Challenge
The OPTIGA™ TPM enables secured integrity, authentication, and booting of IoT systems. IoT developers don´t need to be familiar with the details of the TPM architecture to implement it. They can use OnBoard Security’s TrustSentinel TSS 2.0 as an easy-to-use middleware solution. So developers can focus on their application instead of learning the intricacies of the hardware to secure their system.
Implementation
Instead of writing their own interfaces to the OPTIGA™ TPM hardware, software developers can use the Trusted Computing Group Software Stack (TSS), which is middleware that provides the core interface and security services framework for any application relying on the TPM. OnBoard Security’s TrustSentinel TSS 2.0 provides a direct interface to the OPTIGA™ TPM chip. IoT developers merely interface their applications with one of TrustSentinel’s three Application Programming Interfaces (APIs) for the TPM, allowing applications to easily and properly utilize the TPM’s advanced security functions.
Benefits for the user
- Using Infineon’s OPTIGA™ TPM allows the secured integrity, authentication, and booting of IoT
- OnBoard Security’s TrustSentinel TSS 2.0 enables applications to work across different operating systems with an easy-to-use middleware solution
- IoT developers only have to concentrate on the interface instead of having to code directly to the TPM
OnBoard Security offers a strict adherence to the standardized Trusted Computing Group (TCG) APIs that are increasingly required by corporations and government agencies. OnBoard Security leads the TSS working group within the TCG, and therefore has a unique understanding of TSS standards, ensuring that TrustSentinel TSS 2.0 operates efficiently and effectively.
TrustSentinel TSS 2.0 provides three easy-to-use APIs, with varying levels of TPM abstraction depending on end application requirements.
- The System API (SAPI) is especially designed for deeply embedded applications and has the smallest footprint.
- The Enhanced System API (ESAPI) is a customized security solution, which can access to all TPM functions and offers the most flexibility.
- A Higher-level Feature API (FAPI), which combines the most commonly, used TPM functions into easy-to-use features.
TrustSentinel TSS 2.0 is written in highly portable C99, simplifying the creation of language bindings to other programming languages (Java, Python, C++, etc.). It has a maximum portability across different Operating Systems and rich context management allows applications to share a TPM without worrying about resource collisions. ESAPI offers encrypted channels to the TPM, preventing side channel attacks and FAPI provides a new level of abstraction that allows programmers to use TPMs without having to be TPM experts.
Key features
- OnBoard Security’s TrustSentinel 2.0 supports TCG Specifications
- Comprehensive testing ensures correct, secured TSS 2.0 behavior regardless of the vendor
- Versions for Linux, Windows and other operating systems Raspbian
- World-class support to properly implement the transitive trust chain
- Most important code security and safety vulnerabilities addressed
Solution Package
- TrustSentinel TSS 2.0 SDK (Development tooling)
- TrustSentinel TSS 2.0 running royalty (S/W)
- KITs TrustSentinel TSS 2.0 & Infineon SLB 9670VQ2.0 FW7.83 (S/W & H/W)
- KITs TrustSentinel TSS 2.0 & Infineon SLB 9670XQ2.0 FW7.83 (S/W & H/W)
- KITs TrustSentinel TSS 2.0 & Infineon SLB 9665TT2.0 FW5.63 (S/W & H/W)
- KITs TrustSentinel TSS 2.0 & Infineon SLB 9665XT2.0 FW5.63 (S/W & H/W)