Infineon SLx9670 Trusted Platform Module (TPM) on Debian 11 "bullseye" - part1: OS and Azure Cloud validation

10 Dec 2021

Follow up for these 2 posts:

The latest Raspberry OS at the time of writing this post is Debian 11 "bullseye".
I'm checking how the Infineon TPM IC behaves under that version.
In this 1st part, I'm checking if

the OS recognises it, and
can I retrieve the info needed to authenticate on Azure Cloud

The next post will handle the TSS (Trusted Software Stack) software libraries and utilities.

OS support

This is easy. After writing bullseye lite to the SD card (I used 32 GB), I just have to edit the boot partition's config.txt, and add:

dtparam=spi=on
dtoverlay=tpm-slb9670

This is exactly the same as for the previous OS version.
The device shows identical too:

The /dev/tpm0 character device shows. That means that the driver is loaded, and that the hardware is detected.
All TPM and TSS APIs are dependent on this. Having this working is essential.

Azure Cloud Provisioning

I'm using the Azure instructions, just like in my road test review.
My goal is to check if I can build the Azure C SDK, and have the provisioning tool talk to the TPM IC and retrieve authentication info.

The instructions miss a step, to create directory azure-iot-sdk-c/cmake.
I'll create a pull request for the Azure GIT repo, with a fix.

Success: the Azure SDK can talk to the SLB9670 and retrieve the authentication information.

Good news so far. The core functionality is available.
I'll now go and try build the TSS parts...

The Python SDK with On Semiconductor RSL10 BLE article series	Industry
part 1: overview and goal
part 2: WiFi Provisioning
part 3: Adding a Module (RSL10)
part 4: Talk BLE to the On Semi RSL10 Sensor Kit
part 5: A Cloud User Experience Example
part 6: Register as a Gateway Device
part 7: Register a Gateway and Client Devices
part 8: Get BLE Image from Camera and Send to Cloud
The NODE-Red SDK article series	Industry
part 1: overview and goal
register a Thing and connect to IoTConnect.io cloud
part 2: create an account and log on to the portal
part 3: set up the thing and its interface in the cloud
part 4: set up Node-RED and first exchange
interact with IoTConnect.io cloud
part 5: online dashboard
part 6: rules and alerts
part 7: messages and commands from the cloud
safer connections with certificates
part 8a: safer connect with Self Signed Certificates
part 8b: safer connect with CA certificates	Y
commercial and industrial scale: outsource certificate generation and programming to subcontractors and suppliers
part 9a: Outsource Certificate Signing in IIoT Supply Chain	Y
part 9b: IIoT supply chain and Certificates - Create Ca Root certificate, Load to IoTConnect Cloud and Validate	Y
part 9c: IIoT supply chain and Certificates - Create an Intermediate CA Certificate for your Subcontractor	Y
part 9d: IIoT supply chain and Certificates - Subcontractor Generates a Thing Certificate for Your Device	Y
part 9e: IIoT supply chain and Certificates - Test!	Y
commercial and industrial scale: Trusted Platform Module (TPM) Authentication
part 10: Trusted Platform Module (TPM) Security	Y
Infineon SLx9670 Trusted Platform Module (TPM) for IoT Security	Y
Infineon Trust Platform Module + Raspberry Pi 3 B - Review (road test)	Y
Infineon SLx9670 Trusted Platform Module (TPM) on Debian 11 "bullseye" - part1: OS and Azure Cloud validation	Y
Infineon SLx9670 Trusted Platform Module (TPM) on Debian 11 "bullseye" - part2: Trusted Software Stack (tss)	Y
Infineon SLx9670 Trusted Platform Module (TPM): TSS Programming in C, with cross-compile and remote debug in Eclipse	Y
part 11: Act as Gateway with Clients	Y
The Automate Device Provisioning and Cloud Configuration article series	Industry
Automatic Provisioning with REST API	Y

Top Comments

Parents

Jan Cumps over 3 years ago
Current status: running the Infineon validation program: ELTT2 - Infineon Embedded Linux TPM Toolbox 2 for TPM 2.0.
I've done this before for Avnet's SmartEdge IIOT Gateway. But that was on a Linux build that was customised for that device.

Step 1: get the toolkit and build it

retrieve source from git
```
pi@raspberrytpm:~ $ mkdir infineon
pi@raspberrytpm:~ $ cd infineon
pi@raspberrytpm:~/infineon $ git clone https://github.com/Infineon/eltt2.git
```
build the toolbox:
```
cd eltt2
pi@raspberrytpm:~/infineon/eltt2 $ make
```
Step 2: Test
- Cancel
- Vote Up +1 Vote Down
- Sign in to reply
- More
- Cancel

Comment

Jan Cumps over 3 years ago
Current status: running the Infineon validation program: ELTT2 - Infineon Embedded Linux TPM Toolbox 2 for TPM 2.0.
I've done this before for Avnet's SmartEdge IIOT Gateway. But that was on a Linux build that was customised for that device.

Step 1: get the toolkit and build it

retrieve source from git
```
pi@raspberrytpm:~ $ mkdir infineon
pi@raspberrytpm:~ $ cd infineon
pi@raspberrytpm:~/infineon $ git clone https://github.com/Infineon/eltt2.git
```
build the toolbox:
```
cd eltt2
pi@raspberrytpm:~/infineon/eltt2 $ make
```
Step 2: Test
- Cancel
- Vote Up +1 Vote Down
- Sign in to reply
- More
- Cancel

Children

No Data