

# **ST19WP18**

# Trusted Platform Module (TPM)

DATA BRIEF

#### **PRODUCT FEATURES**

- SINGLE-CHIP TRUSTED PLATFORM MODULE (TPM)
- EMBEDDED TPM 1.2 FIRMWARE
- FULL TPM SOLUTION WITH COMPLETE TCG COMPLIANT SOFTWARE STACK LAYERS
- 33-MHz LOW PIN COUNT (LPC) INTERFACE V1.1
- COMPLIANT WITH TCG PC CLIENT SPECIFIC TPM IMPLEMENTATION SPECIFICATION (TIS) V1.2
- DEDICATED LPC COMMUNICATION BUFFER FOR TPM COMMANDS HANDLING OPTIMIZATION
- TRUSTED COMPUTING GROUP (TCG)<sup>(1)</sup>
   V1.1B / V1.2 CONFIGURABLE MODE OF OPERATIONS
- ARCHITECTURE BASED ON ST19W SECURE SMARTCARD IC PLATFORM:
  - 1088-bit Modular Arithmetic Processor providing Full support for Asymmetric operations
  - Hardware-based SHA-1 accelerator enabling BIOS related fast hash operations
  - FIPS 140-2 compliant Random Number Generator
  - Active security sensors
- EEPROM-BASED NVM INCLUDING 128 BYTES OF OTP AREA FOR PRODUCTION CONFIGURATION
  - Highly reliable CMOS EEPROM submicron technology
  - 10 year data retention
  - 500,000 Erase/Write cycle endurance
  - Storage for up to 30 keys
- 5 SOFTWARE-CONTROLLED GENERAL PURPOSE I/O (GPIO) PINS

- POWER SAVING MODE
- AVAILABLE IN RECOMMENDED TCG PC CLIENT 1.2 COMPATIBLE TSSOP28
- 3.3V ± 10% POWER SUPPLY VOLTAGE
- 0-70°C OPERATING TEMPERATURE RANGE

Figure 1. Delivery Form



| Function  RSA 1024 bits signature with CRT <sup>(1)</sup> RSA 1024 bits signature without CRT <sup>(2)</sup> RSA 1024 bits signature without CRT <sup>(2)</sup> RSA 1024 bits verification (e='\$10001')  RSA 1024 bits key generation  RSA 2048 bits signature with CRT <sup>(2)</sup> 416 ms |                                                    |                      |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------|----------------------|
| RSA 1024 bits signature without CRT <sup>(2)</sup> RSA 1024 bits signature without CRT <sup>(2)</sup> RSA 1024 bits verification (e='\$10001')  RSA 1024 bits key generation  RSA 1024 bits key generation  1.8 s  RSA 2048 bits signature with CRT <sup>(2)</sup> 416 ms                      | Function                                           | Speed <sup>(1)</sup> |
| RSA 1024 bits verification (e='\$10001') 4 ms RSA 1024 bits key generation 1.8 s RSA 2048 bits signature with CRT <sup>(2)</sup> 416 ms                                                                                                                                                        | RSA 1024 bits signature with CRT <sup>(1)</sup>    | 62 ms                |
| RSA 1024 bits key generation 1.8 s  RSA 2048 bits signature with CRT <sup>(2)</sup> 416 ms                                                                                                                                                                                                     | RSA 1024 bits signature without CRT <sup>(2)</sup> | 206 ms               |
| RSA 2048 bits signature with CRT <sup>(2)</sup> 416 ms                                                                                                                                                                                                                                         | RSA 1024 bits verification (e='\$10001')           | 4 ms                 |
| NOA 2040 bits signature with Civity                                                                                                                                                                                                                                                            | RSA 1024 bits key generation                       | 1.8 s                |
|                                                                                                                                                                                                                                                                                                | RSA 2048 bits signature with CRT <sup>(2)</sup>    | 416 ms               |
| RSA 2048 bits verification (e='\$10001') 66 ms                                                                                                                                                                                                                                                 | RSA 2048 bits verification (e='\$10001')           | 66 ms                |

Typical values, independent of external clock frequency and supply voltage.

May 2004 1/5

<sup>2.</sup> CRT: Chinese Remainder Theorem.

<sup>1.</sup> TCG website: http://www.trustedcomputinggroup.org

## **GENERAL DESCRIPTION**

The ST19WP18 is a cost effective Trusted Platform Module (TPM) solution. The ST19WP18 is designed to provide PC platforms with enhanced security and integrity mechanisms as defined by Trusted Computing Group standards. The product provides full support of TCG v1.1b as well as TCG v1.2 specifications

The ST19WP18 is driven from the Smartcard IC ST19W platform. It is manufactured using the advanced highly reliable STMicroelectronics CMOS EEPROM technology.

The ST19WP18 has an 8-bit CPU architecture and includes the following on-chip memories: User ROM, User RAM and EEPROM with state of the art security features. ROM, RAM and EEPROM memories can be configured into partitions with customized access rules.

The ST19WP18 also includes a Modular Arithmetic Processor (MAP). The 1088 bits architecture of this cryptographic engine allows processing of modular multiplication, squaring and additional calculations up to 2176 bit operands.

The Modular Arithmetic Processor is designed to speed up cryptographic calculations using Public Key Algorithms.

The Secure Hash Accelerator allows fast SHA-1 computation especially well suited for BIOS hash operations during early boot stages.

The ST19WP18 has been specially designed in line with TCG PC Client Specific TPM Implementation Specification (TIS) referring to Intel's LPC Specification revision 1.0.

Figure 2. Block Diagram



2/5

## SOFTWARE DESCRIPTION

#### **Embedded firmware**

The ST19WP18 includes fully compliant TCG v1.1b firmware which supports features like cryptographic key generation, integrity metrics and secure storage. In addition, the product is TCG v1.2 ready and provides support for functions such as Delegation, Transport session and Locality.

This TCG v1.1b / v1.2 compliant firmware uses an optimized and flexible software architecture allowing the integration of Trusted Computing Framework enhancements or implementation of dedicated functions.

#### TCG Software Stack

The ST19WP18 provides complete system software layers, fully compliant with TCG Trusted Software Stack specification.

Microsoft Windows™ 2000/XP operating systems are supported. Please contact ST for a complete list of supported operating systems. The embedded firmware plus additional modules bring OEMs a complete TPM solution for their PC platforms.

The software stack comprises the following modules:

- BIOS Memory Absent driver (MA)
- BIOS Memory Present driver (MP)
- TPM Device Driver (TDD)
- TPM Device Driver Library (TDDL)
- TSS Core Services (TCS)
- TSS Service Provider (TSP)

## Cryptographic infrastructure interface

Secure and trustworthy functions of the ST19WP18 module are made available to applications through cryptographic Application Programming Interfaces (APIs) compliant either to PKCS#11standard or to the MS CAPI specification. An ST19WP18 ready Cryptographic Service Provider (CSP) can then be used to enhance Operating System security policies or applications security plug-ins which take full advantage of the secure TPM functionalities such as sealed storage, key generation, signature and encryption.

Figure 3. Software Layers



# **PIN AND SIGNAL OVERVIEW**

Figure 4. Pinout description

| GPIO1<br>GPIO2<br>IO<br>GND<br>NC<br>GPIO3 | 1<br>2<br>3<br>4<br>5<br>6 |         | 28<br>27<br>26<br>25<br>24<br>23 | LPCPD# SERIRQ LAD0 NC VPS LAD1 |
|--------------------------------------------|----------------------------|---------|----------------------------------|--------------------------------|
| PP                                         | 7                          | TSSOP28 | 22                               | LFRAME#                        |
| NC<br>GPIO4                                | 8<br>9                     |         | 21<br>20                         | LCLK<br>LAD2                   |
| VPS<br>GND                                 | 10<br>11                   |         | 19<br>18                         | NC<br>GND                      |
| NC<br>NC                                   | 12<br>13                   |         | 17<br>16                         | LAD3<br>LRESET#                |
| NC<br>NC                                   | 14                         |         | 15                               | GPIO5/CLKRUN#                  |
|                                            |                            |         |                                  | 1                              |

Table 1. Signal description

| Signal        | Туре  | Description                                                                                                                                                                                                                         |
|---------------|-------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| LAD[3:0]      | Bidir | Multiplexed Command, Address and Data (see LPC Interface Spec)                                                                                                                                                                      |
| LPCPD#        | Input | <b>Power Down</b> indicates that the peripheral should prepare for power to be removed from the LPC i/F devices. Actual power removal is system dependent (see LPC Interface Spec)                                                  |
| LCLK          | Input | Clock Same 33Mhz clock as PCI clock on the host. Same clock phase with typical PCI skew. (see LPC Interface Spec)                                                                                                                   |
| LFRAME#       | Input | <b>Frame</b> indicates start of a new cycle, termination of broken cycle (see LPC Interface Spec)                                                                                                                                   |
| LRESET#       | Input | Reset same as PCI Reset on the host (see LPC Interface Spec)                                                                                                                                                                        |
| SERIRQ        | Bidir | Serialized IRQ is used by TPM to handle interrupt support (see LPC Interface Spec)                                                                                                                                                  |
| GPIO5/CLKRUN# | Bidir | General Purpose IO, weak internal pull-up fully configurable by Software CLKRUN# same as PCI CLKRUN#. Only needed by peripherals that need DMA or bus mastering in a system that can stop the PCI bus (generally in mobile systems) |
| PP            | Input | <b>Physical Presence</b> , active high, internal pull-down. Used to indicate Physical Presence to the TPM                                                                                                                           |
| GPIO[4:1]     | Bidir | General Purpose IOs with weak internal pull-up fully configurable by Software                                                                                                                                                       |
| Ю             | Bidir | Bidirectional IO ISO 7816-2 compliant serial port                                                                                                                                                                                   |
| VPS           | Input | <b>3.3v Power supply</b> . VPS has to be connected to 3.3v DC power rail supplied by the motherboard                                                                                                                                |
| GND           | Input | Zero volts ground reference. GND has to be connected to the main motherboard ground                                                                                                                                                 |

4/5

Information furnished is believed to be accurate and reliable. However, STMicroelectronics assumes no responsibility for the consequences of use of such information nor for any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of STMicroelectronics. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. STMicroelectronics products are not authorized for use as critical components in life support devices or systems without express written approval of STMicroelectronics.

The ST logo is a registered trademark of STMicroelectronics. All other names are the property of their respective owners.

© 2004 STMicroelectronics - All rights reserved BULL CP8 Patents

STMicroelectronics GROUP OF COMPANIES

Australia - Belgium - Brazil - Canada - China - Czech Republic - Finland - France - Germany Hong Kong - India - Israel - Italy - Japan - Malaysia - Malta - Morocco - Singapore Spain - Sweden - Switzerland - United Kingdom - United States

www.st.com

47/