As the number of devices connected to the cloud grows, the cybersecurity threats have rapidly become a top concern especially the risk posed by a compromised identity and credentials.
Thus, it is essential and crucial to strengthen IoT device identity such that it can be verified and connected to cloud securely.
Infineon provides OPTIGA™ TPM that complies with FIPS 140-2 and CC (Common Criteria) EAL 4+ harden device identity and authentication. Each Infineon OPTIGA™ TPM chip has a unique and secret Endorsement Key (EK) burned in as it is produced. The EK can be used as a secured hardware root of trust to authenticate the identity of the device. The Azure Device Provisioning Service (DPS) uses the public part of the EK (EK_pub) to identify and enroll devices such that device vendors can provide a just-in-time deployment without touching every single device one by one. The device vendors can upload the EK_pub to the DPS so that the device will be recognized when it connects to provision.
To enrol TPM at scale, the EK_pub has to be read during manufacture or final testing so that the list of EK_pub can then be uploaded to the DPS. Nevertheless, the process to read the EK_pub might not be easy to those who are not familiar with TPM. Thus, Avnet provides a one-stop service to simplify the process to enable zero-touch provisioning for edge device using Infineon OPTIGA™ TPM.
The service allows customers to receive TPM bundled with a list of EK_pub thereby reducing the total cost and time to market. The EK_pub of TPM chips will be read to store to a whitelist associated to a specific reel. The specific TPM reel will then be delivered by Avnet to a customer. The customer can then download the EK whitelist associated with the received reel from the secure FTP before uploading them to the DPS.
Service Process
Main image for SOP of TPM provisioning service. Video for auto-enrollment of Azure with TPM EK.
Related products/ solutions
- KITs EKTPM2.0VQFW7.85: SLB 9670VQ2.0 FW7.85 & Whitelist file
- KITs EKTPM2.0AQFW13.11: SLM 9670AQ2.0 FW13.11 & Whitelist file
Infineon
SLB9670VQ2.0FW7.85
The SLB9670VQ2.0 (OPTIGA™ TPM-Trusted Platform Module) offers a broad portfolio of standardized security controllers to protect the integrity and authenticity of embedded devices and systems.
Let's talk
Connect with an expert to talk about your unique needs and how Avnet and Infineon can help.
Contact us