Microsoft announced Windows 11 with new system requirements, including hardware with a TPM 2.0 chip. Altho not all computers, laptops, and tablets come with Trusted Platform Module (TPM), which can be a problem, especially if you need version 2.0.

According to a tweet from Shen Ye, Senior Director, Global Head of HTC Hardware Products, the price of TPM 2.0 has quadrupled, so while Windows 11 isn’t officially available yet, Microsoft has it legitimate, and the name is security.

Securing devices with Infineon industrial grade TPM

Infineon Technologies AG has unveiled a new security chip that defines the first TPM (Trusted Platform Module), designed specifically for industrial applications such as industrial computers, servers, industrial controllers and edge gates. The module protects confidential data in connected devices and reduces the risk of leakage of this information due to attacks, e.g. hackers.

The OPTIGA TPM SLM 9670 module protects the integrity of industrial systems and the identity of users using them. The system controls access to sensitive data at key locations in industrial environments, such as an automated factory. It also protects the cloud interface if the network uses one. The security system fully meets the TPM 2.0 standard developed by the Trusted Computing Group and is certified by an independent test laboratory in accordance with the criteria contained in this standard. The new module is meticulously controlled and certified by Infineon. Thanks to its use, it is possible to shorten the time of designing and introducing the device to the market, thanks to the ready security solution in the system.

The TPM system has a lifetime declared as 20 years. It allows programmers to perform firmware updates, which in turn enables them to meet the long-term security requirements in rapidly changing industrial environments. In this way, it can also reduce maintenance costs of industrial equipment thanks to secured remote software updates. The TPM chip will be available in serial production in the second half of 2019.

TPM 2.0 Key Features

  • Random Number Generator (RNG) according to NIST SP800-90A
  • TPM FW update functionality installed
  • 6962 Bytes of free NV memory
  • Full personalization with Endorsement Key (EK) and EK certificate
  • Up to 3 keys in the volatile memory
  • Up to 7 keys in the NV memory
  • Up to 8 NV counters
  • Support of various cryptographic algorithms:
    • RSA-1024 and RSA-2048
    • SHA-1 and SHA-256
    • ECC NIST P256
    • ECC BN256

Security chip implementation in Industrial IoT devices

With knowledge of latest Industrial IoT security measures, the choice of proper end-point conroller or gateway is much easier than you think. Some manufacturers can implement TPM 2.0 security chip in production process, to allow users to generate certification keys after purchase, maximizing security of their installations. TECHBASE offers wide range of solutions, optionally aided with TPM system.

For example, ESP-32 based solution, Moduino X series and eModGATE series products offer the support for such security measures. Read more in Industrial IoT Ecosystem brochure, to understand the importance of reliable and secure hardware for Industrial IoT.