DesignFirst offers the world's first TPM update service - EnactTrust.
The original concept of EnactTrust emerged during 2017 and involves the largest trade fair for embedded systems - "Embedded World" in Nuremberg, Germany. For the very first time there was a dedicated Trusted Platform Module (TPM) track. Presenters included managers from ARM, OnSemi and other industry leaders. Surprisingly, no one from the five speakers talked about Trusted Computing or mentioned the use of TPM 2.0 modules.
Today, TPM 2.0 modules are used everywhere and we are seeing the rising adoption of TPM 2.0 in embedded systems: EV Chargers, Smart Metering, etc.
In early 2018, DesignFirst was founded. Our company solve the struggles with using hardware security and Trusted Platform Modules.
EnactTrust performs TPM 2.0 updates without manual steps.
- Infineon
- SLB 9672
- SLB 9673
- SLB 9670 (BETA, contact us)
- Nuvoton
- NPCT7xx (Requires approval, contact us)
Contact us at our email.
EnactTrust comes in two flavors:
- Embedded (requires a commercial license, no external dependencies)
- Non-embedded (this open-source version, uses the wolfTPM library)
For example:
- FreeRTOS-based system requires a commercial license. We provid an update component tailored to your system and without external dependencies.
- Linux-based system can use either the open-source variant (here) or purchase the embedded component that requires no external libraries.
We offer update bundles for devices without internet connectivity. Contact us at our email for update bundles tailored to your systems.
Follow these three steps:
- Make sure your build system is set up
sudo apt-get update
sudo apt-get install -y build-essential coreutils bsdmainutils git
sudo apt-get install -y automake libtool libcurl4-openssl-dev libssl-dev
- Install the wolfTPM library
Hashing the update manifest depends on having the wolfssl library
git clone --depth 1 https://github.com/wolfSSL/wolfssl.git
cd wolfssl
./autogen.sh
./configure --enable-wolftpm --disable-examples
make
sudo make install
sudo ldconfig
Now we can install the wolfTPM library
git clone --depth 1 https://github.com/wolfSSL/wolfTPM.git
cd wolfTPM
./autogen.sh
./configure --enable-devtpm --enable-infineon --disable-examples
make
sudo make install
sudo ldconfig
- Build and run EnactTrust
git clone https://github.com/EnactTrust/enact.git
cd enact
make
./sudo enact
By default EnactTrust
works without the need for a user account.
=== EnactTrust TPM Updater === (version 1.0.0)
Starting EnactTrust... Success
Downloading TPM update... Success
TPM update start
TPM update: Extracting...
Found group 00000004
Manifest size is 3245
Data size is 925871
Wrote 3245 bytes to IFXmanifest.bin
Wrote 925871 bytes to IFXdata.bin
Infineon Firmware Update Tool
Mfg IFX (1), Vendor SLB9672, Fw 15.24 (0x4a0a)
Operational mode: Normal TPM operational mode (0x0)
KeyGroupId 0x4, FwCounter 1252 (253 same)
Firmware Update (normal mode):
Firmware Update Complete
=== Success - TPM is updated ===
Do you want an EnactTrust account? (Y/N)
...
=== Account is registered ===
Your EnactTrust API token is sent to [email protected]
=== Important - Reboot the system to finish the update ===
Goodbye
Let us know if you have any issues at our email.
The Linux version of EnactTrust uses:
The embedded
version of EnactTrust uses no external dependencies.
Send us an email with your questions and we will respond. Alternatively, you could also use TPM.dev forum.
DesignFirst OU, Copyright 2025