arturkow2
commented
5 months ago Due to problems with implementation unique identification, we have to postpone the point find and obtain enough bits of unique data identifying the platform.
For now I created https://github.com/Dasharo/twpm-firmware/pull/7 which allows to set unique value in the firmware, this is a temporary workaround.
Most of information from the attempt is described here, but I'm going to summarize what we tried and what we might do in the future.
We tried to implement PUF (Physically Uncloneable Function), details of PUF implementation are described in the link I provided above. Unfortunately, PUF turned out to be unstable, making it impossible to obtain unique ID. Future plans may involve locating the cause for PUF instability and fixing it, evaluating other PUF techniques, or evaluating other methods. One of methods discussed before was usage of the encrypted bitstream feature, so that unique ID could be hidden in the bitstream itself. However, this requires the bitstream encryption key to be programmed into OTP which is an irreversible operation. Open-source toolchain currently does not support OTP programming, so reliance on encrypted bitstream would require users to use Diamond and one of Diamond-supported JTAG probes. Lattice provides documentation which could be used to implement OTP programming, however doing that requires massive effort. If OTP becomes supported by Trellis, encrypted bitstream method could re-evaluated.
Each TPM has to be uniquely identifiable. This uniqueness is used e.g. to create primary seeds which are used to derive primary keys for various hierarchies. Random number generator is also included in this task - unique registers (with e.g. serial numbers) and RNG engines are usually specific to the given hardware. FPGA can also be used if any of those isn't available or doesn't have enough entropy on MCU.
Milestones: