Open source software stack eases security integration, says Infineon
Trusted Platform Modules (TPM) enable secured remote software updates, disc encryption and user authentication in connected embedded devices in industrial and automotive applications. Infineon provides its Optiga TPM 2.0 software stack to facilitate seamless integration in Linux-based systems. The TPM software stack implements the latest feature application programming interface (FAPI) standard. Infineon has developed the open-source software jointly with Intel Corporation and Fraunhofer Institute for Secure Information Technology (SIT).
According to Infineon, using the Optiga TPM 2.0 allows IoT system integrators to “significantly improve” the security of connected products. Software integration with TPM software stack (TSS) -FAPI does not require specific skills in low-level security specifications and reduces source code development by a factor of up to 16, claims Infineon. This can result in reduced time to market as manufacturers can accelerate the process for certifying industrial devices according to the IEC 62443 standard for industrial applications, which requires hardware-based safety from level 4 upwards.
The FAPI specification was released as an international standard by the Trusted Computing Group (TCG). The specification is implemented in the TSS stack 1 with the associated tools and plug-ins. The TSS stack is open source software, which allows seamless integration of the TPM 2.0 in Linux-based systems. This includes the support of typical Linux software for device authentication, data encryption, software updates and remote device management.
The FAPI enables the native support of the PKCS#11 standard as a generic interface for user authentication, single sign-on and email encryption/signing. The FAPI provides a default configuration for cryptographic functionalities, system integration and automated processing of security mechanisms, says Infineon.
The Optiga TPM acts as a vault for sensitive data in connected devices and lowers the risk of data and production losses due to cyber attacks. Infineon’s TPMs are certified by independent certification bodies according to the Common Criteria, an international set of guidelines and specifications developed for evaluating information security products. The TSS stack including the recent FAPI has been verified to achieve compliance and interoperability.
Application developers can use the Optiga TPM SLB 9670, Optiga TPM SLI 9670 and Optiga TPM SLM 9670 Iridium boards and TSS Quickstarter now. There are also board and source code packages for the Infineon Aurix and for the Arduino microcontrollers.