Group Actions
Engagement
  • Author Author: Jan Cumps
  • Date Created: Date Created
  • Views 2060 views
  • Likes 4 likes
  • Comments 2 comments
Related
Recommended

Infineon SLx9670 Trusted Platform Module (TPM) on Debian 11 "bullseye" - part1: OS and Azure Cloud validation

Jan Cumps

Follow up for these 2 posts:

The latest Raspberry OS at the time of writing this post is Debian 11 "bullseye".
I'm checking how the Infineon TPM IC behaves under that version.
In this 1st part, I'm checking if 

  • the OS recognises it, and
  • can I retrieve the info needed to authenticate on Azure Cloud

The next post will handle the TSS (Trusted Software Stack) software libraries and utilities.

OS support

This is easy. After writing bullseye lite to the SD card (I used 32 GB), I just have to edit the boot partition's config.txt, and add:

dtparam=spi=on
dtoverlay=tpm-slb9670

This is exactly the same as for the previous OS version.
The device shows identical too:

image

The /dev/tpm0 character device shows. That means that the driver is loaded, and that the hardware is detected.
All TPM and TSS APIs are dependent on this. Having this working is essential.

Azure Cloud Provisioning

I'm using the Azure instructions, just like in  my road test review.
My goal is to check if I can build the Azure C SDK, and have the provisioning tool talk to the TPM IC and retrieve authentication info.

The instructions miss a step, to create directory azure-iot-sdk-c/cmake.
I'll create a pull request for the Azure GIT repo, with a fix.

Success: the Azure SDK can talk to the SLB9670 and retrieve the authentication information.

image

Good news so far. The core functionality is available.
I'll now go and try build the TSS parts...

The Python SDK with On Semiconductor RSL10 BLE article series Industry
part 1: overview and goal
part 2: WiFi Provisioning
part 3: Adding a Module (RSL10)
part 4: Talk BLE to the On Semi RSL10 Sensor Kit
part 5: A Cloud User Experience Example
part 6: Register as a Gateway Device
part 7: Register a Gateway and Client Devices
part 8: Get BLE Image from Camera and Send to Cloud
The NODE-Red SDK article series Industry
part 1: overview and goal
register a Thing and connect to IoTConnect.io cloud
part 2: create an account and log on to the portal
part 3: set up the thing and its interface in the cloud
part 4: set up Node-RED and first exchange
interact with IoTConnect.io cloud
part 5: online dashboard
part 6: rules and alerts
part 7: messages and commands from the cloud
safer connections with certificates
part 8a: safer connect with Self Signed Certificates
part 8b: safer connect with CA certificates Y
commercial and industrial scale: outsource certificate generation and programming to subcontractors and suppliers
part 9a: Outsource Certificate Signing in IIoT Supply Chain Y
part 9b: IIoT supply chain and Certificates - Create Ca Root certificate, Load to IoTConnect Cloud and Validate Y
part 9c: IIoT supply chain and Certificates - Create an Intermediate CA Certificate for your Subcontractor Y
part 9d: IIoT supply chain and Certificates - Subcontractor Generates a Thing Certificate for Your Device Y
part 9e: IIoT supply chain and Certificates - Test! Y
commercial and industrial scale: Trusted Platform Module (TPM) Authentication
part 10: Trusted Platform Module (TPM) Security Y
Infineon SLx9670 Trusted Platform Module (TPM) for IoT Security Y
Infineon Trust Platform Module + Raspberry Pi 3 B - Review (road test) Y
Infineon SLx9670 Trusted Platform Module (TPM) on Debian 11 "bullseye" - part1: OS and Azure Cloud validation Y
Infineon SLx9670 Trusted Platform Module (TPM) on Debian 11 "bullseye" - part2: Trusted Software Stack (tss) Y
Infineon SLx9670 Trusted Platform Module (TPM): TSS Programming in C, with cross-compile and remote debug in Eclipse Y
part 11: Act as Gateway with Clients Y
The Automate Device Provisioning and Cloud Configuration article series Industry
Automatic Provisioning with REST API Y