Trusted Platform Module Basics
This page intentionally left blank
Trusted Platform Module Basics
Using TPM in Embedded Systems
by Steven Kinney
AMSTERDAM • BOSTON • HEIDELBERG • LONDON
• NEW YORK • OXFORD • PARIS • SAN DIEGO
• SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO
Newness is an imprint of Elsevier
This eBook does not include ancillary media that was packaged with
the printed version of the book
Newnes is an imprint of Elsevier
30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
Linacre House, Jordan Hill, Oxford OX2 8DP, UK
Copyright © 2006, Elsevier Inc. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means, electronic, mechanical, photocopying, recording, or otherwise,
without the prior written permission of the publisher.
Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in
Oxford, UK: phone: (⫹44) 1865 843830, fax: (⫹44) 1865 853333, E-mail: HYPERLINK
"mailto:permissions@elsevier.com" permissions@elsevier.com. You may also complete your
request on-line via the Elsevier homepage (http://elsevier.com), by selecting “Support & Contact”
then “Copyright and Permission” and then “Obtaining Permissions.”
Recognizing the importance of preserving what has been written, Elsevier prints its books on
acid-free paper whenever possible.
Library of Congress Cataloging-in-Publication Data
Kinney, Steven.
Trusted platform module basics : using TPM in embedded systems / by Steven Kinney.
p.
cm.
Includes bibliographical references and index.
ISBN-13: 978-0-7506-7960-2
ISBN-10: 0-7506-7960-3
1. Embedded computer systems. 2. Computer security. 3. Data encryption
(Computer science) I. Title.
TK7895.E42K56 2006
005.8—dc22
2006018308
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN 13: 978-0-7506-7960-2
ISBN: 0-7506-7960-3
For information on all Newnes publications visit our Web site at
www.books.elsevier.com
06 07 08 09 10 10 9 8 7 6 5 4 3 2 1
Typeset by Charon Tec Ltd, Chennai, India
www.charontec.com
Printed in the United States of America
Contents
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Chapter 1: TCG Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 The Trusted Computing Group . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 The TCG Specification Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3 The PC Specific Specification and the Embedded Design . . . . . . . 2
1.4 The TSS Specification Version 1.1 . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 2: Cryptographic Basics . . . . . . . . . . . . . . . . . . . . . . . . 11
2.1 The Symmetric and Asymmetric Keys . . . . . . . . . . . . . . . . . . . . 11
2.2 Using RSA to Encrypt Private Information . . . . . . . . . . . . . . . . 14
2.3 Using RSA to Sign and Verify Signatures . . . . . . . . . . . . . . . . . 16
Chapter 3: Overview of the TPM Architecture . . . . . . . . . . . . 21
3.1 The TPM CPU or Microcontroller . . . . . . . . . . . . . . . . . . . . . 21
3.2 Asymmetric Functional Block Requirements . . . . . . . . . . . . . . . 22
3.3 TPM Memory Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4 Platform Configuration Registers . . . . . . . . . . . . . . . . . . . . . . . 26
3.5 Hardware Power Management and Tamper Circuitry . . . . . . . . 27
3.6 The TPM, System-on-a-Chip . . . . . . . . . . . . . . . . . . . . . . . . . 28
Chapter 4: Root-of-Trust—the TPM Endorsement Key . . . . . . 31
4.1 Root-of-Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.2 The Endorsement Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.3 X509 Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.4 Security and the EK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Chapter 5: Key Hierarchy and Key Management . . . . . . . . . . 39
5.1 TPM-Specific Key Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.2 Types of Keys Found within the TPM . . . . . . . . . . . . . . . . . . . . 40
vi
Contents
5.3 Typical PC-Based Key Hierarchy . . . . . . . . . . . . . . . . . . . . . . 42
5.4 Key Flags and Their Meaning . . . . . . . . . . . . . . . . . . . . . . . . 44
5.5 Key Cryptographic Algorithm Definition . . . . . . . . . . . . . . . . 46
5.6 Putting It All Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.7 Key Migration and Archiving . . . . . . . . . . . . . . . . . . . . . . . . 50
Chapter 6: Platform Configuration Registers . . . . . . . . . . . . . 53
6.1 What in the World Is a Platform Configuration Register? . . . . . 53
6.2 How PCR Values Are Initialized . . . . . . . . . . . . . . . . . . . . . . 57
6.3 How PCRs Govern TPM Command Execution . . . . . . . . . . . 61
6.4 Other PCR Tidbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Chapter 7: TPM Command Message Overview . . . . . . . . . . . . 65
7.1 Non-authorized TPM Command Messages . . . . . . . . . . . . . . . 65
7.2 Single Authorized TPM Command Messages . . . . . . . . . . . . . 67
7.3 Dual Authorized TPM Command Messages . . . . . . . . . . . . . . 69
Chapter 8: Rolling Nonces and Anti-replay Protection . . . . . . 73
Chapter 9: Command Authorization, Typical . . . . . . . . . . . . . . 83
9.1 TPM Authorization Overview . . . . . . . . . . . . . . . . . . . . . . . . 83
9.2 The TPM Authorization Input/Output Block(s) . . . . . . . . . . . 84
9.3 Types of Command Authorization(s) . . . . . . . . . . . . . . . . . . . 86
9.4 Object Independent Authorization Protocol . . . . . . . . . . . . . . 88
9.5 Calculating the Authorization Digest . . . . . . . . . . . . . . . . . . . 90
9.6 Object Specific Authorization Protocol . . . . . . . . . . . . . . . . . . 95
9.7 Command Authorization Examples, Typical . . . . . . . . . . . . . 100
Chapter 10: Command Authorization, Atypical . . . . . . . . . . 117
10.1 Exception Case, the Deffered Authorization Protocol . . . . . . . 117
10.2 Exception Case, Non-authorized Command Execution of
Normally Authorized Commands . . . . . . . . . . . . . . . . . . . . . 123
10.3 Exception Case, the EncAuth . . . . . . . . . . . . . . . . . . . . . . . . 129
Contents
vii
Chapter 11: Initialization and Low-Level Command Suite . . 133
11.1 Determining TPM Compliance State . . . . . . . . . . . . . . . . . . 133
11.2 TPM Initialization Regarding Compliance State . . . . . . . . . 135
11.3 The Compliance Endorsement Key . . . . . . . . . . . . . . . . . . . . 137
Chapter 12: Compliance Vectors and Their Purpose . . . . . . . 139
12.1 The Compliance RSA Keying Material . . . . . . . . . . . . . . . . . 139
12.2 The Compliance Nonces, Secrets, and Random Numbers . . . . 143
12.3 The Compliance PCR Digest Values . . . . . . . . . . . . . . . . . . . 145
Chapter 13: Establishing a TPM Owner . . . . . . . . . . . . . . . . . 149
13.1 The TPM_CreateEndorsementKeyPair Command . . . . . . . . 149
13.2 The TPM_ReadPubek Command . . . . . . . . . . . . . . . . . . . . 154
13.3 The TPM_TakeOwnership Command . . . . . . . . . . . . . . . . . 156
Chapter 14: Owner-Authorized Command Suite . . . . . . . . . 167
14.1 The TPM_GetCapabilityOwner . . . . . . . . . . . . . . . . . . . . . 168
14.2 The TPM_DisablePubekRead . . . . . . . . . . . . . . . . . . . . . . . 173
14.3 The TPM_OwnerReadPubek . . . . . . . . . . . . . . . . . . . . . . . 175
14.4 The TPM_OwnerClear . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
14.5 The TPM_DisableOwnerClear . . . . . . . . . . . . . . . . . . . . . . 178
14.6 The TPM_OwnerSetDisable . . . . . . . . . . . . . . . . . . . . . . . . 179
14.7 The TPM_ChangeAuthOwner . . . . . . . . . . . . . . . . . . . . . . 179
14.8 The TPM_AuthorizeMigrationKey . . . . . . . . . . . . . . . . . . . 182
Chapter 15: The Key Management Command Suite . . . . . . . 187
15.1 The TPM_CreateWrapKey Command . . . . . . . . . . . . . . . . . 188
15.2 The TPM_LoadKey Command . . . . . . . . . . . . . . . . . . . . . . 199
15.3 The TPM_EvictKey Command . . . . . . . . . . . . . . . . . . . . . . 202
15.4 The TPM_GetPubKey Command . . . . . . . . . . . . . . . . . . . . 203
Chapter 16: The RSA Encryption and Decryption
Command Suite . . . . . . . . . . . . . . . . . . . . . . . . . . 207
16.1 The TSS_Bind or Tspi_Data_Bind (TSS Specification) . . . . 208
16.2 The TPM_UnBind Command . . . . . . . . . . . . . . . . . . . . . . 212
16.3 The TPM_Seal Command . . . . . . . . . . . . . . . . . . . . . . . . . 214
16.4 The TPM_UnSeal Command . . . . . . . . . . . . . . . . . . . . . . . 218