TCG propels security for embedded, automotive and IoT systems with complete TPM 2.0 Software Stack

Date Published: June, 23, 2020

Beaverton, OR, USA, June 23, 2020 – Security for millions of devices across worldwide markets has been enhanced today as the Trusted Computing Group (TCG) releases its latest specification for the latest Trusted Platform Module (TPM 2.0) technology: the Feature Application Programming Interface (FAPI) standard.

The secure operation of devices in IoT, automotive, embedded and industrial markets is essential to achieve reliability, trustworthiness and resistance to threats. These markets apply a broad range of devices from high-performance multicore ICT systems like cloud servers to small resource-constrained IoT nodes like sensors. The completed TCG TSS Stack standard now supports this wide range of devices making it possible to integrate the TPM 2.0 as a turnkey solution and to achieve interoperability for platform security, network communication and data exchange.

“The FAPI spec is designed to remove the main obstacles to the broader adoption of enhanced security with TPM 2.0 in a wide range of systems,” said Andreas Fuchs, Chair of TCG’s TSS Work Group. ‘By removing the need for programmers to be TPM experts to use the TPM functionalities, more people will be able to apply the significant security benefits provided by TCG certified TPM 2.0 chips. The FAPI specification enables a cost-effective and simplified implementation of the storage, management and processing of cryptographic keys inside the secure boundaries of a TPM chip to enhance the security of devices and even networks.”

The FAPI specification completes the framework of the TPM Software Stack specifications (TSS 2.0). The framework includes low-level specifications like the System API, which enables the usage of the entire set of TPM 2.0 functionalities in resource constraint devices. The addition of FAPI as a high-level specification enables the application of TPM 2.0 in high-performance systems with cost-effective development and the support of multiple users, parallel services, virtualization, Windows- and POSIX-based operating systems like Linux.

The wide range of TPM functionalities such as signing, key storage in hierarchies, authorization, secure time, personalization, lifecycle-management and certificate management will now be accessible for more devices and use cases with the use of the FAPI. It achieves this by providing an automated processing for key storage, default cryptographic configuration for administrators, best-practice provisioning, filesystem integration and process evaluation.

Furthermore, the new JSON Data and Policy Language standard also simplifies the complexity of handling declarative policy language to support the implementation of authorisation policy with a TPM. It will enable complex authorization and policy management for keys with low implementation, validation and management efforts using the standardized JavaScript Object Notation (JSON) data interchange format.

Both new specifications will help to accelerate the implementation of the TPM for a secure digital ecosystem across IoT devices, industries, and markets.

The FAPI standard also enables the usage of TPM 2.0 according to the PKCS#11 interface standard, which provides a generic storage and application of cryptographic keys in an even wider range of applications. These applications are typical security software and protocols, such as SSH, user authentication, identity management, e-mail encryption and signing of documents.

With the addition of FAPI, the now complete TCG Software Stack 2.0 (TSS 2.0) provides a framework with utilities that allows systems and devices across worldwide markets to share the TPM functionalities at both high and low-level. Implementations of the TSS Stack including the FAPI standard are available and are supported by several companies. The full set of TSS standards can be found on the TCG website.

About TCG

TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.  More information is available at the TCG website, www.trustedcomputinggroup.org. Follow TCG on Twitter and on LinkedIn. The organization offers a number of resources for developers and designers at develop.trustedcomputinggroup.org.

Twitter: @TrustedComputin

LinkedIn: https://www.linkedin.com/company/trusted-computing-group/

Join

Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more

Specifications

Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read more