1. Overview

This Application Note describes how to use the ST ST33KTPM2X Trusted Platform Module (TPM) with Emcraft Systems' Linux BSP for the STM32MP1 SoC.

The ST33KTPM2X device is a member of the ST STSAFE-TPM (trusted platform module) family of products, which offers a broad portfolio of standardised solutions for embedded, PC, mobile and computing applications. The STSAFE-TPM includes turnkey products compliant with the Trusted Computing Group (TCG) standards that provide services to protect the confidentiality, integrity and authenticity of information and devices. The STSAFE-TPM devices are all Common Criteria (EAL4+) and FIPS certified.

The ST33KTPM2X is a TPM 2.0-compliant device, that is easy to integrate in an embedded design, using the standards-compliant SPI and I2C interfaces to the host SoC, such as the ST STM32MP1. Refer to the following page for detailed information of the ST33KTPM2X module: https://www.st.com/en/secure-mcus/st33ktpm2x.html .

The Emcraft Linux BSP for the STM32MP1 SoC has been enhanced with appropriate device drivers and configuration interfaces allowing seamless integration with the ST33KTPM2X device. This Application Note provides detailed instructions on the steps that are needed to enable software support for the STSAFE-TPM in Linux running on the STM32MP1 SoC.

2. Hardware Platform

The following hardware platform is used by Emcraft to support the ST STSAFE-TPM devices with the STM32MP1 SoC:

• The Emcraft STM32MP1 SOM, available in the 800MHz and 650MHz variants. See: https://emcraft.com/products/1062#som .

• The Emcraft STM32MP1-BSB Starter Kit, which provides, among other things, a standards-compliant interface to Click / mikroBUS boards. See https://emcraft.com/products/1062#starter-kit .

• The Emcraft TPM-Click Module board, which is a compact Click / mikroBUS add-on board that hosts the ST ST33KTPM2X TPM 2.0-compliant module and provides the standard SPI / I2C interfaces to the host SoC. While Emcraft uses the Click board to illustrate integration with the STM32MP1 SoC, the board can be used with any embedded device that provides a standard Click / mikroBUS interface. See TPM-Click Module Hardware User’s Guide .

3. Software Platform

The following hardware platform is used by Emcraft to support the ST STSAFE-TPM devices with the STM32MP1 BSP (Board Support Package):

• Kernel space device drivers. While the generic TPM2 support is enabled by CONFIG_TCG_TPM configuration parameter, Emcraft's TPM-Click Module board support is enabled by CONFIG_TCG_TIS_I2C configuration parameter (making the I2C bus the default transport to the host). These configuration parameters enable building of the TPM2 drivers in the Linux kernel and reside in the drivers/char/tpm directory in the kernel source tree. The aforementioned drivers are enabled in the Emcraft BSP by default.

• User-space TPM stack including the cryptsetup utility in the systemd software suite, tpm2-tools set of utilities (version 5.5), and tpm2-tss shared library (version 4.0.1). The user space TPM stack is a part of the https://git.yoctoproject.org/git/meta-security Yocto layer.

4. Building STM32MP1 Images for STSAFE-TPM

Step through the following procedure to activate support for the STSAFE-TPM in the Emcraft BSP:

1. Prepare the Linux build host. See Linux PC requirements PC prerequisites - stm32mpu.

2. On the build host, set up the OpenSTLinux release 5.0.0 sources:

   [psl@sergmir openstlinux]$ curl https://storage.googleapis.com/\ git-repo-downloads/repo > repo [psl@sergmir openstlinux]$ chmod 755 repo [psl@sergmir openstlinux]$ sudo mv repo /usr/bin [psl@sergmir openstlinux]$ repo init -u \ https://github.com/STMicroelectronics/oe-manifest.git \ -b refs/tags/openstlinux-6.1-yocto-mickledore-mp1-v23.06.21 ... [psl@sergmir openstlinux]$ repo sync ... [psl@sergmir openstlinux]$ ls -l total 4 drwxrwxr-x 7 psl psl 4096 Apr 18 18:37 layers [psl@sergmir openstlinux]$ ls -l layers/ total 20 drwxrwxr-x 14 psl psl 4096 Apr 18 18:37 meta-openembedded drwxrwxr-x 12 psl psl 4096 Apr 18 18:37 meta-qt5 drwxrwxr-x  6 psl psl 4096 Apr 18 18:37 meta-st drwxrwxr-x  6 psl psl 4096 Apr 18 18:37 meta-timesys drwxrwxr-x  9 psl psl 4096 Apr 18 18:37 openembedded-core [psl@sergmir openstlinux]$

3. Clone the Emcraft meta layer:

   [psl@sergmir openstlinux]$ git clone -b linux-stm32mp1-4.1.0 \ git@gitlab.com:emcraft/stm32mp15x/meta-emcraft.git \ layers/meta-st/meta-emcraft ...

4. Clone the Secutiry meta layer:

   [psl@sergmir openstlinux]$ git clone -b mickledore \ https://git.yoctoproject.org/git/meta-security \ layers/meta-security ...

5. Configure the build (change stm32mp15d-som to stm32mp157-som in the below command for the 650MHz version of the STM32MP1-SOM):

   The STM32MP1 BSP depends on some packages and firmware covered by a software license agreement (SLA). You will be asked to read and to accept this license.

6. Enable the tpm2 ad security features:

7. Run the build:

5. Verifying Support for STSAFE-TPM

5.1. Verifying STSAFE-TPM Configuration

Follow the step-wise procedure below to verify that the TPM module has been recognised and correctly configured on the target:

1. In the Linux boot-up messages, verify that the TPM driver has probed the TPM device:

2. Check the TPM version:

3. Check the TPM capabilities:

5.2. Using STSAFE-TPM for Hardware-Bound Data Encryption

This command sequence showcases how to utilise the STSAFE-TPM to create a hardware-bound encrypted disk. Once the disk has been encrypted, the passphrase to unlock the disk is stored in the TPM’s NV storage, so the unlocking and decryption of the disk is only possible with the specific TPM chip being present on the embedded target.

5.2.1. Phase 1: Disk Creation

This phase creates the disk. Follow the step-wise procedure below:

1. Create an empty disk image:

2. Create a TPM-stored sealed key.

3. Create the loop device for the disk image:

4. Create a LUKS2-encrypted disk:

5. Unlock the created disk:

6. Create the ext4 file system on the disk.

7. Mount the ext4 file system:

5.2.2. Phase 2: Verifying Disk Encryption

Now that the encrypted disk is created and the file system is mounted, we can create a file on it and verify if the data is indeed encrypted. Follow the step-wise procedure below:

1. Create a plain file with some text:

2. Unmount the file system:

3. Close the encrypted disk and unbind the loop device:

4. Search the disk image for the encrypted data. It will not be found:

5.2.3. Phase 3: Disk Unlocking

Once the disk has been created, the sequence to unlock it and mount is as follows:

1. Bind the loop device to the disk image:

   Unlock the encrypted disk:

2. Mount the file system:

3. Print the encrypted text file: