Contact Legal Notice
english | deutsch
CorporateKnowledgeProductsSolutionsConsultingDistributorsSupport
TelecommunicationTurayaOpen-Source Developments
TPM Driver for Linux
TPM

Introduction to Trusted Platform Module (TPM)

The security capabilities on computing platforms in general. They define a trusted subsystem, which can be integrated in every computing platform in order to build a secure computing base. These functions are integrated into a Trusted Platform Module (TPM), which can be compared to an integrated smart card containing a CPU, some memory and special applications. The assumption is that the chip is tamper-resistant and mounted on (or integrated in) the motherboard.

The main chip contains a special security controller with some internal, non-volatile ROM for the firmware, non-volatile EEPROM for the data and RAM. Furthermore, it contains a cryptographic engine for accelerating encryption and decryption processes, a hash accelerator and a random number generator (needed to generate secure cryptographic keys).

Linux TPM Kernel Module

We have developed an experimental Linux driver for the Infineon SLD 9630 TT 1.1 / SLB 9635 TT 1.2 LPC Trusted Platform Module (TPM) and released it under  GPL License. One design goal of our TPM driver was to reuse as much as possible of the existing  TPM driver developed by IBM. The driver is realized as a Linux kernel module (tpm_infineon.ko).

The user interface is provided by different applications (UNIX commands) based on a library by IBM called libtpm that converts the commands entered by the user into TPM-specific commands according to the TCG specification. User-level applications communicate with the kernel module using the special character node devices on the Linux file system /dev/tpm. The TPM driver then sends them over the  Low Pin Count I/O (LPC) bus to the TPM using a proprietary protocol.

Under the assumption that the libraries work according to the TCG specification, other TPM manufacturers can be supported by adapting the kernel module to the protocol of the TPM manufacturer. The communication with the TPM is unidirectional, so that either writing or reading is possible. The kernel module reads the data from /dev/tpm, transforms it into the TCG-specific data format and sends it to the TPM-chip which stores it into its FIFO. The TPM will then perform the requested operation and send the data back to the kernel module, which writes it back to /dev/tpm.

Current Status

Since Linux kernel revision 2.6.17, our TPM driver for the Infineon SLD 9630 TT 1.1 / SLB 9635 TT 1.2 has been officially integrated into the Linux kernel sourcetree. Sirrix AG still maintains this TPM driver and updates are available in regular intervals in the context of new Linux kernel revisions. 
© 2008 by Sirrix AG Anmelden