lpnTPM – running the reference implementation of the TPM 2.0 specification on the STM32

About the lpnTPM project

lpnTPM is Open Source Software (OSS), and Open Source Hardware (OSHW) Trusted Platform Module (TPM, also known as ISO/IEC 11889). The ultimate goal of lpnTPM is to provide a trustworthy platform for future open evolution of Trusted Platform Module software and its application to various computing devices, resulting in better adoption of platform security. This project was funded through the NGI Assure Fund. More information about the project can be found in the lpnTPM documentation.

About the ms-tpm-20-ref project

The ms-tpm-20-ref project provides a reference implementation of the TCG Trusted Platform Module 2.0 specification. This project provides a TPM library implementing the specification. It also provides some sample applications for a few targets. The one that is used the most actively (last modification 1 month ago – October 2021) is the simulator target. There are also others, such as:

  • ARM32 fTPM
    • Trusted Application to be executed in Trusted Execution Environment of the 32-bit ARM application processors
    • last modification 9 months ago (February 2021)
    • mostly developed 3 years ago (October 2018)
  • Nucleo TPM
    • last modification 4 years ago (April 2018)

We are mostly interested in the Nucleo TPM target, as this would allow us to run the TPM functionality on the STM32 microcontroller. As you can see, it is quite dated already. The sample code was mostly dumped as one commit and its current state is not clear. It is also not clear what was its state back then (what was working correctly, how it was tested, etc.). It was rather not used since then, so some effort to understand what’s going on there was required.

Building the ms-tpm-20-ref project

The STM32 sample was originally developed using the Atollic Studio, which is not supported already. We needed to convert this project to the STM32CubeIDE. There were also some compilation issues, as it was originally developed on Windows and we wanted to use Linux instead.

As part of this work, we have started some communcation about the ms-tpm-20-ref project. We have also issued some pull requests (#61, #60).

The developed code changes can be found in the lpn-plant/ms-tpm-20-ref repository.

More details on this effort can be found in the building chapter of the lpnTPM documentation.

Running the ms-tpm-20-ref project on the STM32

The ms-tpm-20-ref project was started on the Nucleo-L476RG platform. The flashing and debugging documentation can be found here.

The first results from running the code on the STM32 can be found in the running section of the lpnTPM documentation.

We have also developed some additional tools to prove that the application running on the STM32 can receive basic TPM commands. The results from execution are also available in the running section of the lpnTPM documentation.

Summary

With some additional effort, we were finally able to build and run the sample from ms-tpm-20-ref repository on the Nucleo-L476RG. There are some issues in terms of reliability and command parsing, however. We have decided that putting more effort into the USB-CDC interface is not worth it, since the target solution will not be using it (it will use SPI/LPC instead). Further improvements are planned for future phases of this project.

Feel free to follow our blog, repositories and Twitter for the latest progress on this project. You can also follow our development journal, where we want to leave short daily status on the work progress.

Leave a Reply

Your email address will not be published. Required fields are marked *