Written by Miloslav Bien, Monday 22 August 2022

TPM chip support is now available on selected Advantech routers. TPM (Trusted Platform Module) is a tamper-resistant hardware chip placed on the PCBA of the router that can store cryptographic keys and then use those keys to encrypt or sign information while a VPN connection used. Storing your cryptographic private keys on a TPM chip brings additional security level to your communication.

TPM 2.0 chip is now available in standard for ICR-44xx product line and optionally also the ICR-2701, ICR-2734, and ICR-2834. 

The TPM 2.0 chip specification:

•    Supports both RSA (1024 or 2048) and ECC (P-256 or P-384) ciphers
•    Has a flash memory that can store more than 50 RSA or ECC keys
•    Is compliant with TCG TPM specifications 2.0
•    Is certified at FIPS 140-2 level 2 and Common Criteria (CC) according to TPM 2.0 PP at EAL4+

For a closer description of how to use this additional security feature on the routers see the Commands and Scripts Application Note that lists the most important tpm2 subcommands. For a detailed description of these subcommands, please take a look at the tpm2 manual pages. The tpm2 commands required to set up the TPM keys usable for an IPSec tunnel are provided in the ICR-44xx Configuration Manual.

When more information is required then contact your Advantech sales representative or your Field Application Engineer.