Building Trust - Use Cases and Implementation of TPM 2.0 in Embedded Linux Systems

Building Trust - Use Cases and Implementation of TPM 2.0 in Embedded Linux Systems

Artwork by: Sparkelle (Yan) — Licensed under Creative Commons BY-SA 4.0

As embedded systems become increasingly interconnected, the demand for robust platform security and integrity has surged. Trusted Platform Modules (TPM), currently in version 2.0, are becoming increasingly beneficial for enhancing security in embedded systems. TPMs provide hardware-backed mechanisms for critical functions such as random number generation, cryptographic key generation, key binding and data sealing.

This presentation will explore the capabilities of TPM 2.0, focusing on several practical use cases, including:

  • Providing a unique and persistent serial number for device identification.
  • Supporting secure boot mechanisms to establish a reliable chain of trust.
  • Encrypting user data without the need for user passwords.
  • Managing application credentials securely.

Additionally, we will discuss the integration of TPM 2.0 within Yocto-based embedded systems and present strategies for automated provisioning, highlighting how these elements work together to enhance overall system security.

Presented at

  • Embedded Recipes 2025, Nice, France

Download slides

Tags :

Related Posts

Advanced System Profiling, Tracing and Trace Analysis with Perfetto in Android and Yocto

Advanced System Profiling, Tracing and Trace Analysis with Perfetto in Android and Yocto

Together with my colleague Stefan Lengfeld.

Tracing is a capable mechanism for deep system analysis and profiling with a minimal overhead. By recording defined system events, in Linux but also Android, tracing can be used to analyze concurrency or latency issues, for example. Android’s systrace tool made it easy to analyze and correlate traces and events due to a graphical UI, in order to help developers identify performance bottlenecks. The successor to this advanced and convenient tool is called Perfetto. It’s available for pure Linux too, and part of Yocto (meta-oe) since Langdale now. In the talk, we’ll have a look into

Read Post
How a modern Yocto setup could look like

How a modern Yocto setup could look like

In 2015, we built a sophisticated meeting room information system based on Android Things as a student project. As Android Things was deprecated in 2021, we started to use our Yocto Project experience to develop a maintainable, future proof embedded system.

Read Post
Raspberry Pi für die professionelle Produktentwicklung - Eine gute Idee?

Raspberry Pi für die professionelle Produktentwicklung - Eine gute Idee?

Maschinen und Geräte durch Vernetzung und Software aufzuwerten ist ein Kerngedanke des IoT. So werden die resultierenden Projekte häufig aus der Fachdomäne mit dem Wunsch nach schnellen und einfachen Erfolgen gestartet. Die Idee liegt dann nahe den beliebten Raspberry Pi als Basis zu nutzen. Das Gerät ist ja bekannt, fast alles wurde schon einmal von irgendwem gemacht und ins Netz gestellt. Klingt fast zu schön, um wahr zu sein - ist es auch aus professioneller Sicht. Die Gründe hierfür und welche Faktoren bei der Entscheidung für eine Hard- und Software-Plattform als Basis für ein IoT Produkt berücksichtigen werden sollten, sind Inhalt des Vortrags.

Read Post