Designing an Open-Source Hardware TPM 2.0 Add-on Board for Raspberry Pi in KiCad
This post will walk you through designing an open source hardware TPM 2.0 add-on board for the Raspberry Pi using KiCad. The board is based on the Infineon SLB 9672 TPM 2.0 chip and communicates over SPI. The entire project is open source and hosted on GitHub. I will also cover the manufacturing process, including ordering PCBs and soldering components, as well as setting up the device on Raspberry Pi OS and a custom Yocto-based Linux distribution.
Project Overview
This project started with a need for a small, open source and reliable TPM 2.0 module compatible with Raspberry Pi, most notably with Raspberry Pi 5. I chose the Infineon OPTIGA SLB 9672 TPM 2.0 chip, widely available through distributors like Mouser. The module provides secure key storage and hardware random number generation. The board was designed in KiCad as a compact 2-layer PCB, measuring just 18.4 x 12.9 mm.
Schematics and PCB Design in KiCad
Following the SLB 9672 datasheet, I created a schematic in KiCad with decoupling capacitors placed near the power supply pins, as specified in section 3.1. The SPI lines (MISO, MOSI, and CLK) are routed from the Raspberry Pi?s 40-pin header, and 10k pull-up resistors were added to the chip select, interrupt, and reset lines. After verifying the schematic using the Electrical Rules Checker, I assigned footprints to each component, including the UQFN-32 package for the SLB 9672. Then, in the PCB editor, I defined the board outline, laid out the traces on two layers, and created a hatched ground plane. I included labels on the silkscreen and exported Gerber and drill files, which were used for PCB manufacturing of the prototype.
Soldering the Prototype
Since this was just a prototype, I did not use a solder stencil, which made hand-soldering the SMT parts more challenging. I began by soldering the 0603 capacitors and resistors one by one using fine tweezers and a Weller temperature-controlled soldering iron. For the Infineon SLB 9672 chip in a UQFN-32 package, I carefully tinned the pads with solder, aligned the chip under a magnifying glass, and used a hot plate to reflow it evenly. After reflowing, I inspected all joints closely and fixed a couple of solder bridges. Lastly, I soldered the 2x5 female header that connects the board to the Raspberry Pi 40-pin header, ensuring strong mechanical support and reliable pin contact.
Initial Testing with Raspberry Pi
With the hardware ready, I proceeded to test it using a Raspberry Pi 5. The module connects to the Raspberry Pi via a 10-pin female header. Orientation is important: the module can be mounted vertically or horizontally depending on the header used. Have a look at the video to see it in more details. To enable TPM support, I added dtoverlay=tpm-slb9670 to the Raspberry Pi config.txt file. Although the overlay is for the SLB 9670, it is fully compatible with the SLB 9672 for SPI communication.
Custom Linux Distribution and TPM Tools
Instead of using the typical Raspberry Pi OS, I created a custom Linux distribution using the Yocto Project and OpenEmbedded. This gave me fine-grained control over the kernel and user-space packages. I included the correct device tree overlay and the tpm2-tools utilities. Connecting to the Raspberry Pi via serial console, I verified that the TPM was detected in the kernel logs. Running tpm2_selftest -v and tpm2_gettestresult confirmed the module was working correctly. I also tested the random number generator with tpm2_getrandom --hex 16, which returned valid results.
Final Thoughts and Next Steps
This open source hardware project successfully demonstrates how to design, prototype, and test a TPM 2.0 add-on board using KiCad. With the design working, I plan to produce a panel of boards and use a solder stencil for easier assembly. Future videos will dive deeper into software integration and advanced use cases for the TPM module on Raspberry Pi.
