seTPM is a research project that implements a TPM on a GlobalPlatform secure element utilizing Java Card technology. The highly flexible architecture of seTPM comprises hybrid support for TPM 1.2 and 2.0 specifications on the same secure element, and to even dynamically load load further native code. Moreover, the architecture allows for adding custom functionalities, optionally using the internal state of the TPM.
For TPM vendors, seTPM reduces efforts when building on an already certified Java Card OS. As an example, seTPM allows to establish trust in embedded IoT platforms by enabling Trusted Computing based functionality.
The prototype we built allows the seamless integration into the Trusted Software Stack (TSS) of Linux-based operating systems. This makes it possible to run Trusted Computing-based security protocols while supplying a similar security level as provided by dedicated TPM chips.
In addition to the seTPM implementation for the secure element, we developed a seTPM Linux kernel driver offering the implemented TPM functionality to user space.