Skip to content

TPM and BitLocker

Hello everyone,

usually once a year someone comes around the corner and shouts into the ether of the net: LOOK AT ME! I HAVE HACKED A TPM!

Well, during this time I always get a lot of emails/messages or direct questions in the corridor "how can that be?" "aren't TPMs so good after all...?" "ahh, just security bohei and nothing behind it"

There are enough articles out there that explain this, so I won't start here, but you can find a link to one here: This article sums it up very well, so Thanks to Chris Fenner!

https://www.dlp.rip/tpm-genie


tl:dr -> OS/OEMs don't want to, they could if they wanted to. But they don't want to increase security.

But please read the article :-)


So I'm out,

Paul
Categories: TPM

Six years of growth! Time to say "Thank you!", to you and the community!

Hi,

today I will share with you some thoughts, insights, and statistics about LetsTrust-TPMs.

Let's start with the thoughts:


A "coincidence" led me into TPM Onchip development in 2016, where I met some TPM-addicted people, including one of my best friends today, Peter H.
Another "coincidence" introduced Peter to Max. Max, at that time, had become one of the first Approved Raspberry Pi resellers in the DACH region with Pi3g.com and his shop buyzero.de.

The path was short, and that's how I got to know Max. Thank you Peter!

The pitch was prepared, why Max should include my "prototype" in his shop... after a long preparation, the meeting took less than five minutes, and then it was already over. After that, we had a nice evening in his company :-D.

The Insights:


LetsTrust officially started on May 18, 2017, with the partnership between LetsTrust and Pi3g.com and a batch of 100 LetsTrust-TPM units. It was my first product, and for Max, it was a unique selling point since he was the only one offering discrete TPMs for the Raspberry Pi.
My disappointment in the first weeks grew, and the sales figures were almost non-existent.
Anyway, after 18 months, a trend became apparent, and it slowly approached one unit per day.
Four years after the start, the sales figures settled at around 300 units per quarter. (Yeah!)

Then came the chip crisis, impacting the availability of Raspberry Pis and, consequently, the sales of LT-TPM. The subsequent pandemic, which partly fueled the chip crisis, didn't help growth, but there wasn't a significant downturn either.

What I'm proud of: Through good foresight planning, we could consistently deliver from the first day of sales until today.

Raspberry Pis are available again, and this is noticeably boosting LT-TPM sales. Through this continuous growth, I could develop additional hardware, including:
- a ComputeModule3 board with USB/Ethernet/CAN/RS485/RS232/HDMI/TPM
- the first Raspberry Pi Breakoutboard for the BME688
- a Breakoutboard for an excellent CO2 sensor (stable CO2 measure for more than 5 years!)
- and of course, the LetsTrust-TPM2Go.
- Several more designs are in progress (so much to prototype, route and test).

And all of this started with a TPM on a small board.


However, it grew and became significant only through you and the community.



At this point, Dimitar Tomov should also be mentioned; he is the founder of www.tpm.dev and undoubtedly contributed to LetsTrust's visibility.



Now, a few numbers and statistics!


Max kindly provided some anonymized data for this post.

A World Map!



LetsTrust-TPMs have been shipped directly from Germany to 38 countries. Australia, Chile, and Japan seem to be the farthest distances covered. This list is derived from direct sales; if your country is missing, you probably ordered through a distributor.



Growth and Quantity Graph!



The blue graph shows that despite the pandemic and chip crisis, we managed to maintain annual sales at a good level. The orange graph looks quite similar to the hype cycle ^_^, so fingers crossed as it seems to be on an upward trend now!


I can tell you: You don't get rich with this project (at least not yet), but I have fun, and my wife occasionally gets flowers and you get sometimes new hardware designs.


See you soon!

Paul
Categories: TPM

Raspberry 5 and LetsTrust-TPM compatible

Hello Everybody,

Now it is proven!
Raspberry Pi 5 can also handle the LetsTrust-TPM Module!






You will need a stacked header to connect a LetsTrust-TPM Module on a Raspberry Pi 5 with a heatsink!

Bye for now!

Paul
Categories: TPM

Getting Started with the LetsTrust-TPM2Go

Hello Everybody,

here is the short and simple starting guide for the new LetsTrust-TPM2Go USB Stick, (LTT2Go).

1. As before: You need the Hardware itself, actually buyable here:
https://buyzero.de/products/letstrust-tpm2go
(The list will be updated with every new distributor that we can find)

2. Installation of the TSS and the TCTI-device driver
The simple way to archive a running stack with functional LTT2Go is to install the TSS. Like the LetsTrust-TPM for Raspberry Pi, you could easily use the tpm2_install.sh from https://github.com/PaulKissinger/LetsTrust
This script installs all necessary dependencies for the TSS and the tcti-driver for the LTT2Go, also the abrmd and the tpm2-tools will be installed.

3. Test the function of the LTT2Go:

Follow this https://github.com/tpm2-software/tpm2-tss/blob/master/doc/tcti-spi-ltt2go.md short guide and your LTT2Go should working!

4. Reset the LetsTrust-TPM2Go
https://github.com/PaulKissinger/LetsTrust-TPM2Go Here you'll find a short CLI tool to reset the TPM Chip on the LTT2Go. Use this tool for reboots of the host system or during the development phase. Normally there is no reason to reset a TPM while it is booted up.


That was everything for the short starting guide, and probably also for a long version '^__^.

Bye for now!

Paul
Categories: TPM

More Hardware: LetsTrust-TPM2Go

2023 August 8th,

Finally shipped to the stock \o/.

I hope, you will find this USB-Stick useful for your development!

Bye,

Paul

2023 August 2nd,

Update:
Shipment will start next week! \o/

Hello and welcome back,

Today, I would like to introduce my new product: LetsTrust-TPM2Go!

LetsTrust-TPM2Go is a USB 2.0 stick with a built-in TPM. It is designed to be compatible with Linux PCs or single-board computers that have USB-A ports (probably macOS but I could not test it). This product's main purpose is to simplify application development with TPM support. It can also be used if your embedded device is not ready or only has free USB ports on your target device.

Windows 11: LetsTrust-TPM2Go USB Stick is NOT compatible with Microsoft Windows 11 TPM 2.0 requirement!
Windows 10: LetsTrust-TPM2Go is not compatible [1].

Features:
- Infineon Optiga™ SLB 9672 TPM 2.0 FW15.23
- TCG Spec 2.0 Rev. 01.51
- USB 2.0 to SPI Bridge based on CY7C65211A
- Compatible with libusb
- Own USB VendorID/ProductID
- Tested with https://github.com/tpm2-software/
- available TCTI-Driver in tpm2_tss for plug & play usage [2]
- 2 LEDs, one for "USB-RX/TX action" and one connected to a TPM-GPIO for user feedback
- Transparent ABS housing for the PCB
- LetsTrust-TPM2Go was designed, manufactured, and tested in Bavaria, Germany.

Preorders are now open, and you can find LetsTrust-TPM2Go here: https://buyzero.de/products/letstrust-tpm2go

With the promo code TPMDEV2023, you'll get a 7€ discount on the first stick. This code is active till the end of August.


The first batch is manufactured, updated and tested.

The estimated shipment date is the end of July/beginning of August at the latest.
(We are waiting for the updated Vendor ID list on www.usb.org/developers, as this final lists Pi3g as a vendor with the given number, I could finalise the sticks (I want to avoid to scrapping several 1000€s for a potential typo))


usb.org updated the list:
https://usb.org/sites/default/files/usb_vids_080223.pdf

Shipment will start next week! \o/


Bye for now!

Paul


[1] I could interact with these sticks over WSL2 on Windows 10, but without a d-bus and the abrmd only simple commands are functional :-).

[2] https://github.com/tpm2-software/tpm2-tss/blob/master/doc/tcti-spi-ltt2go.md

Continue reading "More Hardware: LetsTrust-TPM2Go "
Categories: TPM

Three useful tools on the Microsoft Store!

Welcome, everyone!

A colleague mentioned last week that you could find three useful tools in the Microsoft Store.




- TPM PCR Calculator 
- TPM 2.0 Parser,
- TPM Return Code Decoder, as well as my personal favourite.

If you are using Windows 10 or 11, you may find this useful:)

Farewell for now!

Paul

tpm.dev mini conf 2022

Hello and welcome back,

I'm really happy to announce the TPM.dev 2022 MiniConf 13. October this year!

You have to register here to get the conference link!


The schedule:

7:00 am Pacific Time / 4:00 pm CEST
The latest and greatest from OPTIGA™️ TPM, SLB9672 and SLB9673, Andreas Fuchs and Paul Kissinger from Infineon Technologies
7:30 am Pacific Time / 4:30 pm CEST
Disk integrity using microkernels and TPM, Sid Hussmann, CTO of Gapfruit, and Stefan Thöni
8:30 am Pacific Time / 5:30 pm CEST
Remote enrollment using sealed keys for Remote Attestation Ernesto Gomez Marin, Researcher at Infineon
9:30 am Pacific Time / 6:30 pm CEST
Remote Attestation of the UEFI Event log using Keylime, Thore Sommer, maintainer of Keylime
10:30 am Pacific Time / 7:30 pm CEST
Maintaining anchors of trust, Michael Richardson known from his RATS work at IETF and other workgroups
11:30 am Pacific Time / 8:30 pm CEST
How OpenSecurityTraining2 will help spread TPM and Trusted Computing awareness, Xeno Kovah, Founder of Open Security Training


I'll be there and you?

Bye for now!

Paul
Categories: TPM

I'm alive! And LetsTrust, too!

Hello Again,

Puhh... over one year no updates on this site... I'm not sooooo Happy about that, but I'm alive!

What has happened in the last 13 months?!

Private:
I quit my main job in February 2022 and this brings some new opportunities to my family and myself and the TPM community.
Why is this important for the TPM community? You'll see this in the near future :-P
Covid:
Official i was four times vaccinated (with: Biontec, Biontec, Moderna, Biontec)
And after that, I got covid and recovered from that shit… I don't want to figure out where I was without the vaccinations.


For LetsTrust:
I could announce that more shops listed the LT-TPM!
With Max, the owner of http://pi3g.com and his shop http://buyzero.de we could manage that five additional shops listed LetsTrust-TPMs. (I'll add some Links in the step list).
So if your SAP/Salesforce/ect. integration don't support buyzero.de, you could use one of this links:

https://www.berrybase.de/

https://www.reichelt.de
https://www.conrad.de
https://www.pollin.de/
https://www.voelkner.de/




And now?
New Chips, other interfaces, completely new ideas around TPMs (Thanks to the http://tpm.dev community for these ideas!)

Additional:
A second website will be come up to collect all other hardware projects, beside of LetsTrust.
(hopefully... I love Hardware too much... so.. I should love my domains and websites a little more ...).

With this new site, some other designs from me get a platform/blog. Not all of my designs are security related so LetsTrust.de is the wrong Place for this. Some of these designs you are able to buy, and some are on my desk and ready to test.



So, now you are up2date,

Bye for now!

Paul