Potential errata in Infineon SLB9670 Trusted Platform Module

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
User19381
Level 1
Level 1
First reply posted First question asked
I am using a SLB9670 TPM (Vendor String: 7.40.2098) module to create a duplicate of a key generated in that same TPM, for the sake of clarity:

- TPM_A: The TPM where I created a key.
- TPM_A_KEY: The key generated in TPM_A that I want to create a duplicate of.
- TPM_B: The TPM where I want to import the duplicate.
- TPM_B_KEY: The ECC P-256 key generated in TPM_B which I want to use to wrap the duplicate create in TPM_A of TPM_A_KEY.

As part of this process, I need to import the public part of TPM_B_KEY in TPM_A, for which I use the LoadExternal TPM command, which allows me to load the external public part (TPM2B_PUBLIC), the private part is set to the empty buffer, TPM_B_KEY has the attributes DECRYPT and RESTRICTED.

In the SLB9670 Module I am unable to do this, I receive a 0x101 error (TPM_RC_FAILURE) and the TPM enters into Failure Mode, unable to process any other commands. In the SLM9670 it works OK, same for Microsoft TPM Simulator, I do not receive any other errors. The TPM2B_PUBLIC structure has no errros, it contains the symmetric algo for wrapping, the public components X and Y...

I am using a HMAC session for the command, but without a session it is also possible to reproduce.

I have also noticed that I am able to import keys with SIGN as the only attribute, but if I try to load it with a session it enters into Failure Mode.

I am able to create the duplicate successfully, import it... with the Microsoft TPM Simulator and also with the SLM9670 (Vendor String: 13.11.4555) module, without any changes in the code.

This all seems quite strange, so I am thinking that perhaps this is an errata or undefined behaviour in the SLB9670 chip, and I was wondering if someone at Infineon would be able to look at this. I can provide TCTI communication traces if required, but I think it should be easy to reproduce, just call LoadExternal with a decrypt/restrict ECC NIST P256 key.

Many thanks for your help.
0 Likes
2 Replies
User19381
Level 1
Level 1
First reply posted First question asked
We are still seeing this issue with this chip and firmware version and I was wondering if anyone was able to reproduce.
0 Likes
Sharath_V
Moderator
Moderator
Moderator
First comment on blog 250 sign-ins 100 replies posted

Thread locked due to inactivity. Please create a new thread in case the problem is not solved.

0 Likes