Security module includes PQC-protected firmware update mechanism

The OPTIGA™ TPM SLB 9672 and SLB 9673 trusted platform modules from Infineon provide a solid foundation for securely establishing the identity and software status of connected devices, and for protecting data integrity and confidentiality.

Advanced technology from Infineon provides OEMs with a solution for protecting connected devices from the security threats of tomorrow as well as today. The OPTIGA™ trusted platform module (TPM) SLB 9672 FW16 is a future-proof security solution which includes a post-quantum cryptography (PQC) protected firmware update mechanism optimized for IoT networks and embedded control devices.  

 

The SLB 9672 FW16, which has a serial peripheral interface, is intended for use in smart building systems, network infrastructure, and industrial automation. A member of the same family of TPMs, the SLB 9673, which has an I2C interface, fits a wider set of applications: health and lifestyle devices, renewable energy and smart mobility, as well as smart building systems, network infrastructure, and industrial automation.  

 

The SLB 967x TPMs use eXtended Merkle Signature Scheme (XMSS) signatures, a mechanism which counteracts the threat of firmware corruption by attackers who have access to quantum computers, and increases the chances of the long-term survival of the device by enabling a quantum computing-resistant firmware upgrade path.  

 

The OPTIGA TPMs provide a unique ID. This is required to monitor IoT devices on connected networks for application security and ease of maintenance. The unique ID cannot be erased. 

 

The OPTIGA TPM SLB 9672 and SLB 9673 also offer a firmware update mechanism which has a 256-bit key length, along with an additional check based on PQC. With this strong and trusted update mechanism, the TPM can be updated even if the standard algorithms are no longer trusted. The design allows for improvements in computing performance, providing fail-safe features which counteract the effects of corrupted firmware. For instance, the TPM firmware can be recovered in accordance with the NIST SP 800-193 platform firmware resilience guidelines. 

 

This TPM also provides a large non-volatile memory to store features such as additional certificates and cryptographic keys. Security evaluation and certification are performed by independent bodies according to the Common Criteria and FIPS requirements. The new TPMs also fully comply with the Trusted Computing Group (TCG) requirements specified in the TPM 2.0 standard version 1.59, and are certified according to the latest TPM 2.0 standard. 

 

The module is also available in another version: the OPTIGA TPM SLB 9672 FW15 is the preferred choice for Microsoft Windows environments and ecosystems, and connected devices which have a PC architecture. 

Features

  • Support for multiple cryptographic algorithms:  
    • RSA-4096  
    • AES-128 
    • AES-192 
    • AES-256 
    • ECC NIST P384 
    • SHA2-384 
  • Ten-year longevity commitment 
  • Support and maintenance through  
    Infineon security partner network  
  • Operating-temperature range:  
    -40°C to 105°C 

Applications

  • Printers 
  • Industrial robots  
  • Programmable logic controllers  
  • Surveillance cameras  
  • Network infrastructure  
    • Routers 
    • Switches 
    • Access points 
    • Gateways 
    • 5G equipment 
  • PCs 
  • Servers 
  • IoT devices 
  • Renewable energy generation equipment 
  • Smart mobility applications 
  • Health and lifestyle monitoring devices 
Extra_FTMIssue62024_Infineon_OPTIGA_TPMSLB9672-

Evaluation Kit

Part supported: OPTIGA TPM SLB 9672 

Kit part number: TPM9672FW1523PCEBTOBO1 

The OPTIGA™ TPM SLB 9672 PC evaluation board is an ideal way for developers to become familiar with a ready to use trusted platform module (TPM). 
A plug-and-play system, the OPTIGA TPM SLB 9672 Kit connects to the SPI interface on a PC motherboard. Designers can easily test and validate the integration of the SLB 9672 into platforms running on various Windows and Linux operating systems.  

 

Host software and application guides can be downloaded from GitHub 

 

Key features include:  

  • 3.3 V or 1.8 V power supply 
  • 20-pin SPI connector with 50 mil/1.27 mm pin spacing  
  • Reset input from motherboard 

 

Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. 

 

Introduction to OPTIGA TPM, at:  

FTM Board Club

Sign up for access to exclusive development boards, an essential tool for many innovative design projects.

*Available to pre-qualified EMEA customers only.

Related Articles

STMicroelectronics — STSAFE-A110 Secure Element
This STSAFE-A110 Secure Element by STMicroelectronics provides a certified solution for asset authentication...
Read More
Susumu — RG and URG Series Resistors
RG and URG series resistors from Susumu maintain tight tolerance in challenging conditions, including...
Read More
I-PEX — MHF I LK and MHF 4L LK Micro-RF Connectors
I-PEX has introduced the first micro-RF connectors to include a locking feature to increase retention...
Read More

Subscribe to our newsletters

Subscribe to Future Electronics

Get access to the latest product information, technical analysis, design notes and more

Choose your region