ST’s New TPM Modules Support Dual Mode and 110 KB of Memory, That’s Embedded Security made Easier

Our products, Security Leave a Comment

If it’s on the Internet, it’s hackable ! The need for security has reached new heights as threats are more elaborate and more damaging than ever. Protecting your PC or servers against attacks is now common knowledge and mobile devices are constantly stepping up their security measures. However, this isn’t enough. Peripherals, such as keyboards and mice, are at risk, IoT devices are vulnerable, and a famous brand of printers was recently the subject of attacks. Thieves would store illegal content or malware in the printers’ memory and use these files to contaminate other machines. However, there are solutions to protect against these threats, such as the ST33TPHF2ESPI and ST33HTPH20SPI, the two newest Trusted Platform Modules (TPM) from the STSAFE-TPM family of products.

TPM 1.2 and TPM 2.0

In a nutshell, TPM is a standard, defined by Trusted Computing Group, for components designed to store authentication information, such as passwords, certificates, or encryption keys, among others. When a system needs to be authenticated at startup, for instance, its credentials can be checked against those stored in the TPM to ensure that no one tampered with the machine. In some embedded configurations, TPMs can even store measurements, such as boot times. Since startup times are almost always identical in these systems, a change could indicate a security breach.

There are two major TPM versions : 1.2 and 2.0. They both have very similar features and use cases. However, they use very different methods to achieve their goals and they are not interoperable. A system compatible with TPM 1.2 will have to undergo major changes to be compatible with TPM 2.0. As a result, although the newest version can offer an even greater level of security, it is not always easy or practical to switch to it.

ST33TPHF2ESPI Means Not Choosing a TPM Version

Embedded Security

Embedded Security

This is why ST’s ST33TPHF2ESPI is one of the few TPMs to be compatible with both 1.2 and 2.0 versions. Due to the nature of the technology, it is impossible to use both standards simultaneously. However, manufacturers no longer have to rely on multiple chips as they transition from one standard to the next since ST’s TPM can be the one-size-fits-all solution.

Engineers can burn in the mode they’d like to use to bind a chip to a specific version. However, those who desire more flexibility can set the version using firmware and can switch between 1.2 and 2.0 by simply updating their code. This means that companies planning to update their systems to support TPM 2.0 have the assurance that they’ll be able to transition without having to use another module.

A Powerful SC300 at Its Core

The two new TPM modules rely on the SecurCore® SC300™ from ARM®. Its Cortex-M3 architecture enables the development of more complex applications. For instance, the chip can handle multiple interfaces in real time, which has proven essential in wireless applications like Smart Card or NFC. The 32-bit RISC architecture can also provide hardware-accelerated cryptographic functions to greatly increase the efficiency of the security protocols.

Finally, both chips offer a high-speed 33 MHz SPI interface to ensure that communication between the system and the TPM is fast, and authentication happens instantly. This means that ST’s TPMs are suitable for many different applications and with no noticeable dip in performance, thanks to the versatility, speed, and efficiency of these modules.

ST33HTPH20SPI’s Capacity Is a Record

The ST33HTPH20SPI goes even one step further by offering 110 KB of non-volatile memory, which is a new record. Hence, manufacturers will be able to store more sensitive information, such as longer or multiple keys. Indeed, storage in traditional modules is so famously small that the TPM specification allows some keys to reside outside the module as long as they’ve been encrypted using a Storage Root Key found in the TPM. Therefore, if a key stored outside is needed, it will be first decrypted by being fed back to the TPM before it can be used. By increasing the internal memory, ST reduces the need for such a measure.

The hallmark of a good security system is its modernism and its ability to stay ahead of hackers’ ingenious ways of breaching the most complex setups. By offering flashable and updatable firmware, anti-tampering measures, a powerful architecture, compatibility with multiple TPM versions, and more memory than anyone else, ST’s modules ensure that a wide variety of systems remain protected for the years to come.

To learn more about the ST33TPHF2ESPI and ST33HTPH20SPI, please visit ST’s website.