Open Source Software Stack for TPM 2.0

Infineon's new open source TPM middleware complies with the ESAPI (Enhanced System API) specifications for software stacks (TSS) of the Trusted Computing Group (TCG) and thus offers the open source community significant advantages in application development.

The TSS-ESAPI layer is freely available for everyone. Infineon has supported the development of ESAPI by the Fraunhofer Institute for Secure Information Technology SIT, a long-standing cooperation partner in this field. Infineon's ESAPI layer is based on the SAPI layer developed by Intel and includes new API functions that simplify the use and integration of the TPM. This facilitates connection to the TPM via an application that enables secure communication between the host processor and the TPM as well as the authorization using HMAC (Message Authentication Code).

The stack based on the ESAPI layer includes support for OpenSSL. The Infineon Optiga TPM can be used as a secure keystore for OpenSSL via a standard interface to protect the device communication secured with SSL&TLS. This protects the keys from vulnerabilities such as the notorious "Heartbleed" bug.

The TSS stack and ESAPI layer are published under the 2-clause BSD open source license. ESAPI was developed and validated by a large community to achieve the high quality and stability required for modern embedded and IoT systems. For industrial and automotive customers, the code has been developed using industry standards and through continuous integration and testing. In addition, a thorough four-eye review and static code analysis was performed using Clang and Coverity. Furthermore, the stack on the Infineon Optiga TPM SLB 9670 was tested and evaluated with the latest TPM specifications.