z32h320tc - trusted platform module 2 · pdf file4 / 15 z32h320tc signature with a sm2 256-bit...
Post on 18-Mar-2018
221 Views
Preview:
TRANSCRIPT
1 / 15
Z32H320TC
Z32H320TC - Trusted Platform Module 2.0
Preliminary Databook, Revision 1.0, March 2015
2 / 15
Z32H320TC
Revision Changes Date
0.9 Initial Release. December 15, 2012
1.0 Updated Features. March 17, 2015
Revision History
3 / 15
Z32H320TC
1. Features
TPM Features
Single-chip Trusted Platform Module (TPM)
Compliant with Trusted Computing Group (TCG) Trusted Platform Module
(TPM) 2.0 Specification Revision 1.16
Support Chinese cryptographic algorithm suite
GM/T 0002-2012 SM4 Block Cipher Algorithm
CM/T 0003-2012 SM2 Public Key Cryptographic Algorithm SM2 Based on
Elliptic Curves (Part 1,2,3,5)
GM/T 0004-2012 SM3 Cryptographic Hash Algorithm
Based on TCG PC Client Specific TPM interface Specifications 1.21
33 MHz Low Pin Count (LPC) interface v1.1 for Easy PC Interface
Support Flash for TPM firmware and data and Dictionary Attack protection
Hardware Features
Security architecture based on NATIONZ 32bit Security controller family
Highly reliable CMOS eFlash technology
50-year data retention at 25° C
On-Chip Clock Generator
0~70°C Temperature Range
3.3V power supply
28-lead low profile TSSOP Package and QFN32 package
Security Features
Shield layer and Environmental sensors
Memory encryption
GM/T 0005-2012 and NIST SP800-22 compliance true random number generator
(TRNG)
Cryptographic algorithms:
Hardware hash accelerator for multi-hash algorithm (SHA-1, SHA256, SM3)
Hardware Asymmetric accelerator Crypto Engine
RSA key generation to 2048
RSA signature and encryption
ECC/SM2 key generation to 256
ECC/SM2 signature and key exchange
Hardware SM4 in ECB mode
Performance Features
SHA1/SHA256 computation for 1024-byte block: 8 ms
SM3 computation for 1024-bytes block: 8 ms
Signature with a RSA 2048-bit key: 150ms
4 / 15
Z32H320TC
Signature with a SM2 256-bit key: 133ms
2. Overview
The Nationz Z32H320TC Trusted Platform Module (TPM) is an integrated circuit and
software platform that provides computer manufacturers with the core components of
a subsystem used to assure authenticity, integrity and confidentiality in e-commerce
transactions and Internet communications. The Z32H320TC is a complete solution
implementing version 2.0 of Trusted computing group (TCG) specifications, which is
an industry group founded in 2003 by AMD, HP, IBM, Intel, Microsoft and now
including more than 140 companies. For details about the TCG specification please
refer to www.trustedcomputinggroup.org.
The Z32H320TC devices are designed to reduce system boot time and Trusted OS
loading time. They provide a solution for PC security for a wide range of PC
applications.
The Basic principle to realize these issues is to inset a trusted subsystem – called the
“root of trust” – into the PC platform, which is able to extend its trust to other parts of
the whole platform by building a “chain of trust”, where each link extends its trust to
the next one. As a result, the TPM extends its trustworthiness, providing a Trusted PC
for secure transactions. And build in three root of trust:
Platform - Designed to be used by for BIOS/firmware
Privacy - Designed to provide device identity
Security - Designed for user data storage
Offering these features to a system, the TPM can be used in a wide field of
applications, e.g. in a remote access network to authenticate platforms to a server and
vice versa. Concerning e-commerce transactions, contracts can be signed with digital
signatures using the TPM’s asymmetric encryption functionality. Regarding a network
scenario, the client PCs equipped with a TPM are able to report their platform status
to the server so that the network administration is aware of their trustworthiness. In
conclusion, the TPM acting as a service provider to a system helps to make
transactions more secure and trustworthy.
The Figure 1 shows a typical usage mode for Z32H320TC in different level.
In hardware level, connect the LPC hardware interface to the chipset (Intel, AMD,
VIA etc.) on the motherboard directly, this standardized interface is available on lot of
board.
5 / 15
Z32H320TC
In BIOS level, Intel TXT uses a TPM and cryptographic techniques to provide
dynamic root of trust measurements (DRTM) of software and platform components so
that system software as well as local and remote management applications may use
those measurements to make trust decisions. It defends against software-based attacks
aimed at stealing sensitive information by corrupting system and/or BIOS code, or
modifying the platform's configuration.
In pre-boot level, a TPM forms the low-level protected Root of Trust for Windows 8.
The TPM can be a discrete cryptographic processor that is physically attached to the
motherboard or may be an integrated implementation that provides similar security
properties. One of the key capabilities of the TPM is to allow the authoritative
reporting of the software running on the platform. This capability is called TPM-
based attestation. Whit these capabilities base on the TPM, the approach built into
Windows 8 is to measure core OS components (which seldom change) and a specially
vetted driver that is responsible for checking that the system meets policy, commonly
checks for malware.
Figure 1 Typical usage mode
6 / 15
Z32H320TC
In OS level, Windows 8/8.1/10 also makes management of drive-based encryption
easier and more automated, using the BitLocker capability. The TPM stores half of the
key pair required to encrypt and decrypt the drive, with the encryption managed by
the operating system. The key in the TPM is protected against attacks. BitLocker also
uses integrity measurements stored in the TPM, using a TPM feature called
“unsealing” where the TPM will only reveal the disk encryption key if the integrity
measurements have not changed. This ensures that a thief cannot boot into an
attacking utility that extracts the disk encryption key.
In application level, Systems with Windows 8/8.1/10 also can more effectively
manage and protect installed software. Windows Server 2012 automatically
provisions and manages the TPM, which is anticipated to make the TPM significantly
more useful to IT managers. It supports managed boot to prevent malware and to
check system integrity. It also supports using the TPM as a virtual smart card and for
secure certificate storage.
7 / 15
Z32H320TC
3. Technologies Parameter
3.1 Pin and Pin and signal description-TSSOP28
Z32H320TC
NC 1 28 LPCPD#
NC 2 27 SIRQ
NC 3 26 LAD0
GND 4 25 GND
NC 5 24 VDD
NC 6 23 LAD1
PP 7 22 LFRAME#
NC 8 21 LCLK
NC 9 20 LAD2
VDD 10 19 VDD
GND 11 18 GND
NC 12 17 LAD3
NC 13 16 LRESET#
NC 14 15 CLKRUN#
Figure 2 Pin Configuration of the Z32H320TC in TSSOP 28 Package
3.2 Pin Description (TSSOP28)
Table 1 Z32H320TC Chip 28 PIN signal description
Pin Name Pin
Number Type Description
Electrical
Char.
LAD[3:0] 17, 20,
23, 26 Bi
LPC command/address/data
bus PCI 3.3 V
LPCPD# 28 I LPC power down PCI 3.3 V
LCLK 21 I LPC/PCI clock, nominal 33 MHz PCI 3.3 V
LFRAME# 22 I LPC framing signal PCI 3.3 V
LRESET# 16 I LPC/PCI reset PCI 3.3 V
8 / 15
Z32H320TC
SERIRQ 27 Bi Serial interrupt request PCI 3.3 V
CLKRUN# 15 Bi CLKRUN# signal PCI 3.3 V
PP 7 I Physical presence ISO
VDD 10, 19,
24 (supply) 3.3 V power supply
-
GND 4, 11,
18, 25 (supply) Ground
-
NC
1, 2, 3,
5, 6, 8,
9, 12,
13,14
(supply) Not connected internally
-
1) I - input only, O - output only, Bi – bidirectional
9 / 15
Z32H320TC
3.3 Pin and Pin and signal description-QFN32
Z32H320TCQFN32
5mm×5mm
1 NC
2 NC
3 NC
4 NC
5 NC
6 NC
7 NC
8 NC
LAD1 24
LFRAME# 23
LCLK 22
LAD2 21
VDD 20
LAD3 19
LRESET# 18
NC 17
GND 32
NC 31
NC 30
NC 29
NC 28
LAD0 27
GND 26
VDD 25
9 VDD
10 NC
11 GND
12 NC
13 NC
14 NC
15 NC
16 GND
Figure 3 Pin Configuration of the Z32H320TC in QFN32 Package
3.4 Pin Description (QFN32)
Table 2 Z32H320TC Chip 32 PIN QFN signal description
Signal Pin(s) Type Description
VDD 9, 20,25 I 3.3V DC Power Supply
GND 11,16,26,32 I Zero volts
LAD[3:0] 19,21,24,27 BI LPC Command/Address/Data
Bus
LRESET# 18 I LPC/PCI Reset
LCLK 22 I LPC/PCI Clock, Nominal 33
MHz
LFRAME# 23 I LPC Framing Signal
10 / 15
Z32H320TC
NC 1-8,10,12-
15,17,28-31 - No Connect
1) I - input only, O - output only, BI - bidirectional
3.3 System connections
Figure 4 shows the system connections of the Z32H320TC in typical PC
application.
TPM functions are all integrated on-chip. The major elements of theZ32H320TC
interface are:
Host interface based on an LPC bus, with interrupt request.
A physical presence input signal (PP) to indicate owner physical presence.
Figure 4 System Connection Diagram
11 / 15
Z32H320TC
3.5 Package mechanical data
3.51 TSSOP 28
The 28-pin thin shrink small outline package (TSSOP) with 4.4-mm body width.
Figure 5 TSSOP28 Package outline
12 / 15
Z32H320TC
Table 3 TSSOP28 Package mechanical data
SYMBOL Millimeters
MIN NOM MAX
A - - 1.20
A1 0.05 - 0.15
A2 0.90 1.00 1.05
A3 0.34 0.44 0.54
b 0.20 - 0.29
b1 0.19 0.22 0.25
c 0.13 - 0.18
c1 0.12 0.13 0.14
D 9.60 9.70 9.80
E 6.20 6.40 6.60
E1 4.30 4.40 4.50
e 0.55 0.65 0.75
L 0.45 0.60 0.75
L1 1.00REF
L2 0.25BSC
R 0.09 - -
R1 0.09 - -
S 0.20 - -
θ 0° - 8°
θ1 10° 12° 14°
θ2 10° 12° 14°
θ3 10° 12° 14°
θ4 10° 12° 14°
13 / 15
Z32H320TC
3.52 QFN32
The 32-pin Quad Flat No-lead package (QFN) with 5.5-mm body width
Figure 6 QFN32 package outline
14 / 15
Z32H320TC
Table 4 QFN32 Package mechanical data
SYMBOL DIMENSION(mm) DIMENSION(MIL)
MIN. NOM. MAX. MIN. NOM. MAX.
A -- 0.74 0.80 -- 29.1 31.5
A1 0.51 0.53 0.54 20.1 20.9 21.3
A2 0.18 0.21 0.24 7.1 8.3 9.4
b 0.20 0.25 0.30 7.9 9.8 11.8
D 4.95 5.00 5.05 194.9 196.9 198.8
D1 3.45 3.50 3.55 135.8 137.8 139.8
D2 2.90 3.00 3.10 114.2 118.1 122.0
D3 0.20 0.25 0.30 7.9 9.8 11.8
E 4.95 5.00 5.05 194.9 196.9 198.8
E1 3.45 3.50 3.55 135.8 137.8 139.8
E2 2.90 3.00 3.10 114.2 118.1 122.0
E3 0.20 0.25 0.30 7.9 9.8 11.8
e --- 0.50TYP --- --- 19.7TYP ---
L 0.30 0.40 0.50 11.8 15.7 19.7
h 0.15 0.20 0.25 5.9 7.9 9.8
15 / 15
Z32H320TC
Important Notice
Information in this document is provided solely in connection with Nationz products. Nationz Technologies Inc. and its subsidiaries (“Nationz”)
reserve the right to make changes, corrections, modifications or improvements, to this document, and the products and services described herein at
any time, without notice.
All Nationz products are sold pursuant to Nationz’s terms and conditions of sale.
Purchasers are solely responsible for the choice, selection and use of the Nationz products and services described herein, and Nationz assumes no
liability whatsoever relating to the choice, selection or use of the Nationz products and services described herein.
No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted under this document. If any part of this
document refers to any third party products or services it shall not be deemed a license grant by Nationz for the use of such third party products or
services, or any intellectual property contained therein or considered as a warranty covering the use in any manner whatsoever of such third party
products or services or any intellectual property contained therein.
Unless otherwise set forth in Nationz’s terms and conditions of sale Nationz disclaims any express or implied warranty with respect to the
use and/or sale of Nationz products including without limitation implied warranties of merchantability, fitness for a particular purpose
(and their equivalents under the laws of any jurisdiction), or infringement of any patent, copyright or other intellectual property right.
Unless expressly approved in writing by two authorized Nationz representatives, Nationz products are not recommended, authorized or
warranted for use in military, air craft, space, life saving, or life sustaining applications, nor in products or systems where failure or
malfunction may result in personal injury, death, or severe property or environmental damage. Nationz products which are not specified
as "automotive grade" may only be used in automotive applications at user’s own risk.
Resale of Nationz products with provisions different from the statements and/or technical features set forth in this document shall immediately
void any warranty granted by Nationz for the Nationz product or service described herein and shall not create or extend in any manner whatsoever,
any liability of Nationz.
Nationz and the Nationz logo are trademarks or registered trademarks of Nationz in various countries.
Information in this document supersedes and replaces all information previously supplied.
The Nationz logo is a registered trademark of Nationz Technologies Inc. All other names are the property of their respective owners.
© 2013 Nationz Technologies Inc. - All rights reserved
Headquarters
2-7F, Building A, IER of Huazhong University of Science and Technology, #9 Yuexing Ave3, Nanshan District, Shenzhen, 518057, P.R.C
Tel:+86-755-86309900 Fax:+86-755-86169100 E-mail:info@nationz.com.cn
http://www.nationz.com.cn/en/index.aspx
top related