This is a series of questions and answers for our LetsTrust TPM module. If you have an industrial project, and are looking at 100+ units, we’re happy to work with you to modify the product, if necessary. Contact us for details.

Is there the possibility to support the TPM module on the Linux Kernel 3.1? Which kernels support the TPM module?

There is no kernel support for TPM modules on Linux kernel v3.1.

There is an optional TPM support, which you can enable at compile time, for Kernels 4.1 to 4.3, and 4.9+. (the versions 4.4 – 4.8 are damaged and don’t work as expected).

Starting with Raspbian Stretch Kernel 4.14.85, the TPM 2.0 support is built-in. Paul Kissinger provides instructions how to activate it in /boot/config.txt.

We strongly advise you not to try and support the TPM module with your own stack (e.g. on v3.1).

There is, however, the possibility to use a commercial stack from wolfSSL called wolfTPM. This is a stack specifically developed for embedded platforms. It communicates directly with the LetsTrust TPM module over the SPI interface, and does not need kernel support. If you must support the Linux kernel v3.1, this would be  a way to go.

https://www.wolfssl.com/products/wolftpm/

Please note that wolfTPM is free for evaluation use only – if you include it in your product, you must obtain a commercial license from wolfSSL!

Bottom line: either use Kernel v4.9+ or use wolfTPM and pay for it.

How can I support secure boot on my Linux platform?

Raspberry Pi

Please note, secure boot with LetsTrust is NOT possible on the Raspberry Pi platform currently.

This is due to the boot loader (start.elf & bootcode.bin) being closed binaries.

However, if you are looking at serious quantities (10.000+) the Raspberry Pi Foundation will work with you to provide a secure boot solution.

We are happy to help in assisting you with the right contact to the Raspberry Pi Foundation, and support you with hardware.

Other platforms

Your boot loader has to support TPM modules and be able to talk on the SPI port.

Have a look at Das U-Boot – this bootloader supports TPMs.

We recommend our partner Mixed-Mode for more software support and security concepts.

Mixed-Mode is also a member of the ISPN and a long term partner of Infineon.

Where can I get software support, sample code, etc.?

Have a look at letstrust.de for lots of useful links, information, etc:

https://www.letstrust.de/

and more specifically at the GitHub repository of Paul Kissinger:

https://github.com/PaulKissinger/LetsTrust

There is a sample script for basic TPM2 operations here:

https://github.com/PaulKissinger/LetsTrust/blob/master/Scripts/tpm2_all.sh

Again, if you want professional software support for the TPM we recommend to talk to Mixed Mode.

Mixed-Mode is also a member of the ISPN and a long term partner of Infineon.

How can I provision multiple TPMs at once?

We have developed a special carrier board for you to be able to provision up to 15 TPMs at once using a Raspberry Pi.

Please get in touch with us for a quote.