A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security
Will Arthur, David Challener, Kenneth Goldman
Format: PDF / Kindle (mobi) / ePub
A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security is a straight-forward primer for developers. It shows security and TPM concepts, demonstrating their usage in real applications that the reader can try out.
Simply put, this book is designed to empower and excite the programming community to go out and do cool things with the TPM. The approach is to ramp the reader up quickly and keep their interest. A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security explains security concepts, describes TPM 2.0 architecture, and provides coding examples in parallel beginning with very simple concepts and simple code to highly complex concepts and code.
The book includes access to a live execution environment (secure, hosted virtualization) and real code examples to get readers up and talking to the TPM quickly. The authors then help the users expand on that with real examples of useful apps using the TPM.
integrity. Audit always records both command and response parameters and only audits a successful command. The latter requirement vastly simplifies an implementation.1 This chapter first gives a rationale as to why you may want to audit, then describes the audit types, and finally goes on to the details of the audit mechanism. Why Audit Why would an auditor want a certified list of command and response parameters? This section provides several use cases, from auditing a single command to
external device flexible (Wild Card) policy locality of command NV RAM location passwords PCRs TPM internal state simple assertions and multifactor assertions TPM2_PolicyXXX commands understudy role wild card policy ŠŠF Feature API (FAPI) ASYM_RESTRICTED_SIGNING_KEY ASYM_STORAGE_KEY callback function endorsement key HMAC_KEY NV object ancestor password-handler function path descriptions policy commands profile file Sign command standard policy and authentications
decrypted data “looking funny” to detect alteration. Indeed, by calculating the HMAC of the encrypted message first, the TPM will not even attempt to decrypt it unless it is first determined that the message’s integrity is intact and that it is authentic. Additionally, encryption does not provide evidence that the message was produced recently. That is done with a nonce. Nonce A nonce is a number that is used only once in a cryptographic operation. It provides protection against a replay
ŠnameAlgŠŠŠŠŠŠŠŠŠŠŠŠŠŠŠŠTPMI_ALG_HASHŠŠ =ŠTPM_ALG_SHA256 ŠobjectAttributesŠŠŠŠŠŠ TPMA_OBJECT ŠauthPolicyŠŠŠŠŠŠŠŠŠŠŠŠ TPM2B_DIGEST ŠŠsizeŠŠŠŠŠŠŠŠŠŠŠŠŠŠŠŠŠŠUINT16 ŠŠbufferŠŠŠŠŠŠŠŠŠŠŠŠŠŠŠŠBYTE ŠparametersŠŠŠŠŠŠŠŠŠŠŠŠ TPMU_PUBLIC_PARMS ŠŠeccDetailŠŠŠŠŠŠŠŠŠŠŠŠ TPMS_ECC_PARMS ŠŠ symmetricŠŠŠŠŠŠŠŠŠŠŠŠTPMT_SYM_DEF_OBJECT ŠŠŠŠŠŠŠŠŠŠŠŠŠŠŠŠ For AES example ŠŠŠŠAlgorithmŠŠŠŠŠŠŠŠŠŠ TPMI_ALG_SYM_OBJECTŠŠŠŠ =ŠTPM_ALG_AES ŠŠŠŠkeyBitsŠŠŠŠŠŠŠŠŠŠŠŠ TPMU_SYM_KEY_BITS->TPMI_AES_KEY_BITS
values, the TPM would not release the decryption key, and the hard drive could not be decrypted. These are the steps to seal: Construct the policy, a TPM2_PolicyPCR, specifying the PCR values that must be present at the time of the unseal operation. Use either of the following (similar to TPM 1.2 seal) TPM2_GetRandom() to create the symmetric key external to the TPM TPM2_Create(), specifying the symmetric key and the policy to create the sealed object or (new TPM 2.0 alternative)