diff --git a/README.md b/README.md index 3b10c7ab..0216e4bb 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Portable TPM 2.0 project designed for embedded use. * This implementation provides all TPM 2.0 API’s in compliance with the specification. * Wrappers provided to simplify Key Generation/Loading, RSA encrypt/decrypt, ECC sign/verify, ECDH, NV, Hashing/Hmac and AES. -* Testing done using the STM ST33TP* SPI/I2C, Infineon OPTIGA SLB9670, Microchip ATTPM20 TPM 2.0 modules and Nuvoton NPCT650. +* Testing done using the STM ST33TP* SPI/I2C, Infineon OPTIGA SLB9670/SLB9672, Microchip ATTPM20 TPM 2.0 modules and Nuvoton NPCT650. * wolfTPM uses the TPM Interface Specification (TIS) to communicate over SPI. * wolfTPM can also use the Linux TPM kernel interface (/dev/tpmX) to talk with any physical TPM on SPI, I2C and even LPC bus. * Platform support for Raspberry Pi, STM32 with CubeMX, Atmel ASF and Barebox. @@ -74,7 +74,7 @@ There are examples here for Linux, STM32 CubeMX, Atmel ASF and BareBox. The adva Tested with: -* Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB 9670. +* Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB 9670 and SLB9672. - LetsTrust: [http://letstrust.de] ( Compact Raspberry Pi TPM 2.0 board based on Infineon SLB 9670. * ST ST33TP* TPM 2.0 module (SPI and I2C) * Microchip ATTPM20 module @@ -83,9 +83,13 @@ Tested with: #### Device Identification Infineon SLB9670: -TIS: TPM2: Caps 0x30000697, Did 0x001b, Vid 0x15d1, Rid 0x10 +TPM2: Caps 0x30000697, Did 0x001b, Vid 0x15d1, Rid 0x10 Mfg IFX (1), Vendor SLB9670, Fw 7.85 (4555), FIPS 140-2 1, CC-EAL4 1 +Infineon SLB9672: +TPM2: Caps 0x30000697, Did 0x001d, Vid 0x15d1, Rid 0x36 +Mfg IFX (1), Vendor SLB9672, Fw 16.10 (0x4068), FIPS 140-2 1, CC-EAL4 1 + ST ST33TP SPI TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e Mfg STM (2), Vendor , Fw 74.8 (1151341959), FIPS 140-2 1, CC-EAL4 0 @@ -138,7 +142,7 @@ autogen.sh requires: automake and libtool: `sudo apt-get install automake libtoo --enable-tislock Enable Linux Named Semaphore for locking access to SPI device for concurrent access between processes - WOLFTPM_TIS_LOCK --enable-autodetect Enable Runtime Module Detection (default: enable - when no module specified) - WOLFTPM_AUTODETECT ---enable-infineon Enable Infineon SLB9670 TPM Support (default: disabled) +--enable-infineon Enable Infineon SLB9670/SLB9672 TPM Support (default: disabled) --enable-st Enable ST ST33TPM Support (default: disabled) - WOLFTPM_ST33 --enable-microchip Enable Microchip ATTPM20 Support (default: disabled) - WOLFTPM_MCHP --enable-nuvoton Enable Nuvoton NPCT65x/NPCT75x Support (default: disabled) - WOLFTPM_NUVOTON @@ -153,7 +157,7 @@ TLS_BENCH_MODE Enables TLS benchmarking mode. NO_TPM_BENCH Disables the TPM benchmarking example. ``` -### Building Infineon SLB9670 +### Building Infineon SLB9670/SLB9672 Build wolfTPM: @@ -161,7 +165,7 @@ Build wolfTPM: git clone https://github.com/wolfSSL/wolfTPM.git cd wolfTPM ./autogen.sh -./configure +./configure --enable-infineon make ``` @@ -389,6 +393,40 @@ ECDSA 256 verify 9 ops took 1.022 sec, avg 113.539 ms, 8.808 ops/se ECDHE 256 agree 5 ops took 1.161 sec, avg 232.144 ms, 4.308 ops/sec ``` +Run on Infineon OPTIGA SLB9672 at 43MHz: + +``` +./examples/bench/bench +TPM2 Benchmark using Wrapper API's + Use Parameter Encryption: NULL +Loading SRK: Storage 0x81000200 (282 bytes) +RNG 24 KB took 1.070 seconds, 22.429 KB/s +Benchmark symmetric AES-128-CBC-enc not supported! +Benchmark symmetric AES-128-CBC-dec not supported! +Benchmark symmetric AES-256-CBC-enc not supported! +Benchmark symmetric AES-256-CBC-dec not supported! +Benchmark symmetric AES-128-CTR-enc not supported! +Benchmark symmetric AES-128-CTR-dec not supported! +Benchmark symmetric AES-256-CTR-enc not supported! +Benchmark symmetric AES-256-CTR-dec not supported! +AES-128-CFB-enc 86 KB took 1.001 seconds, 85.890 KB/s +AES-128-CFB-dec 88 KB took 1.020 seconds, 86.267 KB/s +AES-256-CFB-enc 86 KB took 1.023 seconds, 84.073 KB/s +AES-256-CFB-dec 86 KB took 1.019 seconds, 84.370 KB/s +SHA1 88 KB took 1.021 seconds, 86.155 KB/s +SHA256 86 KB took 1.015 seconds, 84.717 KB/s +SHA384 90 KB took 1.007 seconds, 89.405 KB/s +RSA 2048 key gen 10 ops took 15.677 sec, avg 1567.678 ms, 0.638 ops/sec +RSA 2048 Public 110 ops took 1.000 sec, avg 9.095 ms, 109.951 ops/sec +RSA 2048 Private 14 ops took 1.078 sec, avg 76.996 ms, 12.988 ops/sec +RSA 2048 Pub OAEP 51 ops took 1.012 sec, avg 19.838 ms, 50.408 ops/sec +RSA 2048 Priv OAEP 12 ops took 1.053 sec, avg 87.738 ms, 11.398 ops/sec +ECC 256 key gen 8 ops took 1.088 sec, avg 135.956 ms, 7.355 ops/sec +ECDSA 256 sign 29 ops took 1.033 sec, avg 35.621 ms, 28.073 ops/sec +ECDSA 256 verify 42 ops took 1.013 sec, avg 24.114 ms, 41.470 ops/sec +ECDHE 256 agree 16 ops took 1.055 sec, avg 65.948 ms, 15.164 ops/sec +``` + Run on ST ST33TP SPI at 33MHz: ``` diff --git a/configure.ac b/configure.ac index 553ce4d8..fccc5cd6 100644 --- a/configure.ac +++ b/configure.ac @@ -304,15 +304,15 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_NUVOTON" fi -# Infineon SLB9670 +# Infineon SLB9670/SLB9672 AC_ARG_ENABLE([infineon], - [AS_HELP_STRING([--enable-infineon],[Enable Infineon SLB9670 TPM Support (default: disabled)])], + [AS_HELP_STRING([--enable-infineon],[Enable Infineon SLB9670/SLB9672 TPM Support (default: disabled)])], [ ENABLED_INFINEON=$enableval ], [ ENABLED_INFINEON=no ] ) if test "x$ENABLED_INFINEON" = "xyes" then - AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_SLB9670" + AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_SLB9670 -DWOLFTPM_SLB9672" fi @@ -400,7 +400,7 @@ AM_CONDITIONAL([BUILD_WRAPPER], [test "x$ENABLED_WRAPPER" = "xyes"]) AM_CONDITIONAL([HAVE_LIBWOLFSSL], [test "x$ENABLED_WOLFCRYPT" = "xyes"]) AM_CONDITIONAL([BUILD_I2C], [test "x$ENABLED_I2C" = "xyes"]) AM_CONDITIONAL([BUILD_ADVIO], [test "x$ENABLED_ADVIO" = "xyes"]) -AM_CONDITIONAL([BUILD_ST], [test "x$ENABLED_ST33" = "xyes"]) +AM_CONDITIONAL([BUILD_ST], [test "x$ENABLED_ST" = "xyes"]) AM_CONDITIONAL([BUILD_MICROCHIP], [test "x$ENABLED_MICROCHIP" = "xyes"]) AM_CONDITIONAL([BUILD_INFINEON], [test "x$ENABLED_INFINEON" = "xyes"]) AM_CONDITIONAL([BUILD_DEVTPM], [test "x$ENABLED_DEVTPM" = "xyes"]) @@ -528,8 +528,8 @@ echo " * SWTPM: $ENABLED_SWTPM" echo " * WINAPI: $ENABLED_WINAPI" echo " * TIS/SPI Check Wait State: $ENABLED_CHECKWAITSTATE" -echo " * Infineon SLB9670 $ENABLED_INFINEON" -echo " * STM ST33: $ENABLED_ST33" +echo " * Infineon SLB967X $ENABLED_INFINEON" +echo " * STM ST33: $ENABLED_ST" echo " * Microchip ATTPM20: $ENABLED_MICROCHIP" echo " * Nuvoton NPCT75x: $ENABLED_NUVOTON" diff --git a/examples/tpm_io_linux.c b/examples/tpm_io_linux.c index 5c0105a5..b4d6a034 100644 --- a/examples/tpm_io_linux.c +++ b/examples/tpm_io_linux.c @@ -78,7 +78,7 @@ /* Nuvoton NPCT75x uses CE0 */ #define TPM2_SPI_DEV_CS "0" #else - /* OPTIGA SLB9670 and LetsTrust TPM use CE1 */ + /* OPTIGA SLB9670/SLB9762 and LetsTrust TPM use CE1 */ #define TPM2_SPI_DEV_CS "1" #endif diff --git a/wolftpm/tpm2_types.h b/wolftpm/tpm2_types.h index b991c70f..c0ced848 100644 --- a/wolftpm/tpm2_types.h +++ b/wolftpm/tpm2_types.h @@ -202,6 +202,7 @@ typedef int64_t INT64; /* Infineon SLB9670 TPM 2.0 (default) */ /* #define WOLFTPM_SLB9670 */ +/* #define WOLFTPM_SLB9672 */ /* Define a default chip */ #if !defined(WOLFTPM_ST33) && !defined(WOLFTPM_MCHP) && \ @@ -209,7 +210,6 @@ typedef int64_t INT64; #define WOLFTPM_SLB9670 #endif - /* Chip Specific Settings */ #ifdef WOLFTPM_MCHP /* Microchip ATTPM20 */ @@ -245,7 +245,7 @@ typedef int64_t INT64; #define TPM2_SPI_MAX_HZ TPM2_SPI_MAX_HZ_NUVOTON #endif #else - /* Infineon OPTIGA SLB9670 */ + /* Infineon OPTIGA SLB9670/SLB9672 */ /* Max: 43MHz */ #define TPM2_SPI_MAX_HZ_INFINEON 43000000 #ifndef TPM2_SPI_MAX_HZ