Hardware components | ||||||
| × | 1 | ||||
 |
| × | 1 | |||
 |
| × | 1 | |||
| × | 1 | ||||
Software apps and online services | ||||||
| ||||||
| ||||||
Back in 2016, I entered the world of embedded security as an external contributor to TPM chip software development at Infineon. It was the start of a fascinating journey – but also the realization that Trusted Platform Modules (TPMs) were practically inaccessible to the broader maker and developer community.
Back then, if you wanted to experiment with TPMs, the options were limited: Evaluation kits required Non-disclosure agreements (NDAs), and chips were only found in €800+ premium devices. Even developers couldn’t buy TPMs through distributors – minimum orders often started at 20, 000 units.
In May 2017, with permission from my employer (an embedded software company in Munich) and Infineon, I launched LetsTrust as a private side project. The goal was clear: build accessible, low-cost, TPM2.0 modules for single-board computers like the Raspberry Pi – all designed, manufactured, and tested in Germany.
Through a lucky coincidence, I met Maximilian Batz, founder of pi3g.com, who became both a manufacturer and distributor for LetsTrust. Thanks to this collaboration, LetsTrust was able to ship modules worldwide – with consistent delivery even during the global chip crisis and pandemic.
🏠 Built to Last – German Engineering & TestingEvery LetsTrust module has been manufactured in southern Germany by a specialized electronics partner near Augsburg.
The very first production runs in 2017 consisted of just 100 modules each, as we initially expected a total worldwide demand of no more than 200–300 units. Only after two years did quarterly batch sizes grow to 300–400 units.
We proudly surpassed the 10, 000-unit milestone in July of this year, 2025
Each module was electrically tested by hand until mid-2023. Once we transitioned from the Infineon SLB 9670 to the newer SLB 9672, we also started updating the firmware on every device – a process that now takes ~30 seconds per unit. To handle this, we converted a 2D plotter into a fully automated test rig (originally a bachelor thesis project from a student of mine) that connects, flashes, and verifies every unit individually.
🔓 Open Schematics & Personal CommitmentFrom the very beginning, LetsTrust’s schematics have been publicly available – embracing the maker community's spirit of openness and transparency.
Unlike many hardware projects, LetsTrust was fully self-funded. There was no crowdfunding campaign or outside investment – just personal belief in the mission to make trusted computing accessible to developers, researchers, and hobbyists alike.
✅ Raspberry Pi 5 CompatibilityThe Raspberry Pi 5 introduces an active cooling system which requires a stacking header for hardware add-ons like the LetsTrust TPM module. On November 8, 2023, we successfully tested LetsTrust with this setup, ensuring seamless compatibility.
Read more: Raspberry Pi 5 and LetsTrust TPM compatible
🔧 Trusted Hardware for Makers, Research, and Industry
LetsTrust modules are used across many domains:
- Makers use them to learn TPM2.0 fundamentals and integrate trusted computing into IoT and embedded prototypes.
- Universities teach trusted computing concepts using LetsTrust. For example, Prof. Ian Oliver (University of Oulu; Nokia Bell-Labs, Finland) expert in secure systems for aerospace, 5G/6G, and medical infrastructure, regularly integrates LetsTrust into coursework and research.
- Industrial users rely on LetsTrust to secure IP and protect data partitions on edge devices. Long-term availability, German manufacturing, and responsive support are key factors in enterprise adoption.
LetsTrust modules work out-of-the-box with widely used TPM2.0 software ecosystems, including:
- tpm2-software – the official open-source TPM2 stack
- wolfTPM – lightweight embedded TPM stack from wolfSSL
cryptsetup& LUKS – for securing Linux partitions with TPM-bound ke
While TPM2 support had already existed in the Linux kernel, enabling it by default on the Raspberry Pi required a deeper change:
To include the TPM drivers in the Raspberry Pi OS image, all kernel TPM-related features needed to be buildable as loadable modules. However, the SecurityFS (SecFS) component wasn't modular at that time.
Turning on SecFS unconditionally increased memory usage by ~200 KB – not ideal for embedded systems like the Raspberry Pi.
Peter Huewe (Linux TPM maintainer) proposed and submitted a patch to make SecFS optional. After approval from the Linux Security subsystem maintainers, this change allowed the Raspberry Pi Foundation to enable all TPM-related drivers and overlays in their default OS image.
I worked closely with Peter, testing the implementation across multiple configurations for days to ensure reliability. Once the change was accepted upstream, TPM support was officially included in the Raspberry Pi OS as of April 14, 2019 – no more manual compilation or custom images needed.
📖 Read more on the LetsTrust blog: "Success!"📖 And: "Mainline!"
Before that point, I had manually built and published weekly custom Raspbian images with precompiled TPM support – just to make it easier for early adopters.
This kernel integration was a turning point that made trusted computing practical for all Raspberry Pi users.
🚀 Expanding the Ecosystem – TPM2Go USB StickIn 2023, we launched LetsTrust TPM2Go, a USB-based TPM module using the Infineon SLB 9672.
This product's main purpose is to simplify application development with TPM support. It can also be used if your embedded device is not ready or only has free USB ports on your target device.
⚠️ Note: LetsTrust-TPM2Go is not compatible with the Windows 11 TPM 2.0 requirement.
🤝 CommunityWe’re grateful for the steady support of developers, researchers, and industry partners over the years. As sales grew, support requests became rare – perhaps because TPM2 usage is becoming more standardized and better documented.
While some clone projects try to imitate LetsTrust, we encourage the community to support original, long-term efforts that prioritize reliability, security, and transparency.
💬 What We’d Love From the Hackster Community:- Share how you use TPM2 in real-world projects- Build and publish TPM-powered prototypes using LetsTrust-TPMs.
- Provide feedback or contribute tooling, tutorials, or integration tips- Help others understand the value of Trusted Computing in embedded systems
Date & Year / Event
2016 / Entry into TPM software development (Infineon)
May 2017 / LetsTrust project officially starts
June 2017 / First production run: 100 units
Apr 14, 2019 / Mainline kernel support, Raspberry Pi OS integration out-of-the-box
2020–2022 / Regular and uninterrupted deliveries during the chip crisis and COVID pandemic
Mid 2023 / Launch of TPM2Go, the world’s first USB-based TPM module
Nov 8, 2023 / Test LetsTrust TPM module compatible with Raspberry Pi 5 with a stacking header
End 2023 / Transition to automated module testing and automated firmware updater
July 2025 / 10, 000 LetsTrust-TPM shipped worldwide
Learn more: https://letstrust.de
Comments