HoneyComb LX2 TPM2 Module


I want to use the LX2 as a storage server in my homelab because it looks like a really cool low power, high connectivity board, but I still have a question regarding full disk encryption with a TPM/HSM module to save the LUKS key:

I read in the developer documentation block diagram that there is a GPIO header. Does this header also include SPI and/or I2C interfaces?

Most TPM modules that are specific to the raspberry pi use either i2c and generic GPIO Pins (e.g. Zymkey 4) or SPI Pins (e.g. LetsTrust TPM).

Zymbit Zymkey 4: ZYMBIT - ZYMKEY4, Essential Security for Raspberry Pi
LetsTrust TPM: https://buyzero.de/en/products/letstrust-hardware-tpm-trusted-platform-module

I couldn’t find anything in the developer documentation or here, so If anyone else already has a TPM module running it would be very helpful.

We currently don’t have much testing or support for a hardware based TPM solution. There are unpopulated I2C headers on the CEX7 module that could be used to add a hardware based TPM solution. We have worked with NXP on supporting TPM2.0 via optee-os and a software based TPM solution. This was work originally started by Microsoft for the iMX lineup of SOCs.

Thanks for the reply.

With “CEX7 module” you mean the LX2160A daughter board, right?

I2C headers would be enough for me to buy one and give it a try :slight_smile:

In general I would recommend you user the J2 header. This is the I2C bus that can be restricted to only be accessible from Secure World. This has the RTC and eeprom for UEFI secure variable storage on it already.

1 Like