Building Trust - Use Cases and Implementation of TPM 2.0 in Embedded Linux Systems
- Anna-Lena Marx
- Embedded , Conferences
- May 16, 2025
Artwork by: Sparkelle (Yan) — Licensed under Creative Commons BY-SA 4.0
As embedded systems become increasingly interconnected, the demand for robust platform security and integrity has surged. Trusted Platform Modules (TPM), currently in version 2.0, are becoming increasingly beneficial for enhancing security in embedded systems. TPMs provide hardware-backed mechanisms for critical functions such as random number generation, cryptographic key generation, key binding and data sealing.
This presentation will explore the capabilities of TPM 2.0, focusing on several practical use cases, including:
- Providing a unique and persistent serial number for device identification.
- Supporting secure boot mechanisms to establish a reliable chain of trust.
- Encrypting user data without the need for user passwords.
- Managing application credentials securely.
Additionally, we will discuss the integration of TPM 2.0 within Yocto-based embedded systems and present strategies for automated provisioning, highlighting how these elements work together to enhance overall system security.
Presented at
- Embedded Recipes 2025, Nice, France
Related Posts
How a modern Yocto setup could look like
- Anna-Lena Marx
- November 20, 2022
- Embedded , Conferences
In 2015, we built a sophisticated meeting room information system based on Android Things as a student project. As Android Things was deprecated in 2021, we started to use our Yocto Project experience to develop a maintainable, future proof embedded system.
When setting up a new project from scratch, we focused on proper solutions for
- a maintainable, well supported and patchable build environment for the embedded systems
- version control, reproducible builds and continuous integration
- license management
- a secure and stable update mechanism on image base and
- managing releases The talk aims to show how we build a system that matches our requirements using the Yocto Project, KAS, Gitlab CI, and Mender.io. Besides, we will have a short outlook to the application built in Flutter.
Presented at
- Yocto Project Summit 2022.11, virtual, 2022
- buildingIoT, Munich, 2023
Download original slides (Yocto Project Summit) Download updated slides (buildingIoT)
Read Post
Advanced System Profiling, Tracing and Trace Analysis with Perfetto in Android and Yocto
- Anna-Lena Marx
- October 8, 2024
- Embedded , Conferences
Together with my colleague Stefan Lengfeld.
Tracing is a capable mechanism for deep system analysis and profiling with a minimal overhead. By recording defined system events, in Linux but also Android, tracing can be used to analyze concurrency or latency issues, for example. Android’s systrace tool made it easy to analyze and correlate traces and events due to a graphical UI, in order to help developers identify performance bottlenecks. The successor to this advanced and convenient tool is called Perfetto. It’s available for pure Linux too, and part of Yocto (meta-oe) since Langdale now. In the talk, we’ll have a look into
Read Post
Patching Unpatchable Files
- Anna-Lena Marx
- December 5, 2024
- Embedded , Conferences
In the Yocto world, the .bbappend file is a well-known and documented mechanism for altering recipe files, and an essential part of daily operations. While not common, there are instances where it becomes necessary to modify other file types, such as .inc or .bbclass, which do not offer an equivalent append mechanism. This session will summarize various strategies for effectively handling these file types when patching cannot be avoided.
In my recent presentation at the Yocto Developer Day in Vienna, I mentioned using the KAS patch mechanism for minor modifications to files like .inc or .bbclass, where the Yocto internal overwriting mechanism via .bbappend files does not apply. Initially intended as a helpful side note on how I navigated a few unique situations, this part quickly escalated into the most discussed segment of the talk. Half of the attendees I spoke with found it valuable, while the other half expressed strong objections.
Read Post