Infineon Trust Platform Module + Raspberry Pi 3 B - Review

Table of contents

RoadTest: Infineon Trust Platform Module + Raspberry Pi 3 B

Author: redcharly

Creation date:

Evaluation Type: Evaluation Boards

Did you receive all parts the manufacturer stated would be included in the package?: True

What other parts do you consider comparable to this product?: none

What were the biggest problems encountered?: Time

Detailed Review:

Introduction

Hi, I'm Carlo Russo and I want to present this roadtest.
I must immediately thank Randall Scasny and Daniel Zima for their patience. This roadtest was in fact published with considerable delay as it is the result of a work that I am doing in the school where I work to spread the culture of IoT and making among my students.
This roadtest is in fact the perfect challenge to verify the ability of my students to understand a technology unknown to them, to get to know it through manuals and reviews (including those of other roadtesters) and to create something personal.

The two students who wanted to face this challenge are Damiano and Radoslaw.
Obviously the conditions weren't the best because we have gone through a very long period of the Covid pandemic with frequent interruptions to face-to-face lessons, so working on the kit was rather difficult.

Complications were also increased by the fact that the two students did not live close by and the opportunities to work together on the board were very few.
However, I want to thank my two students Damiano and Radoslaw for the commitment and energy they have dedicated to this project.

Unfortunately, my support has been rather limited and I have often limited myself to addressing the two guys who had never tested a technology of this type before.
The fact that these students had already been involved in cybersecurity projects made this adventure more useful as they were able to think about practical applications of the board in a cybersecurity context.
After installing and configuring the board, Damiano and Radoslaw checked the functioning of the board and subsequently created a simple interface to manage some of the board's most used commands in a visual and immediate way. They're still working on it.

Unboxing

{gallery}Unboxing

Now Damiano and Radoslaw will talk about their experience with the kit.

Students' work

The first step in our work was to configure the environment.

We installed the Raspian 11 operating system (bullseye).



Then we started the configuration of the Infineon Trust Platform Module using the manuals as a guide.


The first operation is to edit the config.txt file and add the two lines:
"Dtparam = spi = on"
"Dtoverlay = tpm-slb9670".

After restarting the raspberry we ran in console the command “ls /dev/tpm0”

to see if the tpm driver had been enabled.

After running these commands we made the updates and upgrades through the commands “sudo apt upgrade” & “sudo apt update”.

Throughout the installation phase we did not encounter any problems. Once everything was done we did run a test to see if the engine worked.

 

Once we checked that everything worked, we started generating an 8 bytes random number. 

Then we generated random numbers and saved them into files.

Then we wanted to create a seal key and then see if we can see the file.

Later we tried to use the tss2 for encryption but it didn't work (ECC Encryption not yet supported)

 

So we proceeded using the tpm2-tss method that works



Next we tried the ECDSA sign and verify

Then we tried to crypt  an .img file but we had an error "--tpm: unknown option".



So we decided to try again with the next step but  we found an error "Device luks2tpm.img is not a valid LUKS device"

We tried to generate random numbers with the pkcs11 only it didn't work.

Doing pkcs+tab we discovered that the installed version was the pkcs15 so we started looking for the right command but we did not find anything.


These are the opinions of the two students on this work.

Damiano says: "I wanted to try to throw myself into this project as a challenge to myself, I had never used Linux before and I had never had the possibility to use a Raspberry PI, so I thought it could've been fun to try something I had never experienced before. The hardest part for me probably was adapting to a Linux based OS and I'm not sure I actually understand it very well even now, but at least I made some hands-on experience. Near the end of the project I had the Idea to create a program that could showcase some features of the TPM, I was suggested to use Python and so I did, although I had to start from scratch because I had never used it before, but I'm liking it so I'll probably continue to develop this little software because it can always became useful".

Radoslaw says:"I accepted this work because I wanted to test myself with something new. I did not encounter many difficulties in using the Raspberry, and reading various tutorials I managed to move forward. There are several things that I have learned, first of all to have a lot of patience using Linux and also that if one puts them to try sooner or later he will succeed in making everything work".

Conclusions

This roadtest was very important for me because I like to give my students the opportunity to use and test a new technology, study it and find applications.

Damiano and Radoslaw were very "courageous" to try this challenge and they had a lot of patience and put a lot of effort into trying to know and use technologies they did not know before.
I am very happy for the work they done.

I saw a lot of passion and curiosity in Damiano and Radoslaw. They worked hard even in such a complicated period as this one when the pandemic makes every activity very difficult.
They told me they want to continue with the project and, if everything goes as we expect, we may soon have a graphical interface to easily manage the Infineon Trust Platform Module board.
I conclude this roadtest by thanking, together with Damiano and Radoslaw, Infineon and Element14 for the opportunity given to us.

Anonymous