2025-08-28 –, Studio 1
This talk introduces an open-source hardware project focused on the design and integration of a TPM 2.0 add-on board for the Raspberry Pi 5. Built around the Infineon SLB 9672 chip, the board enables trusted computing by securely managing cryptographic keys and supporting features such as disk encryption, device authentication, digital signatures, measured boot and True Hardware Random Number Generator (TRNG),
The board has been designed as a compact two-layer printed circuit board (PCB) using the free and open-source software KiCad and connects via SPI to the Raspberry Pi’s 40-pin header. All hardware design files are published on GitHub under the permissive Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.
Software integration is achieved through a custom Linux distribution built with the Yocto Project and OpenEmbedded, using the community-maintained meta-raspberrypi layer. TPM 2.0 support is provided via the tpm-slb9670.dtbo device tree overlay, which is included in the official Raspberry Pi Linux kernel and is compatible with the SLB 9672 due to its identical SPI interface. The board’s functionality has been verified using TPM2 tools, including self-tests and hardware random number generation.
The talk is appropriate for anyone interested in open source software and hardware development for Raspberry Pi.
This session explores an open-source hardware project that brings Trusted Platform Module (TPM) 2.0 functionality to the Raspberry Pi 5 through a custom-designed add-on board. At the heart of the board is the Infineon SLB 9672, a widely used TPM 2.0 chip that provides hardware-based security features. These include all essential components of a trusted computing environment: secure cryptographic key storage, disk encryption support, digital signatures, device authentication, and measured boot capabilities.
The board is designed as a compact, two-layer printed circuit board (PCB) and was developed using KiCad, a free and open-source electronic design automation (EDA) suite. The board connects to the Raspberry Pi via the standard 40-pin GPIO header using the SPI interface, making it easy to integrate into existing hardware setups. Care was taken to follow the chip’s datasheet and reference designs to ensure electrical reliability and signal integrity. The design files, including schematics and PCB layout, are available on GitHub and released under the permissive Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license, allowing others to study, modify, and reuse the hardware freely.
To bring the hardware to life, we will discuss how to create a custom Linux distribution using the Yocto Project and OpenEmbedded. The image will be built and demonstrated on Raspberry Pi 5, thanks to the meta-raspberrypi Board Support Package (BSP) layer. TPM functionality will be enabled using the tpm-slb9670.dtbo device tree overlay, which is included in the upstream fork of the Linux kernel for Raspberry Pi. Despite being originally intended for the older SLB 9670 chip, the overlay works seamlessly with the SLB 9672 due to their identical SPI interface, making integration straight-forward. The board's operation will be validated using standard TPM2 tools, confirming successful execution of self-tests and generation of hardware-based random numbers, demonstrating that the system meets functional security requirements. We will discuss idea and challenges or using TPM 2.0 in production and software over the air updates.
This session will guide the audience through the complete development process: from hardware design and manufacturing to the software integration of the board into a custom Linux distribution. The talk is intended for a broad audience, including students, hobbyists, and professional engineers interested in hardware development, Raspberry Pi, the Yocto Project and OpenEmbedded.
Leon Anavi is an open source enthusiast and a senior software engineer at Konsulko Group. He is an active contributor to various Yocto/OpenEmbedded meta layers. His professional experience includes web and mobile application development for various platforms as well as porting and maintaining embedded Linux distributions to Raspberry Pi and devices with x86-64, i.MX6, NVIDIA Tegra, RISC-V, Amlogic, Rockchip and Allwinner (aka sunxi) SoC. Leon holds a masters in Information Technology from the Technical University Sofia. His previous speaking experience includes talks about open source software and hardware during events in San Francisco, San Diego, Portland (OR), Hong Kong, Shanghai, Shenzhen, Brussels, Lyon, Berlin, Edinburgh, London, Cambridge, Bratislava, Prague, Sofia and his hometown Plovdiv.