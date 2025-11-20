Note fTMP over OP-TEE is supported on BlueField DPUs only on host OS Ubuntu 22.04 or Oracle Linux.

The Trusted Computing Group (TCG) is responsible for the specifications governing the trusted platform module (TPM). In many systems, the TPM provides integrity measurements, health checks and authentication services.

Attributes of a TPM:

Support for bulk (symmetric) encryption in the platform

High quality random numbers

Cryptographic services

Protected persistent store for small amounts of data, sticky bits, monotonic counters, and extendible registers

Protected pseudo-persistent store for unlimited amounts of keys and data

Extensive choice of authorization methods to access protected keys and data

Platform identities

Support for platform privacy

Signing and verifying digital signatures

Certifying the properties of keys and data

Auditing the usage of keys and data

With TPM 2.0., the TCG creates a library specification describing all the commands or features that could be implemented and may be necessary in servers, laptops, or embedded systems. Each platform can select the features needed and the level of security or assurance required. This flexibility allows the newest TPMs to be applied to many embedded applications.

Firmware TPM (fTPM) is implemented in protected software. The code runs on the main CPU so that a separate chip is not required. While running like any other program, the code is in a protected execution environment called a trusted execution environment (TEE) which is separate from the rest of the programs running on the CPU. By doing this, secrets (e.g., private keys perhaps needed by the TPM but should not be accessed by others) can be kept in the TEE creating a more secure environment.

Info fTPM provides similar functionality to a chip-based TPM, but does not require extra hardware. It complies with the official TCG reference implementation of the TPM 2.0 specification . The source code of this implementation is located here.

Info fTPM fully supports TPM2 Tools and the TCG TPM2 Software Stack (TSS).

Characteristics of an fTPM: