5

I stumbled across this image and something immediately stood out to me. This is a photograph of a discrete TPM card. That silver cylinder on the left is a crystal oscillator, used to tell time with very high precision. At first I thought it must be used as a clock source, but if I recall correctly, TPMs and other tamper-resistant microcontrollers rarely, if ever, use external clock sources in order to make glitching attacks more difficult. What use would a TPM have for accurate timekeeping? If it actually is being used as an external clock source, what is done, if anything, to mitigate clock glitching?

ASUS TPM

EDIT: It seems I was incorrect claiming TPMs never using an external clock. According to the datasheet for SLB9635TT2.0, the LCLK pin provides an external clock typically driven by the PCI bus (normally 1-33 MHz). However, there is no explanation in the datasheet for the oscillator.

forest
  • 64,616
  • 20
  • 206
  • 257

1 Answers1

4

The oscillator is a mandatory component for the TPM system to function.

The TPM module has a 100 kHz SMBus which is synced using that oscillator.

If the TPM board also has a wireless sensor node, that one also gets synced by the same oscillator.

Here's a basic schematic for the Atmel AT97SC3203S-based TPM modules:

enter image description here

Overmind
  • 8,779
  • 3
  • 19
  • 28
  • To expand on this, the reason glitching attacks aren't an issue is because the TPM standard requires active monitoring for environmental anomalies (out-of-spec clock, over/under-voltage, even temperature or radiation extremes). At least according to some other datasheets and product briefs I've just read through. – forest May 26 '18 at 03:12