Preface
Reference
Abbreviations
Contents
Chapter 1: Introduction
1.1 The State of Play
1.2 Objectives
1.3 Trusted Computing Technology
1.4 Benefits of Trusted Computing
1.5 Trust, Instead of Security
1.5.1 Secure Computing
1.5.2 Trusted Computing
1.6 Limitations of Trusted Computing
1.7 Concerns About Trusted Computing
1.8 First Generation Trusted Computing
References
Chapter 2: Futures for Trusted Computing
2.1 Trusted Virtualisation
2.1.1 Privacy Implications of Trusted Virtualisation
2.1.2 Virtualised Trusted Platforms
2.2 Future Trusted Services
2.2.1 Data Deletion
2.2.2 Contracts and Negotiations
2.2.3 Single Sign-On
2.2.4 Trusted Software Agents
2.2.5 What You See Is What You Sign
2.3 Infrastructure Requirements
2.3.1 Public Key Infrastructure
2.3.2 Manufacture
2.3.3 Upgrading TPMs
2.3.4 Upgrading Integrity Metrics
2.3.5 Auditing Trusted Platforms
2.3.6 Discovering Trusted Services
Chapter 3: Basics of Trusted Platforms
3.1 Design Constraints, Requirements, and Motivations
3.1.1 Legacy Platforms, Software and Infrastructure
3.1.2 Out of the Box
3.1.3 Legal
3.1.4 Privacy Constraints
Limitations on Privacy Protection
3.1.5 Disaster Recovery
Physical Presence
Key Recovery
FieldUpgrade
3.2 Conventional Security in Trusted Platforms
3.2.1 High Security
3.2.2 No Global Secrets
3.2.3 Separation of Privilege
3.2.4 Authorisation and Authentication of the Owner and User
3.2.5 Dictionary Attacks
Offline Dictionary Attacks
3.2.6 Cryptographic Algorithms
3.2.7 Isolation of Processes
3.2.8 Certification
TPM Functional Certification
TPM Security Certification
FIPS Certification of TPMs
Common Criteria Certification of TPMs
3.3 Innovations in Trusted Platforms
3.3.1 General Principles
3.3.2 Roots of Trust
3.3.3 Platform Configuration Registers
3.3.4 Authenticated/Measured Boot
3.3.5 Authenticated/Measured Secure Boot
3.3.6 Protected Storage, Data Backup and Recovery
3.3.7 Attestation
3.3.8 Physical Presence and Provisioning Authorisation
Physical Presence for TPMv1.2
Physical Presence for TPM2
3.3.9 Recognising and Identifying a Trusted Platform
Recognising a Trusted Platform
Revocable EKs in TPMv1.2
Revocable EKs in TPM2
Indentifying a Trusted Platform
Direct Anonymous Attestation
3.4 Types of Trusted Platform
3.4.1 Personal Computers
3.4.2 Servers and Data Centres
3.4.3 Mobile Phones
First Generation Trusted Mobile phones
Second Generation Trusted Mobile phones
3.4.4 Appliances
3.5 Trusted Platform Lifecycle
3.5.1 TPM Design
3.5.2 TPM Manufacture
3.5.3 Platform Manufacture
3.5.4 Platform Deployment
On and off
Becoming the TPM´s Owner
Acquiring Trusted Platform Identities
Deployment in Enterprises
3.5.5 Platform Use
3.5.6 Platform Maintenance and Recovery
Data Loss Outside the TPM
TPM Failure
TPMv1.2 Failure During Warranty
TPM2 Failure During Warranty
Human Error
3.5.7 Platform Redeployment
3.5.8 TPM and Platform Revocation
3.5.9 Platform Decommissioning
References
Chapter 4: Trusted Platform Architecture
4.1 Isolation
4.1.1 Isolation Hardware
4.2 Credentials
4.3 Chain of Trust
4.4 Integrity Metrics
4.5 Platform Configuration Registers
4.6 Audit
4.7 Verifying the State of a Trusted Platform
4.8 Trusted Platform Module
4.9 Locality
4.10 Peripherals
4.10.1 Trusted Drives
4.11 TPM Software Interface
4.12 Virtualisation
4.12.1 Hosts of Virtualised Trusted Platforms
4.12.2 Virtualised Trusted Platforms
4.12.3 TPM Virtualisation
References
Chapter 5: TPM2 Requirements
5.1 Controllability and Privacy
5.1.1 Controllability
5.1.2 Privacy
5.2 Protecting the Platform´s Services
5.3 Cryptographic Agility
5.4 The Commercial Environment
5.5 What Works, and What Doesn´t Work
5.6 What´s Unpopular
5.7 Platform Manufacturer Requirements
5.8 Hypervisor and OS Enhancements
5.9 Other Considerations
Reference
Chapter 6: TPM2 Operation
6.1 TPM2 and Its Host Platform
6.2 Using TPM2 Instead of TPMv1.2
Chapter 7: Initialising TPM2
7.1 Manufacture
7.1.1 Providing TPM Endorsement
7.1.2 Providing Platform Credentials
7.1.3 Providing a Trusted Computing Base
7.1.4 TCB Authorisation Requirements
7.1.5 Storing TCB Keys in the TPM
7.1.6 Storing TCB data in the TPM
7.1.7 Provisioning Platform Configuration Registers
7.1.8 Allowing ``Physical Presence´´ Authorisation
7.2 Booting the Platform
7.2.1 Initialising the TPM
7.2.2 Ensuring that the Primary TCB can Manage the TPM
7.2.3 Testing the TPM
7.2.4 Using the TPM to Assist the TCB
7.2.5 Enabling the Customer to Control the TPM via the Primary TCB
7.2.6 Enabling or Disabling Further Access to the TPM
7.3 Recording Platform History in PCRs
7.4 Run-Time Initialisation
7.5 Late Launch Environments
Chapter 8: Managing TPM2
8.1 Obtaining Management Information
8.2 Keeping TPM Data Outside the TPM
8.2.1 Short-Term Cached TPM Data
8.2.2 Long-Term Cached TPM Data
8.3 Dictionary Attacks
8.4 Auditing Commands
8.5 Clock and Timer
8.5.1 Clock Functionality
8.5.2 Timer Functionality
8.6 Platform Shutdown
Chapter 9: Accessing Keys and Data in TPM2
9.1 Names and QualifiedNames
9.2 Session Basics
9.3 HMAC Sessions
9.3.1 Freshness Nonces in HMAC Sessions
9.3.2 Binding and Salting HMAC Sessions
9.3.3 SessionKeys in HMAC Sessions
9.3.4 HMAC Checksums on Commands and Responses
9.3.5 Encrypting Command Parameters and Response Parameters
9.3.6 Auditing HMAC Sessions
9.4 Authorisation Roles
9.5 Authorisation Session Types
9.6 Plain Authorisation
9.6.1 Plain Authorisation Without a Session
9.6.2 Plain Authorisation with HMAC Sessions
9.7 Policy Authorisation
9.7.1 Composing a Policy
9.7.2 Enumerating a Policy
9.7.3 Assigning a Policy
9.7.4 Executing a Policy
Chapter 10: Customer Configuration of TPM2 and Its Host Platform
10.1 Customer Responsibilities
10.2 Provisioning
10.3 Setting up NV Storage
10.4 Assigning Physical Presence Gating to Commands
10.5 Assigning Personal Endorsement Keys
10.6 Assigning Platform Identities
10.6.1 Identities with Some Privacy Risk but Low Complexity
10.6.2 Identities with Intermediate Privacy Risk, but Intermediate Complexity
10.6.3 Identities with No Known Privacy Risk, but Higher Complexity
Reference
Chapter 11: Starting to Use TPM2
11.1 Testing TPM2
11.2 Creating and Obtaining Random Numbers
11.3 Starting a Key Hierarchy
11.4 Populating a Key Hierarchy by Creating Keys
11.5 Populating a Key Hierarchy by Importing Keys
11.6 Making a Key from an External Hierarchy Ready for Use
11.7 Making an External Public Key or Plaintext Key Ready for Use
11.8 Duplicating a Key
11.9 Embedding and Ejecting Keys
11.10 Reading the Public Part of a Loaded Key
11.11 Changing Authorisation Values
11.12 Encrypting and Sealing Data
11.13 Decrypting Data and Unsealing Data
11.14 Signing
11.15 Verifying Signatures
11.16 Obtaining PCR Values
11.17 Certifying Key Creation
11.18 Cross Certification of Keys
11.19 Certifying Sequences of Commands
11.20 Certifying the Usage of Commands
11.21 Certifying TPM Time, Resets, and TPM Firmware Version
11.22 Storing Data in NV Storage
11.23 Certifying NV Storage
11.24 Using TPM2 as an Ordinary Cryptographic Service
Chapter 12: Direct Anonymous Attestation (DAA) in More Depth
12.1 The Concept of General Anonymous Digital Signatures
12.2 The Concept of DAA
12.3 The Setup Algorithm
12.4 The DAA Join Protocol
12.5 The Sign/Verify Protocol
12.6 The Link Algorithm
12.7 Revocation Considerations
12.8 Discussion on DAA Security Levels
References
Chapter 13: Machine Virtualisation, Virtual Machines, and TPMs
13.1 Introduction
13.2 Machine Virtualisation and Security
13.3 Containment and Isolation
13.4 Robust Control and Introspection Point
13.5 Small Code Base
13.6 Examples of Hypervisor-Based Enhanced Security
13.6.1 The TPM and Supporting Machine Virtualisation
13.6.2 Additional Chipset and CPU Hardware Extensions
13.6.3 Machine Virtualisation and Supporting the TPM
13.6.4 Challenges Around TPM and Virtualisation
13.6.5 Summary
References
Index