Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to Distinguish Between Physical and Virtual TPMs on Ubuntu When Using Infineon TPM 9670 #3449

Open
jayesh0711 opened this issue Jan 8, 2025 · 4 comments
Open

How to Distinguish Between Physical and Virtual TPMs on Ubuntu When Using Infineon TPM 9670 #3449

jayesh0711 opened this issue Jan 8, 2025 · 4 comments

Comments

@jayesh0711
Copy link

jayesh0711 commented Jan 8, 2025
edited
Loading

I'm using an Infineon TPM 9670, connected to my motherboard via jumper wire to a header. While following the Infineon documentation for configuring and querying the TPM on Ubuntu, I'm getting outputs in the terminal but am unsure whether the output refers to a physical TPM (the Infineon TPM 9670) or a virtual TPM. Can you provide guidance on how to distinguish between the two types of TPMs in Ubuntu? Specifically, I want to know if the command outputs relate to the physical TPM or a virtual TPM implementation.

I expect a clear method or tool to identify whether the TPM being queried is a physical TPM (Infineon TPM 9670) or a virtual TPM (e.g., from a software stack). This could involve checking specific device paths, using specific commands to query physical devices, or other methods to distinguish between the two.
@JuergenReppSIT
Copy link
Member

If the tpm tools are installed you can use (IFX == Infineon):

$ tpm2_getcap properties-fixed|grep -A 2 MANU
TPM2_PT_MANUFACTURER:
  raw: 0x49465800
  value: "IFX"

@jayesh0711
Copy link
Author

If the tpm tools are installed you can use (IFX == Infineon):

$ tpm2_getcap properties-fixed|grep -A 2 MANU
TPM2_PT_MANUFACTURER:
  raw: 0x49465800
  value: "IFX"

I ran the command, and the output I am getting is:

jayesh@jayesh-R-D:~$ tpm2_getcap properties-fixed | grep -A 2 MANU
TPM2_PT_MANUFACTURER:
raw: 0x494E5443
value: "INTC"

I was expecting to see 'IFX' in the value, which would indicate the Infineon TPM 9670, but instead, I got 'INTC,' which refers to Intel. Could you please guide me on how to proceed?"

@AndreasFuchsTPM
Copy link
Member

Most of these mainboards should have a BIOS-Setting where you can choose between "discrete TPM" or "physical TPM" versus "integrated TPM" or "firmware TPM".

After switching to the former you should see "IFX" from tpm2_getcap..

@leenaarora18
Copy link

Most of these mainboards should have a BIOS-Setting where you can choose between "discrete TPM" or "physical TPM" versus "integrated TPM" or "firmware TPM".

After switching to the former you should see "IFX" from tpm2_getcap..

We have made the necessary changes in the BIOS settings to switch from "Integrated TPM" / "Firmware fTPM" to "Discrete TPM (dTPM) / Physical TPM." After making this change, the TPM outputs the following:

TPM2_PT_MANUFACTURER:

Raw: 0x49465800
Value: "IFX"
TPM2_PT_VENDOR_STRING_1:

Raw: 0x534C4239
Value: "SLB9"
This confirms that the Infineon 9672 TPM is now detected successfully.

Please let us know how to demonstrate this setup to the customer effectively about usage and practical demonstration of Infineon tpm9670/9672. Is there a specific command or tool we can use to showcase its functionality, or is displaying the above output sufficient for validation?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@AndreasFuchsTPM @JuergenReppSIT @jayesh0711 @leenaarora18