Use of TPM chip for RNG?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Jul 5 10:24:45 EDT 2006
Ben Laurie <ben at algroup.co.uk> writes:
>So ... where are these rebadged smartcards deployed? Who rebadges them?
System integrators usually. The way it works is that the company that fabs
the devices (typically Atmel, STMicroelectronics, or Infineon) create the
silicon. Then a second-level vendor (say, Gemplus) load their firmware into
the basic device and bond out the serial lines (ISO 7816) or USB lines (USB
key) and then it's a GemSAFE card or a USB token (OK, Gemplus don't do USB
tokens, but you know what I mean). Some companies (e.g. Infineon) do both
steps themselves.
For the TPM, you bond out the LPC lines instead of the USB or serial ones, and
load TPM firmware instead of smart-card firmware.
I'm simplifying that somewhat in that there isn't one single device into which
you load one set of firmware and it's a TPM and another set of firmware and
it's a smart card. Smart cards and TPMs are part of the same family of
devices, where you might have 20 variants on the same basic device with 18 of
the variants targeted for smart-card use and 2 targeted for TPM use. Look at
Atmel's SecureAVRs for an example, there's a whole shopping-list of variations
on that (ROM/RAM/EEPROM/with or without bignum accelerator/etc), and some of
the shopping-list entries are targeted at TPM. But under the hood the
97SCwhatever TPM is a 90SC-family SecureAVR with different firmware. Same
with STM's ST19something smart card vs. ST19something-else TPM, and Infineon's
SLE66CX smart card vs. SLE66CX TPM - they're just smart cards with clever
marketing.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list