Paul KissingerIntroduction in LetsTrust:
Before LetsTrust came into existence, setting up a TPM (Trusted Platform Module) development environment was a daunting challenge. In 2017, TPM chips were a rarity in the market, only available in large quantities with a "Minimum Quantity Order" (MQO) of 20,000 chips per order. Even worse, PCs and laptops with integrated TPMs were not only expensive, starting at a minimum of €800, but the manufacturers had limited the functionality of these TPMs, making them less versatile.
This created what we call the "chicken-and-egg problem." Without accessible TPM hardware, developers had few incentives to work on open-source TPM software. Conversely, there was little motivation to integrate TPMs into systems without robust TPM software support. Moreover, developing TPM software on a personal machine risked compromising the sensitive data stored within the TPM, an unacceptable scenario for productive systems.
LetsTrust was established to break this cycle. Our mission was to provide accessible TPM chips, essential for enhancing the security and integrity of computer systems. These chips facilitate encryption, key management, and secure identity verification, making them vital components in the quest for trustworthy computing.
In the academic and maker communities, LetsTrust-TPM quickly gained popularity. It offered an affordable solution, allowing developers, students, and hobbyists to embark on security-related projects and explore TPM technology without the burdensome cost and complexity associated with traditional setups. An initial TPM setup involving a Raspberry Pi, power supply, SD card, and TPM board could cost approximately €100.
LetsTrust-TPM2Go:
With LetsTrust-TPM2Go, we take our mission to the next level, further simplifying TPM usage and making it even more accessible. Our primary goal is to reduce costs and eliminate the need for additional hardware like the Raspberry Pi, revolutionizing how TPM technology is utilized. We're committed to empowering developers, providing them with a straightforward pathway to unlock the full potential of TPMs in their projects.
LetsTrust-TPM2Go utilizes a USB 2.0 interface, enhancing versatility and expanding compatibility. This innovative design seamlessly integrates with the TPM Software Stack (TSS). LetsTrust-TPM2Go, also known as LTT2Go, is recognized as a TPM Command Transmission Interface (TCTI) device within the TSS ecosystem.
It's important to highlight that, currently, LetsTrust-TPM2Go does not meet the TPM requirements for Windows 11. Therefore, it is primarily compatible with Linux systems (with expected compatibility with Mac, though untested).
Feature List - LetsTrust-TPM2Go:
- Infineon Optiga™ SLB 9672 TPM 2.0 FW15.23:
- TCG Spec 2.0 Rev. 01.51
- USB 2.0 to SPI Bridge based on CY7C65211A
- Compatibility with libusb
- Unique USB VendorID/ProductID
- Tested with https://github.com/tpm2-software/
- TCTI-Driver Integration In TSS (TCTI, TPM Command Transmission Interface)
- Dual LEDs: One for "USB-RX/TX action" and another for giving you feedback through an TPM-GPIO.
- Transparent ABS Housing for the PCB: Peek inside without any worries about damaging the internals.
- Designed, Manufactured and Tested in Bavaria, Germany: Quality and reliability are at the forefront, proudly crafted in Bavaria.
- Secure Firmware Update with XMSS: The SLB9672 TPM features an XMSS-secured firmware update mechanism, providing an extra layer of security even during updates. XMSS is renowned for its Post-Quantum Cryptography (PQC) safety, and all TPM updates are signed using this scheme.
Conclusion:
LetsTrust-TPM2Go has been available since August 2023. The ideas and contributions from the www.tpm.dev community have unveiled even more possibilities beyond simplifying development in academic environments or for security enthusiasts.
Potential additional uses include:
- Retrofitting Older Linux-based hardware with USB Interface, Routers, or Servers: LetsTrust-TPM2Go can breathe new life into older Linux-based hardware, enabling secure functionality through its USB interface. It's also a valuable addition to routers and servers.
- Virtual Machines: LetsTrust-TPM2Go can be seamlessly passed from the host to virtual machines, eliminating the need for software TPMs within VMs. This enhances security and functionality in virtualized environments.
- Accelerating Prototyping and Proof-of-Concept Development: When assembling a Proof of Concept (PoC), LetsTrust-TPM2Go can be a game-changer. It allows you to utilize TPM functionality via USB instead of relying on SPI or I2C interfaces, streamlining early-stage development and testing.
LetsTrust-TPM2Go represents not just a tool for simplifying TPM usage but also a versatile solution that adapts to various scenarios, offering enhanced security and ease of use. Its availability has opened up exciting possibilities for a broader range of users and applications.
Orders are open and LetsTrust-TPM2Go can be found here: https://buyzero.de/products/letstrust-tpm2go