<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=235929&amp;fmt=gif">

$10M saved by doubling the lifespan of rugged military computers

Hint: TPM 2.0

Do you have a project in mind?

Speak To An Engineer

Upgrading an 11-year old SBC

Project info


Several years ago the Department of Defense (#DoD) required a transition to Microsoft Windows 10 for sophisticated security features as well as improved hardware encryption control via TPM 2.0.

Pentagon

Then a large military prime integrator (Trenton Systems' customer for over 20 years) purchased the MCXT processor board over a decade ago but now needs to meet the new DoD security requirements without replacing their entire infrastructure.

So the goal was crystal clear: add TPM 2.0 to an 11-year old processor board.

More on that later...

Let's first understand TPM and the new security updates.

  • Client: US Military
  • Category: Military

What is TPM?

TPM (Trusted Platform Module) provides for a way to generate and store an encrypted access key at a hardware level for authenticated access to sensitive applications and data.

This private key never leaves the TPM chip and is generally available only to authorized system administrators and enables remote assurance of a system’s security state.

TPM 2.0 image

Why TPM 2.0?

Important security advantages are standard in TPM 2.0 when compared to its predecessor TPM 1.2.

Let's take a closer look.

  • The introduction of new algorithms

According to Microsoft, the update to the Trusted Platform Module allows users greater support for newer algorithms.

For anyone in the SSL Certificate business, that's music to the ears. Due to the increase in computing power and the feasibility of breaking the SHA-1 hash, plans to move away from the outdated technology has been in the works a few years now.

As of late 2017, Microsoft and Google both decided to remove support for SHA-1 and the move to SHA-2 (256 specifically) has been well underway since.

  • Centralized lockout logic - finally!

TPM 1.2 implements a vendor-specific lockout logic. This means that even the same vendor with different TPM models may have different numbers implemented, quite a cumbersome and complicated process.

TPM 2.0 lockout procedure for possible PIN failures is now controlled by Windows!

Microsoft defined TPM 2.0's maximum number of failed attempts at 32 where each single attempt is forgotten after 2 hours. All configured at the OS at the time of taking ownership of the TPM itself. 

Simple!

  • TPM implementation methods

The majority of TPM 1.2 implementation techniques involve soldering the parts to the motherboard. Today we call this the 'discrete TPM implementation' method.

TPM 2.0 offers 2 more options: Integrated and Firmware.

Microsoft explains it best, now you can include a dedicated hardware that's integrated into one or more semiconductor packages alongside, but separate from, other components (Integrated). 

Another option is to run the TPM in firmware in a Trusted Execution mode of a general purpose computation unit.

 

Okay, let's dive into the TPM 2.0 implementation project...

MCXT Light

The military prime integrator approached Trenton Systems about designing a low cost, add-on board that would enable TPM 2.0 on the MCXT processor board which Trenton Systems released over a decade ago.

This would not only meet the DoD security requirement, it will likely double the lifespan of these old (yet fully functional) processor boards and save up to $10M in hardware costs. (testing, labor, NRE, install, etc.)

So, we took an existing product and modified it to fit the customer's needs. Take a look at the mechanical connector diagram:

IOBTPM2

Conclusion

Our military prime customer will be able to plug the new IOBTPM2 into their board and have full TPM 2.0 access on existing hardware that's been in service for over a decade!

The customer saved close to $10M and will receive their final product ahead of schedule.

 

References:

https://docs.microsoft.com/en-us/windows/security/hardware-protection/tpm/tpm-recommendations#why-tpm-20

https://blogs.technet.microsoft.com/dubaisec/2016/07/10/tpm-lockout/

https://support.servertastic.com/knowledgebase/article/deprecation-of-sha-1-and-moving-to-sha-2

  • TMS4711military computer chassis
  • HDB8259 Backplane.png

Contact Us!

Our Engineers are ready to spec your Military Computer.

get in touch
Hardware Revision Control