SINGAPORE, Nov. 15, 2018 /PRNewswire/ -- A strong interest in enhancing the security of IoT, IIoT, Industry 4.0 and automotive applications has led to an open source software stack for Trusted Platform Module (TPM) 2.0 -- a standardized hardware-based security solution for securing industrial, automotive and other applications such as network equipment. This is the first open source TPM middleware that complies with the Software Stack (TSS) Enhanced System API (ESAPI) specification of the Trusted Computing Group (TCG).
The release of the TPM 2.0 ESAPI stack speeds up the adoption of TPM 2.0 in embedded systems and simplifies the integration of TPM 2.0 in all kinds of applications. The ease of integration on Linux and other embedded platforms provide significant value to the open source community.
Besides making the TSS ESAPI layer available to everyone, Infineon Security Partner Network (ISPN) offers a wide variety of software libraries meeting the requirements of different applications and target platforms supported by security experts of ISPN.
Based on the ESAPI layer, the stack includes support for OpenSSL. It can use the Infineon OPTIGA™ TPM to protect device communication secured with SSL/TLS via a standardized interface by deploying TPM 2.0 as a secured key store for OpenSSL. It thus protects the keys from vulnerabilities like the famous Heartbleed bug.
The TSS stack and ESAPI layer are published under the permissive 2-clause BSD license, which provides high flexibility and increases adoption. The ESAPI has been designed and validated by a wide community to achieve a high level of quality and stability, as is required in modern embedded and IoT systems. With industrial and automotive customers in mind, the code was developed using industry standards, continuous integration and testing, a thorough two-person review process, and static code analyzers like clang and Coverity™. In addition, the stack was tested and evaluated on Infineon OPTIGA™ TPM SLB 9670 with the latest TPM specifications. Future enhancements will include support for Cryptsetup/LUKS disk encryption and a version featuring ESAPI support for TPM tools.
Availability
Application developers can use Infineon's OPTIGA™ TPM SLB 9670 Iridium boards and download the TSS code via Github to get started.
More information about Infineon's OPTIGA™ TPM is available: www.infineon.com/TPM.
More information about the Github Project (including the downloadable code) is available here.
