Industry-first TPM enables turnkey device identity, remote attestation, and secure supply chain

STMicroelectronics today announced the ST33KTPM-IDevID, a turnkey solution for device authentication and remote attestation. The solution is based on the first TPM device certified to FIPS 140-3 standard, the ST33KTPM2X. The TPM comes pre-provisioned with an initial device ID (DevID) and an initial attestation key (IAK), following the TCG’s “TPM 2.0 Keys for Device Identity and Attestation v1.10” specification.

How does the ST33KTPM-IDevID simplify security integration?

Designers using this secure solution can easily deploy ST-provisioned keys and certificates in their connected products. This turnkey solution not only speeds up design time but also enables secure network integration without the need for secure infrastructure at their manufacturing sites.

Which applications and use cases does it support?

The ST33KTPM-IDevID supports communication via SPI or I²C interfaces. It provides strong asset protection to meet security and regulatory requirements across a wide range of applications, including PCs, servers, network-connected IoT devices, as well as medical, industrial, and critical infrastructure equipment. The products support use cases like device authentication, secure boot, remote attestation, and secure storage with an extended memory of 200k bytes.

What are the main security features and compliance certifications?

How does it reinforce supply chain security?

The ST33KTPM-IDevID comes with bundle files including device leaf certificates for a specific reel that are made available through authenticated download. This improves the supply chain security as the ST33KTPM-IDevID devices can be traced throughout the system production cycle. This also facilitates the loading of leaf certificates in the cloud system before getting access to the physical platforms embedding ST33KTPM-IDevID devices.

When will it be available?

Samples and production volumes are available for order via ST Sales or through distributors from 2026.

Does ST offer customization options?

Upon customer request, ST can support a customer-specific provisioning profile and assign a dedicated certification authority linked to a specific ordering code. In that configuration, ST33KTPM-IDevID devices are offered in either UFQFPN32 package (based on ST33KTPM2X) or in WLCSP24 package (based on ST33KTPM2I).

What support does ST provide for implementation?

ST Authorized Partner WolfSSL provides a comprehensive, compact, and portable software stack for ST33KTPM-IDevID devices.

“The ST33KTPM-IDEVID TPM 2.0 module, preprovisioned with IDevID and IAK, combines seamlessly with wolfTPM to simplify provisioning of device working identities—essential for secure, network-connected operation—as well as streamline development and testing of the crypto stack. wolfSSL’s FIPS 140-3 certified wolfCrypt module pairs perfectly with the similarly certified ST33KTPM-IDEVID, helping OEMs accelerate and simplify their own product certification efforts for use in federal and regulated markets.” said Larry Stefonic, CEO of wolfSSL

Together with wolfSSL’s portable wolfTPM library, featuring standard TPM 2.0 APIs, and CubeMX packs for wolfSSL/wolfCrypt, wolfTPM, wolfSSH, and wolfMQTT, developers gain an integrated, ready-to-deploy solution for trusted security, cryptography, and communication on ST platforms.

Where can I see it in action?

See the live demo at embedded world, 4 - 6 November 2025, Anaheim, California, USA. ST booth # 4015.

Additional resources

• Product page - ST33KTPM-IDevID
• Application note - ST33KTPM-IDevID - Provisioning profile ST1 description
• ST33KTPM: Trusted platform modules for consumer and industrial systems

First published on Oct 27, 2025