware-pb.pdf j. TPM Professional Package Product Brief tpm1.2-software-pb.pdf k. Linux and Open Source activities for Trusted Computing and TPM applications pen Source TPM Support.pdf Table of contents Infineon’s TPM 1.2 Solution Overview �TPM Block Diagram Infineon TPM Solution Overview �BIOS Drivers and TCG Software Stack (TSS) 2.0 Infineon Host Software 2.0 Enhancements Infineon’s TPM 1.2 Hardware Overview�Integrated Circuit Diagram P-TSSOP-28-1 Outline�62mm² Board Space Footprint of TSSOP-28-6 and TSSOP-28-2 TPM 1.2 : Typical Schematic Comparison of SLD 9630 TT 1.1 and SLB 9635 TT 1.2 Infineon Hardware Support�TPM 1.2 Evaluation Board TPM 1.2 Evaluation Board - Schematics TPM-BIOS-Driver �Development Goals TPM-BIOS-Driver �System Software Overview TPM-BIOS-Driver (MA-Driver) �Interface Overview TPM-BIOS-Driver (MP-Driver)�Interface Overview System Roadmap TPM Solution Infineon’s TPM 1.2 Solution �Highlights and Unique Features TPM 1.2 Tooling TPM 1.2 Documents