The company claims that the stack is the first open source TPM middleware that complies with the Software Stack (TSS) Enhanced System API (ESAPI) specification of the Trusted Computing Group (TCG).
Making the TSS ESAPI layer freely available will help ease integration and increase adoption. Infineon funded the development of the ESAPI by Fraunhofer Institute for Secure Information Technology SIT. The ESAPI layer is based on the SAPI layer developed by Intel Corporation. It includes a new layer of API functions to simplify the use and integration of the TPM. It facilitates establishing a connection with the TPM through an application, secured communication between the host CPU and the TPM, and authorization using message authentication codes (HMAC).
Based on the ESAPI layer, the stack includes support for OpenSSL. It can use the Infineon OPTIGA TPM to protect device communication secured with SSL/TLS via a standardised interface by deploying TPM 2.0 as a secured key store for OpenSSL. It thus protects the keys from vulnerabilities like the famous Heartbleed bug.
The TSS stack and ESAPI layer are published under the permissive 2-clause BSD license. The ESAPI has been designed and validated by a wide community to achieve a high level of quality and stability. With industrial and automotive customers in mind, the code was developed using industry standards, continuous integration and testing, a thorough two-person review process, and static code analyzers like clang and Coverity. In addition, the stack was tested and evaluated on Infineon OPTIGA TPM SLB 9670 with the latest TPM specifications. Future enhancements will include support for Cryptsetup/LUKS disk encryption and a version featuring ESAPI support for TPM tools.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.