TPM has PQC-protected firmware update mechanism
The development of quantum computing will make today’s standard data encryption obsolete, because quantum computers will crack even the most advanced encryption hands-down. The industry is therefore working feverishly on Post Quantum Cryptography (PQC). Infineon has now presented a Trusted Platform Module (TPM) that opens up new perspectives. Such components are vital for all applications for which a secure transmission path is indispensable – including software update mechanisms for vehicles.
The new Optiga TPM (Trusted Platform Module) SLB 96 has a post-quantum cryptography (PQC) protected firmware update mechanism using XMSS signatures. This mechanism counteracts the manipulation of firmware content by attackers with access to quantum computers. It also increases the long-term survivability of the device by opening a quantum-resistant firmware upgrade path. The standardised, out-of-the-box TPM thus serves as a robust foundation to securely establish the identity and software status of PCs, servers and connected devices. It also protects the integrity and confidentiality of data that is or will be stored.
The Infineon device is the industry’s first TPM to offer a firmware update mechanism with a 256-bit key length and additional verification based on PQC. With this strong and trusted update mechanism, the Optiga TPM SLB 9672 can still be updated even if the standard algorithms are no longer trusted. Its design is engineered for improved computing performance and has fail-safe features that counteract the effects of corrupted firmware. Built-in security features, for example, enable TPM firmware recovery in accordance with the NIST SP 800-193 Platform Firmware Resiliency Guidelines.
The TPM also provides expanded non-volatile memory to store new features such as additional certificates and cryptographic keys. Security evaluation and certification is performed by independent bodies in accordance with Common Criteria and FIPS requirements. In addition, the new TPM meets the requirements of the Trusted Computing Group (TCG) (TPM 2.0 standard version 1.59) and is certified according to the latest TPM 2.0 standard.
With a standardised trust base and various tools to support design activities (software/demo boards), the TPM enables easy integration with host software. It also supports the latest versions of Windows and Linux. In addition, the chip has an extended temperature range from -40°C to 105°C. Infineon is committed to the long-term availability of the Optiga TPM SLB 9672 for at least ten years and offers tailored support and maintenance through the Infineon Security Partner Network (ISPN). With this long-term commitment, customers can rely not only on the continuous availability of the TPM, but also on Infineon’s support.
For more information click here