in September this year I get mail from Luke Hinds, with some questions about the compatibility from LetsTrust-TPMs and RaspberryPis to check if will work for his project.
Now I proudly happy to link to this hilarious Project: keylime.dev
Quote from Keylime.dev:
“Keylime is about making TPM technology accessible for developers and users. It handles the complexity, you drive the use case!”
Thanks to Luke and all contributors of Keylime!
Bye for now,
no I´m not dead, \o/ ,
but the vulnerability ---TPM-fail--- need my highest attention today.
The good news: LetsTrust-TPMs are not affected!
But I'm not a friend of “hiding” information:
The SLB9670 that we used on our PCBs has the same certification levels on Common Criteria EAL4+ and FIPS 140-2 as the fTPM from Intel and the ST33 from STM.
If I get new information of the Chip on our LetsTrust-TPMs, I'll post an update here.
Quote from http://tpm.fail/tpmfail.pdf
Our analysis reveals that Intel fTPM and the dedicated TPM
manufactured by STMicroelectronics leak information about
the secret nonce in elliptic curve signature schemes, which
can lead to efficient recovery of the private key. As discussed
in Section 6, we also observe non-constant-time behavior by
the TPM manufactured by Infineon which does not appear
to expose an exploitable vulnerability.
Bye for now
CVE-2019-11090 and impacts Intel's Platform Trust Technology (PTT).
CVE-2019-16863 and impacts the ST33 TPM chip made by STMicroelectronics.
Hello TPM friends,
after more than 18 months of work, compiling, testing, tears, blood...
Now you find the dto in the newest raspbian image, per default.
To activate the TPM on your Raspberry Pi you need only these simple commands:
sudo apt-get update
sudo apt-get upgrade
sudo nano /boot/config.txt
// and activate SPI with uncomment
// and load the TPM device tree overlay with
// save the config.txt
// after the reboot
// if you own a LetsTrust-TPM and plug it in the right way, you will get /dev/tpm0 in yellow letters
Thanks to all supportes
Bye for now!
Hello and welcome!
I´m really proud to introduce the new way to get your LetsTrust-TPM working with your Raspberry Pi!
Till the next Stretch update from the RasPi Foundation the way will be:
Open a (whatever) term on your Pi.
Run a "sudo rpi-update"
Open the /boot/config.txt with "sudo nano /boot/config.txt"
and activate SPI with uncomment
and load the TPM device tree overlay with
Plug your LetsTrust-TPM onto the right pins and reboot your Raspberry Pi
Open a (whatever) term on your Pi and type "ls /dev/tpm0" and
/dev/tpm0 will appear in yellow letters!
Be happy about your success!
Huge thanks to a friend of mine an ex colleague: Peter Hüwe.
He found this smart solution 
for the Pull Request issues 
Thank you Phil Elwell for evaluation, identifying problems and finally merging the PR 
Bye for now!
I´ve pached again, the new Raspbian Stretch image with Kernel 4.14.81
and TPM support \o/
This Image is tested on:
- RaspiPi 0W
- RaspiPi 2b
- RaspiPi 3b
- RaspiPi 3b+
Image (~1.04 GB)
(~1.7 GB) Checksum md5
Bye for now!