adam's notes

Trusted Platform Module (TPM)

A trusted platform module (TPM) is a separate processor that provides secure hardware-based storage and cryptographic services as specified by ISO/IEC 11889.

  • is a cryptoprocessor implemented as a module for a discrete computer platform
  • stores encryption keys, hashed passwords, and other user- and platform-identification information.
  • During the boot process, the TPM compares hashes of key system state data (system firmware, boot loader, and OS kernel) to ensure they have not been tampered with
  • TPM can be enabled or disabled and reset via the system setup program
    • possible to manage it from the OS as well

Uses

  • can be used by the OS, processor BIOS, or application (if OS gives access to TPM) to do:
    • Generate private/public key pairs such that the private key never leaves the TPM in plaintext
    • Digitally sign data using a private key stored on the TPM and that never leaves the TPM
      • decreases possibility that key can be stolen by attacker
    • Encrypt data such that it can only be decrypted using the same TPM
    • Verify the state of the machine the TPM is installed on to detect certain forms of tampering
      • e.g. with the BIOS

Private Endorsement Key

  • Each TPM microprocessor is hard coded with a unique, unchangeable key, referred to as the endorsement key
  • fundamental component of a TPM’s security
  • the Private Endorsement Key (PEK) is generated by the TPM manufacturer and burned into the TPM hardware during manufacturing
    • therefor, depends on the security of the TPM manufacturer to ensure that the PEK remains confidential

Versions

  • produced to different version specifications
    • 1.2
      • mostly deprecated
    • 2.0
      • not backward compatible with 1.2

Implementation

  • 3 ways of implementing TPM:
    • Discrete
      • TPM is implemented as a dedicated chip
      • provides tamper resistance and smallest attack surface
    • Integrated
      • TPM is part of a chipset or CPU that performs other functions
      • not tamper resistant and has a broader attack surface
    • Firmware
      • TPM is implemented in the platform’s low-level operating code
      • depends on the secure enclave function of the CPU or chipset to protect the cryptographic material
      • e.g.,
        • Intel’s Platform Trust Technology (PTT)
        • AMD’s fTPM
      • not tamper-resistant and has broadest attack surface

Info

A virtual TPM can be implemented in a hypervisor to provide a service to virtual machines (VMs).

Graph View

Backlinks