LetsTrust

Hi Floks!

Infineon has released a new update files all TPMs.

This also means that ALL LetsTrust-TPMs can now be updated.

All delivered LetsTrust TPMs with the SLB-9670 had firmware 7.85, the update to 7.87 is available.
All delivered LetsTrust TPMs with the SLB-9672 had firmware 15.23, since December 2024, only the SLB9672 has been delivered with firmware 15.24, the update to 15.25 is available.


The following applies to both chips: All data remains on the TPM. The update only improves stability and fixes issues.

For the update tool and the relevant files you now only need a "MyInfineon" account, which you can get by registering with a single-face email.

The update file itself is a binary blob, the Linux update tool is in c-source files and therefore still needs to be built.

The Tool, functional for all Infineon TPMs:
https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/slb-9670vq2.0/#!?fileId=8ac78c8c95d1335f019600fccc6b6574

Update binary blob for SLB9670 FW 7.8x to FW 7.87:
https://www.infineon.com/gated/infineon-ifxtpmupdate-slb9670-v7.66-86-to-v7.87.19691.2-firmware-en_5b78aeee-a227-441c-8e09-99e1bde20778

Update binary blob for SLB9672 FW 15.2x to FW 15.25:
https://www.infineon.com/gated/infineon-ifxtpmupdate-slb9672-v15.25.18954.0-r1-software-en_ccdeb0af-50c8-4962-962d-7f78e6a642bc

All LetsTrust-TPMs from 10th March 2026 will be delivered with firmware 15.25.


Bye for now,

Paul



PS: After an TPM-Update, the chip needs a Power-cycle OR a Reset-Cycle, with this script you can reset the TPM via GPIO: https://github.com/PaulKissinger/LetsTrust/blob/master/Scripts/TPM_reset_with_GPIO.sh
PSS: The Linux Update tool do not support the LetsTrust-TPM2Go, i'll try to provide a solution for that.

Hi everyone,

I'm excited to share that LetsTrust-TPMs have officially crossed the milestone of 10,000 modules produced!

To mark this occasion, I wrote a detailed Hackster.io Story about the journey of this 8-year project – from the initial idea to global adoption in maker, research, and industrial applications.

Feel free to check it out – and if you like it, a 'thumps up' would mean a lot to me!

Thanks for your support over the years and bye for now!

Paul

Finally, Infineon has released the update files AND the Linux Update Tool for all TPMs.

This also means that ALL LetsTrust-TPMs can now be updated.

All delivered LetsTrust TPMs with the SLB-9670 had firmware 7.85, the update to 7.86 is available.
All delivered LetsTrust TPMs with the SLB-9672 had firmware 15.23, the update to 15.24 is available.

Since December 2024, only the SLB9672 has been delivered with firmware 15.24.

The following applies to both chips: All data remains on the TPM. The update only improves stability and fixes issues.

For the update tool and the relevant files you now only need a "MyInfineon" account, which you can get by registering with a single-face email.

The update file itself is a binary blob, the Linux update tool is in c-source files and therefore still needs to be built.

The Tool, functional for all Infineon TPMs:
https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/slb-9670vq2.0/#!?fileId=8ac78c8c95d1335f019600fccc6b6574

Update binary blob for SLB9670 FW 7.85 to FW 7.86:
https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/slb-9670vq2.0/#!?fileId=8ac78c8c95d1335f019600fcd1de6583

Update binary blob for SLB9672 FW 15.23 to FW 15.24:
https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/optiga-tpm-slb-9672-fw15/#!?fileId=8ac78c8c93dda25b01945fedc60f0006


Bye for now,

Paul



PS: After an TPM-Update, the chip needs a Power-cycle OR a Reset-Cycle, with this script you can reset the TPM via GPIO: https://github.com/PaulKissinger/LetsTrust/blob/master/Scripts/TPM_reset_with_GPIO.sh
PSS: The Linux Update tool do not support the LetsTrust-TPM2Go, i'll try to provide a solution for that.

Hi everyone,

here we have good news for the TPM environment


https://www.phoronix.com/news/Linux-610-TPM-Encrypt-Integrity


https://www.phoronix.com/news/Linux-TPM-Disable-PCR-Integrity



Bye for now,

Paul

Hello everyone,

and the second news today: The TPM Software Stack (TSS) now also supports the LetsTrust-TPM2Go as TCTI device with the latest release!

https://github.com/tpm2-software/tpm2-tss/blob/4.1.1/doc/tcti.md

What's new about this, the LT-TPM2Go has been working with the TSS for over 6 months?
That is correct, but only if you have rebuilt the TSS from the master.
In the near future, everything will be easier with the current release, then these three steps will be sufficient (also applies to the SPI-based LetsTrust-TPM).

# install all tpm2 relevant software and tools
sudo apt --yes install libtss2-* tpm-udev tpm2-abrmd tpm2-tools

# Add the current user to group tss (with privilege to access the TPM)
sudo usermod --append --groups tss $(whoami)

# Reboot for group change to become effective
sudo reboot

You see, it goes on and on with the TPM!

Bye, for now

Paul

Hello to everyone,

I have a product change notification for you today! (PCN)

LetsTrust-TPM gets a new chip. The usual Infineon quality remains and from now on the SLB9672 FW15.23 will be used!

What will change? Basically nothing for the user, the config.txt change remains as before, the devicetree overlay is loaded via -> dtoverlay=tpm-slb9670. Because the SLB9672 is 100% driver compatible with the old overlay (yay!)

We were also able to retain the layout, because the SLB9672, like the SLB9670, follows the specifications of the TCG (Trusted Computing Group) regarding the pinout and the package.

Only the TCG Spec version changes, here we have to take what we get from Infineon. The latest firmware version is based on the specification revision Rev.:1.59 and no longer on Rev.:1.38 as before (higher is better).

This change is effective as of Monday, May 13th. All LetsTrust-TPMs ordered from then on will be on the latest possible version!

You will find also the new Schematic 2.3 on the right here for your reference.

Bye for now,

Paul

Hello everybody,

David Safford send me a link to his latest github project! I think it is worth it to share!

From his github project:

This package demonstrates a simple recovery mechanism for data across a TPM (or motherboard) failure.

https://github.com/safforddr/tpm_keys

However, i fond a second project from David:
https://github.com/safforddr/crypt_tpmhmac

Really nice stuff

Maybe someone have ideas, please contribute


Bye for now,

Paul

Hello everyone,

usually once a year someone comes around the corner and shouts into the ether of the net: LOOK AT ME! I HAVE HACKED A TPM!

Well, during this time I always get a lot of emails/messages or direct questions in the corridor "how can that be?" "aren't TPMs so good after all...?" "ahh, just security bohei and nothing behind it"

There are enough articles out there that explain this, so I won't start here, but you can find a link to one here: This article sums it up very well, so Thanks to Chris Fenner!

https://www.dlp.rip/tpm-genie


tl:dr -> OS/OEMs don't want to, they could if they wanted to. But they don't want to increase security.

But please read the article


So I'm out,

Paul

Hi,

today I will share with you some thoughts, insights, and statistics about LetsTrust-TPMs.

Let's start with the thoughts:

A "coincidence" led me into TPM Onchip development in 2016, where I met some TPM-addicted people, including one of my best friends today, Peter H.
Another "coincidence" introduced Peter to Max. Max, at that time, had become one of the first Approved Raspberry Pi resellers in the DACH region with Pi3g.com and his shop buyzero.de.

The path was short, and that's how I got to know Max. Thank you Peter!

The pitch was prepared, why Max should include my "prototype" in his shop... after a long preparation, the meeting took less than five minutes, and then it was already over. After that, we had a nice evening in his company .

The Insights:

LetsTrust officially started on May 18, 2017, with the partnership between LetsTrust and Pi3g.com and a batch of 100 LetsTrust-TPM units. It was my first product, and for Max, it was a unique selling point since he was the only one offering discrete TPMs for the Raspberry Pi.
My disappointment in the first weeks grew, and the sales figures were almost non-existent.
Anyway, after 18 months, a trend became apparent, and it slowly approached one unit per day.
Four years after the start, the sales figures settled at around 300 units per quarter. (Yeah!)

Then came the chip crisis, impacting the availability of Raspberry Pis and, consequently, the sales of LT-TPM. The subsequent pandemic, which partly fueled the chip crisis, didn't help growth, but there wasn't a significant downturn either.

What I'm proud of: Through good foresight planning, we could consistently deliver from the first day of sales until today.

Raspberry Pis are available again, and this is noticeably boosting LT-TPM sales. Through this continuous growth, I could develop additional hardware, including:
- a ComputeModule3 board with USB/Ethernet/CAN/RS485/RS232/HDMI/TPM
- the first Raspberry Pi Breakoutboard for the BME688
- a Breakoutboard for an excellent CO2 sensor (stable CO2 measure for more than 5 years!)
- and of course, the LetsTrust-TPM2Go.
- Several more designs are in progress (so much to prototype, route and test).

And all of this started with a TPM on a small board.

However, it grew and became significant only through you and the community.

At this point, Dimitar Tomov should also be mentioned; he is the founder of www.tpm.dev and undoubtedly contributed to LetsTrust's visibility.

Now, a few numbers and statistics!

Max kindly provided some anonymized data for this post.

A World Map!

LetsTrust-TPMs have been shipped directly from Germany to 38 countries. Australia, Chile, and Japan seem to be the farthest distances covered. This list is derived from direct sales; if your country is missing, you probably ordered through a distributor.

Growth and Quantity Graph!

The blue graph shows that despite the pandemic and chip crisis, we managed to maintain annual sales at a good level. The orange graph looks quite similar to the hype cycle ^_^, so fingers crossed as it seems to be on an upward trend now!


I can tell you: You don't get rich with this project (at least not yet), but I have fun, and my wife occasionally gets flowers and you get sometimes new hardware designs.


See you soon!

Paul

Hello Everybody,

Now it is proven!
Raspberry Pi 5 can also handle the LetsTrust-TPM Module!






You will need a stacked header to connect a LetsTrust-TPM Module on a Raspberry Pi 5 with a heatsink!

Bye for now!

Paul