ST ST33TPM12SPI User Manual

SPI based on 32-bit ARM® SecurCore® SC300™ CPU

TSSOP28

VQFN32

Features

TPM features

■ Single-chip Trusted Platform Module (TPM)

■ Compliant with Trusted Computing Group

(TCG) Trusted Platform Module (TPM) Main
specifications 1.2, Level 2, Revision 116

■ Based on TCG PC Client Specific TPM

Interface Specifications 1.21

■ SPI support up to 10 MHz

■ Provisioned with Endorsement key and

Endorsement Key certificate

■ Support of clock suspension for power saving

mode

■ Support of Field Upgrade and Dictionary Attack

protection

■ Monotonic counter endurance guaranteed for

7 years

■ Support of software and hardware physical

presence

Hardware features

■ ARM® SecurCore® SC300™ 32-bit RISC core

■ Highly reliable CMOS EEPROM submicron

technology
– 30-year data retention at 25° C
– 500,000 Erase/Write cycles endurance

typical at 25° C

■ Temperature range: 0°C to +70°C

■ ESD protection up to 4 kV (HBM)

■ 3.3 V supply voltage range

■ 28-lead thin shrink small outline and 32-lead

very thin fine pitch quad flat pack ECOPACK®
packages

ST33TPM12SPI

Trusted Platform Module with

Data brief

Security features

■ Active shield and environmental sensors

■ Memory protection unit (MPU)

■ Monitoring of environmental parameters

(power and clock)

■ Hardware and software protection against fault

injection

■ AIS-31 Class P2 compliant true random

number generator (TRNG)

■ Cryptographic algorithms:

– RSA key generation from 512 to 2048 with

a 2-byte step
– RSA signature and encryption
– SHA-1 and SHA-256
– AES-128 in CTR mode

Performance and resource features

■ SHA1 computation for 64-byte block: 155 µs

■ Signature with a 2048-bit key: 150 ms

■

Signature with a 1024-bit key: 30 ms

■

NV storage allocated space: 4 Kbytes

(a)

(1.2 Kbytes used by EK certificate)

■ Supported 2048-bit key slots:

– up to 10 key slots (without EK and SRK)
– 1 key slot in volatile memory for high-

frequency loading use case

(a)

(a)

a. Typical value with clock configuration in secure mode

without communication time.

April 2012 Doc ID 023143 Rev 1 1/11

For further information contact your local STMicroelectronics sales office.

www.st.com

1

Description ST33TPM12SPI

1 Description

The ST33TPM12SPI is a cost-effective and high performance Trusted Platform Module
(TPM) targeting embedded system applications.

This device implements the functions defined by the Trusted Computing Group
(www.trustedcomputinggroup.org) in the TCG Trusted Platform Module Specifications
version 1.2 Level 2 Revision 116 ([1][2][3]), and is also based on the TCG PC Client specific
TPM interface specifications 1.21 [5] and the PC Client implementation specification for
conventional BIOS [6] for what concerns the TPM internal register list and bit definitions.

The ST33TPM12SPI is based on a secure MCU hardware platform.

The ST33TPM12SPI is built on a 32-bit ARM® reduced instruction set computing (RISC)
processor which provides high cryptographic and general performances. A crypto-processor
NESCRYPT is also present to support efficiently all public key cryptographic algorithms.

1.1 Hardware features

The ST33TPM12SPI is based on a smartcard-class secure MCU that incorporates the most
recent generation of ARM processors for embedded secure systems. Its SecurCore®
SC300™ 32-bit RISC core is built on the Cortex™ M3 core with additional security features
to help to protect against advanced forms of attacks.

Cadenced at 30 MHz, the SC300™ core brings great performance and excellent code
density thanks to the Thumb®-2 instruction set.

The ST33TPM12SPI offers a fast slave serial peripheral interface (SPI) supported by an
embedded hardware communication engine.

The ST33TPM12SPI features hardware accelerators for advanced cryptographic functions.
The EDES peripheral provides a secure DES (Data Encryption Standard) algorithm
implementation, while the NESCRYPT crypto-processor efficiently supports the public key
algorithm.

The ST33TPM12SPI operates in the 0 to +70°C temperature and 3.3V supply voltage
ranges.

In order to meet environmental requirements, ST offers these devices in different grades of
ECOPACK® packages, depending on their level of environmental compliance. ECOPACK®
specifications, grade definitions and device status are available at: www.st.com.

ECOPACK® is an ST trademark.

2/11 Doc ID 023143 Rev 1

ST33TPM12SPI Description

Figure 1. ST33TPM12SPI hardware block diagram

ARM®

SecurCore®

SC300™ CPU

Code/Data

Signature

Clock

Generator

Module

MPU

RAM

EEPROM

CRC

Module

User

ROM

ST ROM

(Boot

software)

ST ROM

Firewall

AHB/APB Internal Bus

I/O Buffer

TIS Engine

SPI

EDES
Accel­erator

RAM

Three

16-bit

timers

Security
Monitor-

ing and
Control

NES-

CRYPT

RAM

True

Random

Number

Generator

RESET

TPMSTB

Multiplexed I/Os

SS

MOSI

MISO

SCLK

PP

MS20046V1

TPMIRQ

Doc ID 023143 Rev 1 3/11

Pin and signal description ST33TPM12SPI

1

2

3

4

5

6

7

8

9

10

11

12

13

14

28

27

26

25

24

23

22

21

20

19

18

17

16

15

NC

NC

NC

GND

NC

NC

PP

NC

NC

VPS

GND

NC

NC
NC

TPMSTB

TPMIRQ

MOSI

NC

VPS

MISO

SS

SCLK

NC

NC

NC

RESET

GND

NC

TSSOP28

1

2

3

4

5
6
7
8

9 1011121314

28 27 26 25

24
23
22
21

20

19

18
17

1615

GND

NC
NC

NC

NC

PP
NC
NC

VPS

GND

NCNCNC

TPMSTB

TPMIRQ

MOSINCVPS

MISO
SS
SCLK

NC

NC

NC

RESET

GND

NC

QFN32

29303132

NC

NC

NC

NC

NC

2 Pin and signal description

2.1 Pinout descriptions

Figure 2. TSSOP28 pinout

Figure 3. VQFN32 pinout

4/11 Doc ID 023143 Rev 1