Documentation
Development BoardsTutorialsCommunity
Start typing to search…

Security

Learn about ALPON X4's VPN and TPM features for enhanced security and protection.

Security

🔒 Security · ALPON X4 · VPN · TPM 2.0

The ALPON X4 ships with multiple hardware and software security layers built in — an always-on VPN tunnel for platform communication and a dedicated TPM 2.0 chip available for your own security needs.

🔐
Built-in VPN

Always-active encrypted tunnel between the ALPON X4 and ALPON Cloud. No configuration required.

🛡️
TPM 2.0 Hardware Security

Infineon SLB 9670 chip for key storage, device authentication, and sensitive operation protection.

🔐 Virtual Private Network (VPN)

Always Active
The built-in VPN is always on and requires no configuration from the user.

The ALPON X4 includes a built-in VPN, which is always active, to ensure secure communication and provide a protected channel for data transfer between the ALPON Edge Computer and the ALPON Cloud platform. It is exclusively used for Sixfab services and cannot be utilized for communication with users' own servers.

ℹ️
Scope The built-in VPN is dedicated exclusively to Sixfab platform services. It is not configurable for use with external or customer-owned servers.

🛡️ Secure Authentication and Private Key with TPM 2.0 IC

The ALPON X4 features a TPM 2.0 (Trusted Platform Module) chip that strengthens security. While the device does not store any data in the TPM by default, customers can leverage this chip for their own security purposes, such as storing encryption keys or enhancing device authentication.

🔬
Installed TPM Module
Infineon Technologies SLB 9670VQ2.0

Designed to enhance secure data processing and system integrity. Communicates with the CM4 via SPI interface on dedicated GPIO pins.

While ALPON X4 doesn't store any data in the TPM by default, users can use it for their own security needs. To use the TPM, you can:

🗝️ Store encryption keys securely.
🪪 Use it for device authentication.
🔒 Safeguard sensitive operations.

Users can fully leverage the security features offered by the TPM by referring to the official documentation of the tpm2-software project.

📖 Official Documentationtpm2-software project →

TPM Pin Connections

The following table lists the connections between the TPM module and the GPIO pins on the product. These connections enable the TPM module to communicate and function properly.

TPM Pin GPIO Pin Description
SCLK GPIO11 Clock signal for SPI communication
SPI_CS GPIO7 Chip Select for SPI communication
SPI_MISO GPIO9 Master In Slave Out (SPI data input)
SPI_MOSI GPIO10 Master Out Slave In (SPI data output)
PIRQ GPIO24 Interrupt request pin for TPM
RST GPIO4 Resets the TPM when the pin is pulled to LOW
💡
The TPM communicates over SPI. Make sure to avoid conflicts with other SPI peripherals that may share GPIO pins on custom expansion boards.

Updated 4 days ago