STMicroelectronics — ST33KTPM2X TPM Security Device

The STSAFE-TPM TPMs, which have long been used to provide security protection in enterprise PCs, servers and workstations, defend connected devices against a wide range of threats. Independent validation allows for compliance with security regulations mandated to manufacturers which supply equipment to government organizations.  

Alongside the ST33KTPM2X and ST33KTPM2I TPMs, a standard version of the TPM-provisioned IDevID and IAK identities, as well as manifest files of device certificates provided securely to customers to support white-listing or registration into their networks, is also now available from ST. 

The new TPMs offer improved performance, enhanced security, and increased memory capacity, giving manufacturers the capability to adapt to the growing severity of security challenges to connected products. These security chips are suitable for functions including:  

• Platform trusted identity  

• Device health attestation  

• Anti-counterfeiting  

• Protection and provisioning of keys and critical data  

• 199 kbytes of secure storage  

• Cryptography 

• TLS secure channel communication 

• Self-recovery 

The device has independently verified security status according to Common Criteria EAL4+, Trusted Computing Group (TCG), and the US Federal Information Processing Standard (FIPS) 140-3 specifications.  

For integration into product designs, the ST33KTPM2X and ST33KTPM2I are compatible with the Windows and Linux® operating systems, and the TCG TPM software stack. They support firmware upgrades for the addition of new standard features and cryptography capabilities. These include post-quantum cryptography, as added to the TPM specifications by the TCG.  

The upgrade function is double-buffered: this ensures that an upgrade completes successfully, and acts as a back-up when the latest image is upgraded (or factory-installed) twice. 

The ST TPMs are backed by a dedicated evaluation board, the STPM4RasPIV21. This is an extension board for connecting the ST33KTPM TPM chips to Raspberry Pi boards, or to an STM32 microprocessor development kit such as the STM32MP157F-DK2 or STM32MP135F-DK. Example code for STM32 MCUs is also available. 

The board is for product evaluation, use case development and design integration. The STPM4RasPIV21 is shipped with one trusted platform module soldered to the board. The STPM4RasPIV21 includes:   

• 26-pin female connector to plug on Raspberry Pi or STM32MPx-DK boards 

• I2C or SPI configurable interface 

• Reset button to reset the TPM device without a platform restart 

• 26-pin male connector to ease probing and to plug to the same or another extension board