1. Manuals
  2. Brands
  3. Xilinx Manuals
  4. Motherboard
  5. Zynq-7000
  6. Application note

Zynq 7000 Soc-Tpm Interface - Xilinx Zynq-7000 Application Note

Programmable soc
Hide thumbs Also See for Zynq-7000:
Table of Contents

Advertisement

Zynq 7000 SoC-TPM Interface

Zynq 7000 SoC-TPM Interface
The Zynq-7000 SoC-TPM interface provides the communication between the Zynq-7000 device
and the Infineon OPTIGA SLB9670 TPM. The interface uses commands from a tpm_toolbox. The
tpm_toolbox supports the following categories of commands:
PCR reset
Physical presence
Get capability
TPM startup/activate/physical enable
PCR read/PCR extend
There are multiple commands in each category. A subset of the commands is used in the
reference design. The Zynq-7000 AP SoC connects to the SLB9670 TPM using the SPI bus. The
Zynq-7000 AP SoC contains a hardened SPI IP in the PS and a soft AXI SPI IP in the
programmable logic (PL). The PS SPI is used in the reference design because it saves PL
resources.
Figure 9
shows SPI-TPM functions implemented in the FSBL for the reference design.
X-Ref Target - Figure 9
Calculate
SHA-1
BootROM
CRC
In the measured boot reference design, the FSBL is modified to calculate the SHA-1 of the
BootROM and the FSBL, and then extend the SHA-1 digests into the TPM's PCRs. The SHA-1
values are calculated in sha1.c. Code to take ownership and activate the TPM is in
slb9670_tpm_spi.c. The PCRs are extended in slb9670_spi_tpm.c. Other files added to
fsbl/src include tpm_tools.h, tpm_tools.c, tpm_spi.c, tpm_spi_tis.c, and tpm.h.
Because BootROM code is not accessible by the FSBL, the SHA-1 calculated for the BootROM is
calculated on the cyclic redundancy check (CRC) written by the BootROM code.
The FSBL TPM driver can be encrypted when stored in NVM and then decrypted and run from
OCM. The reason for the FSBL extending the TPM PCRs with early load measurements is to limit
the malicious attacker's time to change the code.
In the Avnet Starter IIoT board, the PS SPI interfaces to the SLB9670 Pmod using an MIO
connection. To drive the pin reset of the TPM, the Zynq-7000 AP SoC hardware design includes
a PS GPIO which is used to drive the TPM reset pin. The ResetTPM function is in main.c.
XAPP1309 (v1.0) March 7, 2017
Calculate
TPM
SHA-1
Take
FSBL
Ownership
Figure 9: FSBL TPM SPI Driver Functional Diagram
www.xilinx.com
TPM
TPM
Activate
Startup
Extend PCR0
Extend
SHA-1
PCR4
BootROM
SHA-1
CRC
FSBL
X18733-020317
11
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Xilinx Zynq-7000

Related Content for Xilinx Zynq-7000

Table of Contents