Using a Trusted Platform Module

For secure authentication in communication with external networks, the RevPi Flat features the Infineon OPTIGA™ TPM SLB 9670 Trusted Platform Module.

This module is connected via the SPI interface with a maximum SPI frequency of 1 MHz and meets the requirements of TPM 2.0.

You need free software to be able to use the module. The following packages on Debian-based Linux (Debian, Raspbian, RevPi) are a good choice for you:
tpm_tis_spi.ko: kernel module as driver for Infineon OPTIGA™ TPM SLB9670. The node of the module on the user interface is “/dev/tpmX”, where X is a number allocated according to the ID allocation rule (https://www.kernel.org/doc/html/latest/core-api/idr.html). The source code can be found in the Linux source code “drivers/char/tpm/”.
libtss2-udev: this allows you to identify TPM devices by their properties such as manufacturer or device ID.
libtss2-esys0: these are API layers to support TPM 2.0 modules.
tpm2-tools: these are several tools that allow you to manage and use the TPM 2.0 hardware. This includes, for example, the secure creation, storage and use of RSA keys and the verification of the software status of a platform using cryptographic hashing.

The Revolution Pi repository itself contains the tmp2-tools starting with the image buster. You can install them with “apt-get install tpm2-tools”. On the stretch image, you have to install it manually with the binary program (e.g. Debian package) from a trusted source or build it yourself from the source code.

The source code of the above components is available here: https://github.com/tpm2-software

Further information about TPM 2.0 can be found here: https://trustedcomputinggroup.org/resource/tpm-library-specification/