1 / 15

Z32H320TC

Z32H320TC - Trusted Platform Module 2.0

Preliminary Databook, Revision 1.0, March 2015

2 / 15

Z32H320TC

Revision Changes Date

0.9 Initial Release. December 15, 2012

1.0 Updated Features. March 17, 2015

Revision History

3 / 15

Z32H320TC

1. Features

TPM Features

Single-chip Trusted Platform Module (TPM)

Compliant with Trusted Computing Group (TCG) Trusted Platform Module

(TPM) 2.0 Specification Revision 1.16

Support Chinese cryptographic algorithm suite

GM/T 0002-2012 SM4 Block Cipher Algorithm

CM/T 0003-2012 SM2 Public Key Cryptographic Algorithm SM2 Based on

Elliptic Curves (Part 1,2,3,5)

GM/T 0004-2012 SM3 Cryptographic Hash Algorithm

Based on TCG PC Client Specific TPM interface Specifications 1.21

33 MHz Low Pin Count (LPC) interface v1.1 for Easy PC Interface

Support Flash for TPM firmware and data and Dictionary Attack protection

Hardware Features

Security architecture based on NATIONZ 32bit Security controller family

Highly reliable CMOS eFlash technology

50-year data retention at 25° C

On-Chip Clock Generator

0~70°C Temperature Range

3.3V power supply

28-lead low profile TSSOP Package and QFN32 package

Security Features

Shield layer and Environmental sensors

Memory encryption

GM/T 0005-2012 and NIST SP800-22 compliance true random number generator

(TRNG)

Cryptographic algorithms:

Hardware hash accelerator for multi-hash algorithm (SHA-1, SHA256, SM3)

Hardware Asymmetric accelerator Crypto Engine

RSA key generation to 2048

RSA signature and encryption

ECC/SM2 key generation to 256

ECC/SM2 signature and key exchange

Hardware SM4 in ECB mode

Performance Features

SHA1/SHA256 computation for 1024-byte block: 8 ms

SM3 computation for 1024-bytes block: 8 ms

Signature with a RSA 2048-bit key: 150ms

4 / 15

Z32H320TC

Signature with a SM2 256-bit key: 133ms

2. Overview

The Nationz Z32H320TC Trusted Platform Module (TPM) is an integrated circuit and

software platform that provides computer manufacturers with the core components of

a subsystem used to assure authenticity, integrity and confidentiality in e-commerce

transactions and Internet communications. The Z32H320TC is a complete solution

implementing version 2.0 of Trusted computing group (TCG) specifications, which is

an industry group founded in 2003 by AMD, HP, IBM, Intel, Microsoft and now

including more than 140 companies. For details about the TCG specification please

refer to www.trustedcomputinggroup.org.

The Z32H320TC devices are designed to reduce system boot time and Trusted OS

loading time. They provide a solution for PC security for a wide range of PC

applications.

The Basic principle to realize these issues is to inset a trusted subsystem – called the

“root of trust” – into the PC platform, which is able to extend its trust to other parts of

the whole platform by building a “chain of trust”, where each link extends its trust to

the next one. As a result, the TPM extends its trustworthiness, providing a Trusted PC

for secure transactions. And build in three root of trust:

Platform - Designed to be used by for BIOS/firmware

Privacy - Designed to provide device identity

Security - Designed for user data storage

Offering these features to a system, the TPM can be used in a wide field of

applications, e.g. in a remote access network to authenticate platforms to a server and

vice versa. Concerning e-commerce transactions, contracts can be signed with digital

signatures using the TPM’s asymmetric encryption functionality. Regarding a network

scenario, the client PCs equipped with a TPM are able to report their platform status

to the server so that the network administration is aware of their trustworthiness. In

conclusion, the TPM acting as a service provider to a system helps to make

transactions more secure and trustworthy.

The Figure 1 shows a typical usage mode for Z32H320TC in different level.

In hardware level, connect the LPC hardware interface to the chipset (Intel, AMD,

VIA etc.) on the motherboard directly, this standardized interface is available on lot of

board.

5 / 15

Z32H320TC

In BIOS level, Intel TXT uses a TPM and cryptographic techniques to provide

dynamic root of trust measurements (DRTM) of software and platform components so

that system software as well as local and remote management applications may use

those measurements to make trust decisions. It defends against software-based attacks

aimed at stealing sensitive information by corrupting system and/or BIOS code, or

modifying the platform's configuration.

In pre-boot level, a TPM forms the low-level protected Root of Trust for Windows 8.

The TPM can be a discrete cryptographic processor that is physically attached to the

motherboard or may be an integrated implementation that provides similar security

properties. One of the key capabilities of the TPM is to allow the authoritative

reporting of the software running on the platform. This capability is called TPM-

based attestation. Whit these capabilities base on the TPM, the approach built into

Windows 8 is to measure core OS components (which seldom change) and a specially

vetted driver that is responsible for checking that the system meets policy, commonly

checks for malware.

Figure 1 Typical usage mode

6 / 15

Z32H320TC

In OS level, Windows 8/8.1/10 also makes management of drive-based encryption

easier and more automated, using the BitLocker capability. The TPM stores half of the

key pair required to encrypt and decrypt the drive, with the encryption managed by

the operating system. The key in the TPM is protected against attacks. BitLocker also

uses integrity measurements stored in the TPM, using a TPM feature called

“unsealing” where the TPM will only reveal the disk encryption key if the integrity

measurements have not changed. This ensures that a thief cannot boot into an

attacking utility that extracts the disk encryption key.

In application level, Systems with Windows 8/8.1/10 also can more effectively

manage and protect installed software. Windows Server 2012 automatically

provisions and manages the TPM, which is anticipated to make the TPM significantly

more useful to IT managers. It supports managed boot to prevent malware and to

check system integrity. It also supports using the TPM as a virtual smart card and for

secure certificate storage.

7 / 15

Z32H320TC

3. Technologies Parameter

3.1 Pin and Pin and signal description-TSSOP28

Z32H320TC

NC 1 28 LPCPD#

NC 2 27 SIRQ

NC 3 26 LAD0

GND 4 25 GND

NC 5 24 VDD

NC 6 23 LAD1

PP 7 22 LFRAME#

NC 8 21 LCLK

NC 9 20 LAD2

VDD 10 19 VDD

GND 11 18 GND

NC 12 17 LAD3

NC 13 16 LRESET#

NC 14 15 CLKRUN#

Figure 2 Pin Configuration of the Z32H320TC in TSSOP 28 Package

3.2 Pin Description (TSSOP28)

Table 1 Z32H320TC Chip 28 PIN signal description

Pin Name Pin

Number Type Description

Electrical

Char.

LAD[3:0] 17, 20,

23, 26 Bi

LPC command/address/data

bus PCI 3.3 V

LPCPD# 28 I LPC power down PCI 3.3 V

LCLK 21 I LPC/PCI clock, nominal 33 MHz PCI 3.3 V

LFRAME# 22 I LPC framing signal PCI 3.3 V

LRESET# 16 I LPC/PCI reset PCI 3.3 V

8 / 15

Z32H320TC

SERIRQ 27 Bi Serial interrupt request PCI 3.3 V

CLKRUN# 15 Bi CLKRUN# signal PCI 3.3 V

PP 7 I Physical presence ISO

VDD 10, 19,

24 (supply) 3.3 V power supply

-

GND 4, 11,

18, 25 (supply) Ground

-

NC

1, 2, 3,

5, 6, 8,

9, 12,

13,14

(supply) Not connected internally

-

1) I - input only, O - output only, Bi – bidirectional

9 / 15

Z32H320TC

3.3 Pin and Pin and signal description-QFN32

Z32H320TCQFN32

5mm×5mm

1 NC

2 NC

3 NC

4 NC

5 NC

6 NC

7 NC

8 NC

LAD1 24

LFRAME# 23

LCLK 22

LAD2 21

VDD 20

LAD3 19

LRESET# 18

NC 17

GND 32

NC 31

NC 30

NC 29

NC 28

LAD0 27

GND 26

VDD 25

9 VDD

10 NC

11 GND

12 NC

13 NC

14 NC

15 NC

16 GND

Figure 3 Pin Configuration of the Z32H320TC in QFN32 Package

3.4 Pin Description (QFN32)

Table 2 Z32H320TC Chip 32 PIN QFN signal description

Signal Pin(s) Type Description

VDD 9, 20,25 I 3.3V DC Power Supply

GND 11,16,26,32 I Zero volts

LAD[3:0] 19,21,24,27 BI LPC Command/Address/Data

Bus

LRESET# 18 I LPC/PCI Reset

LCLK 22 I LPC/PCI Clock, Nominal 33

MHz

LFRAME# 23 I LPC Framing Signal

10 / 15

Z32H320TC

NC 1-8,10,12-

15,17,28-31 - No Connect

1) I - input only, O - output only, BI - bidirectional

3.3 System connections

Figure 4 shows the system connections of the Z32H320TC in typical PC

application.

TPM functions are all integrated on-chip. The major elements of theZ32H320TC

interface are:

Host interface based on an LPC bus, with interrupt request.

A physical presence input signal (PP) to indicate owner physical presence.

Figure 4 System Connection Diagram

11 / 15

Z32H320TC

3.5 Package mechanical data

3.51 TSSOP 28

The 28-pin thin shrink small outline package (TSSOP) with 4.4-mm body width.

Figure 5 TSSOP28 Package outline

12 / 15

Z32H320TC

Table 3 TSSOP28 Package mechanical data

SYMBOL Millimeters

MIN NOM MAX

A - - 1.20

A1 0.05 - 0.15

A2 0.90 1.00 1.05

A3 0.34 0.44 0.54

b 0.20 - 0.29

b1 0.19 0.22 0.25

c 0.13 - 0.18

c1 0.12 0.13 0.14

D 9.60 9.70 9.80

E 6.20 6.40 6.60

E1 4.30 4.40 4.50

e 0.55 0.65 0.75

L 0.45 0.60 0.75

L1 1.00REF

L2 0.25BSC

R 0.09 - -

R1 0.09 - -

S 0.20 - -

θ 0° - 8°

θ1 10° 12° 14°

θ2 10° 12° 14°

θ3 10° 12° 14°

θ4 10° 12° 14°

13 / 15

Z32H320TC

3.52 QFN32

The 32-pin Quad Flat No-lead package (QFN) with 5.5-mm body width

Figure 6 QFN32 package outline

14 / 15

Z32H320TC

Table 4 QFN32 Package mechanical data

SYMBOL DIMENSION(mm) DIMENSION(MIL)

MIN. NOM. MAX. MIN. NOM. MAX.

A -- 0.74 0.80 -- 29.1 31.5

A1 0.51 0.53 0.54 20.1 20.9 21.3

A2 0.18 0.21 0.24 7.1 8.3 9.4

b 0.20 0.25 0.30 7.9 9.8 11.8

D 4.95 5.00 5.05 194.9 196.9 198.8

D1 3.45 3.50 3.55 135.8 137.8 139.8

D2 2.90 3.00 3.10 114.2 118.1 122.0

D3 0.20 0.25 0.30 7.9 9.8 11.8

E 4.95 5.00 5.05 194.9 196.9 198.8

E1 3.45 3.50 3.55 135.8 137.8 139.8

E2 2.90 3.00 3.10 114.2 118.1 122.0

E3 0.20 0.25 0.30 7.9 9.8 11.8

e --- 0.50TYP --- --- 19.7TYP ---

L 0.30 0.40 0.50 11.8 15.7 19.7

h 0.15 0.20 0.25 5.9 7.9 9.8

15 / 15

Z32H320TC

Important Notice

Information in this document is provided solely in connection with Nationz products. Nationz Technologies Inc. and its subsidiaries (“Nationz”)

reserve the right to make changes, corrections, modifications or improvements, to this document, and the products and services described herein at

any time, without notice.

All Nationz products are sold pursuant to Nationz’s terms and conditions of sale.

Purchasers are solely responsible for the choice, selection and use of the Nationz products and services described herein, and Nationz assumes no

liability whatsoever relating to the choice, selection or use of the Nationz products and services described herein.

No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted under this document. If any part of this

document refers to any third party products or services it shall not be deemed a license grant by Nationz for the use of such third party products or

services, or any intellectual property contained therein or considered as a warranty covering the use in any manner whatsoever of such third party

products or services or any intellectual property contained therein.

Unless otherwise set forth in Nationz’s terms and conditions of sale Nationz disclaims any express or implied warranty with respect to the

use and/or sale of Nationz products including without limitation implied warranties of merchantability, fitness for a particular purpose

(and their equivalents under the laws of any jurisdiction), or infringement of any patent, copyright or other intellectual property right.

Unless expressly approved in writing by two authorized Nationz representatives, Nationz products are not recommended, authorized or

warranted for use in military, air craft, space, life saving, or life sustaining applications, nor in products or systems where failure or

malfunction may result in personal injury, death, or severe property or environmental damage. Nationz products which are not specified

as "automotive grade" may only be used in automotive applications at user’s own risk.

Resale of Nationz products with provisions different from the statements and/or technical features set forth in this document shall immediately

void any warranty granted by Nationz for the Nationz product or service described herein and shall not create or extend in any manner whatsoever,

any liability of Nationz.

Nationz and the Nationz logo are trademarks or registered trademarks of Nationz in various countries.

Information in this document supersedes and replaces all information previously supplied.

The Nationz logo is a registered trademark of Nationz Technologies Inc. All other names are the property of their respective owners.

© 2013 Nationz Technologies Inc. - All rights reserved

Headquarters

2-7F, Building A, IER of Huazhong University of Science and Technology, #9 Yuexing Ave3, Nanshan District, Shenzhen, 518057, P.R.C

Tel：+86-755-86309900 Fax：+86-755-86169100 E-mail：info@nationz.com.cn

http://www.nationz.com.cn/en/index.aspx