第1页 / 共368页
第2页 / 共368页
第3页 / 共368页
第4页 / 共368页
第5页 / 共368页
第6页 / 共368页
第7页 / 共368页
第8页 / 共368页
Trusted platform module basics - using TPM in embedded systems.p....pdf
Trusted Platform Module Basics
This page intentionally left blank
Trusted Platform Module Basics
Using TPM in Embedded Systems
by Steven Kinney
AMSTERDAM • BOSTON • HEIDELBERG • LONDON
• NEW YORK • OXFORD • PARIS • SAN DIEGO
• SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO
Newness is an imprint of Elsevier
This eBook does not include ancillary media that was packaged with
the printed version of the book
Newnes is an imprint of Elsevier
30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
Linacre House, Jordan Hill, Oxford OX2 8DP, UK
Copyright © 2006, Elsevier Inc. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means, electronic, mechanical, photocopying, recording, or otherwise,
without the prior written permission of the publisher.
Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in
Oxford, UK: phone: (⫹44) 1865 843830, fax: (⫹44) 1865 853333, E-mail: HYPERLINK
"mailto:permissions@elsevier.com" permissions@elsevier.com. You may also complete your
request on-line via the Elsevier homepage (http://elsevier.com), by selecting “Support & Contact”
then “Copyright and Permission” and then “Obtaining Permissions.”
Recognizing the importance of preserving what has been written, Elsevier prints its books on
acid-free paper whenever possible.
Library of Congress Cataloging-in-Publication Data
Kinney, Steven.
Trusted platform module basics : using TPM in embedded systems / by Steven Kinney.
p.
cm.
Includes bibliographical references and index.
ISBN-13: 978-0-7506-7960-2
ISBN-10: 0-7506-7960-3
1. Embedded computer systems. 2. Computer security. 3. Data encryption
(Computer science) I. Title.
TK7895.E42K56 2006
005.8—dc22
2006018308
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN 13: 978-0-7506-7960-2
ISBN: 0-7506-7960-3
For information on all Newnes publications visit our Web site at
www.books.elsevier.com
06 07 08 09 10 10 9 8 7 6 5 4 3 2 1
Typeset by Charon Tec Ltd, Chennai, India
www.charontec.com
Printed in the United States of America
Contents
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Chapter 1: TCG Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 The Trusted Computing Group . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 The TCG Specification Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3 The PC Specific Specification and the Embedded Design . . . . . . . 2
1.4 The TSS Specification Version 1.1 . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 2: Cryptographic Basics . . . . . . . . . . . . . . . . . . . . . . . . 11
2.1 The Symmetric and Asymmetric Keys . . . . . . . . . . . . . . . . . . . . 11
2.2 Using RSA to Encrypt Private Information . . . . . . . . . . . . . . . . 14
2.3 Using RSA to Sign and Verify Signatures . . . . . . . . . . . . . . . . . 16
Chapter 3: Overview of the TPM Architecture . . . . . . . . . . . . 21
3.1 The TPM CPU or Microcontroller . . . . . . . . . . . . . . . . . . . . . 21
3.2 Asymmetric Functional Block Requirements . . . . . . . . . . . . . . . 22
3.3 TPM Memory Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4 Platform Configuration Registers . . . . . . . . . . . . . . . . . . . . . . . 26
3.5 Hardware Power Management and Tamper Circuitry . . . . . . . . 27
3.6 The TPM, System-on-a-Chip . . . . . . . . . . . . . . . . . . . . . . . . . 28
Chapter 4: Root-of-Trust—the TPM Endorsement Key . . . . . . 31
4.1 Root-of-Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.2 The Endorsement Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.3 X509 Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.4 Security and the EK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Chapter 5: Key Hierarchy and Key Management . . . . . . . . . . 39
5.1 TPM-Specific Key Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5.2 Types of Keys Found within the TPM . . . . . . . . . . . . . . . . . . . . 40
vi
Contents
5.3 Typical PC-Based Key Hierarchy . . . . . . . . . . . . . . . . . . . . . . 42
5.4 Key Flags and Their Meaning . . . . . . . . . . . . . . . . . . . . . . . . 44
5.5 Key Cryptographic Algorithm Definition . . . . . . . . . . . . . . . . 46
5.6 Putting It All Together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5.7 Key Migration and Archiving . . . . . . . . . . . . . . . . . . . . . . . . 50
Chapter 6: Platform Configuration Registers . . . . . . . . . . . . . 53
6.1 What in the World Is a Platform Configuration Register? . . . . . 53
6.2 How PCR Values Are Initialized . . . . . . . . . . . . . . . . . . . . . . 57
6.3 How PCRs Govern TPM Command Execution . . . . . . . . . . . 61
6.4 Other PCR Tidbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Chapter 7: TPM Command Message Overview . . . . . . . . . . . . 65
7.1 Non-authorized TPM Command Messages . . . . . . . . . . . . . . . 65
7.2 Single Authorized TPM Command Messages . . . . . . . . . . . . . 67
7.3 Dual Authorized TPM Command Messages . . . . . . . . . . . . . . 69
Chapter 8: Rolling Nonces and Anti-replay Protection . . . . . . 73
Chapter 9: Command Authorization, Typical . . . . . . . . . . . . . . 83
9.1 TPM Authorization Overview . . . . . . . . . . . . . . . . . . . . . . . . 83
9.2 The TPM Authorization Input/Output Block(s) . . . . . . . . . . . 84
9.3 Types of Command Authorization(s) . . . . . . . . . . . . . . . . . . . 86
9.4 Object Independent Authorization Protocol . . . . . . . . . . . . . . 88
9.5 Calculating the Authorization Digest . . . . . . . . . . . . . . . . . . . 90
9.6 Object Specific Authorization Protocol . . . . . . . . . . . . . . . . . . 95
9.7 Command Authorization Examples, Typical . . . . . . . . . . . . . 100
Chapter 10: Command Authorization, Atypical . . . . . . . . . . 117
10.1 Exception Case, the Deffered Authorization Protocol . . . . . . . 117
10.2 Exception Case, Non-authorized Command Execution of
Normally Authorized Commands . . . . . . . . . . . . . . . . . . . . . 123
10.3 Exception Case, the EncAuth . . . . . . . . . . . . . . . . . . . . . . . . 129
Contents
vii
Chapter 11: Initialization and Low-Level Command Suite . . 133
11.1 Determining TPM Compliance State . . . . . . . . . . . . . . . . . . 133
11.2 TPM Initialization Regarding Compliance State . . . . . . . . . 135
11.3 The Compliance Endorsement Key . . . . . . . . . . . . . . . . . . . . 137
Chapter 12: Compliance Vectors and Their Purpose . . . . . . . 139
12.1 The Compliance RSA Keying Material . . . . . . . . . . . . . . . . . 139
12.2 The Compliance Nonces, Secrets, and Random Numbers . . . . 143
12.3 The Compliance PCR Digest Values . . . . . . . . . . . . . . . . . . . 145
Chapter 13: Establishing a TPM Owner . . . . . . . . . . . . . . . . . 149
13.1 The TPM_CreateEndorsementKeyPair Command . . . . . . . . 149
13.2 The TPM_ReadPubek Command . . . . . . . . . . . . . . . . . . . . 154
13.3 The TPM_TakeOwnership Command . . . . . . . . . . . . . . . . . 156
Chapter 14: Owner-Authorized Command Suite . . . . . . . . . 167
14.1 The TPM_GetCapabilityOwner . . . . . . . . . . . . . . . . . . . . . 168
14.2 The TPM_DisablePubekRead . . . . . . . . . . . . . . . . . . . . . . . 173
14.3 The TPM_OwnerReadPubek . . . . . . . . . . . . . . . . . . . . . . . 175
14.4 The TPM_OwnerClear . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
14.5 The TPM_DisableOwnerClear . . . . . . . . . . . . . . . . . . . . . . 178
14.6 The TPM_OwnerSetDisable . . . . . . . . . . . . . . . . . . . . . . . . 179
14.7 The TPM_ChangeAuthOwner . . . . . . . . . . . . . . . . . . . . . . 179
14.8 The TPM_AuthorizeMigrationKey . . . . . . . . . . . . . . . . . . . 182
Chapter 15: The Key Management Command Suite . . . . . . . 187
15.1 The TPM_CreateWrapKey Command . . . . . . . . . . . . . . . . . 188
15.2 The TPM_LoadKey Command . . . . . . . . . . . . . . . . . . . . . . 199
15.3 The TPM_EvictKey Command . . . . . . . . . . . . . . . . . . . . . . 202
15.4 The TPM_GetPubKey Command . . . . . . . . . . . . . . . . . . . . 203
Chapter 16: The RSA Encryption and Decryption
Command Suite . . . . . . . . . . . . . . . . . . . . . . . . . . 207
16.1 The TSS_Bind or Tspi_Data_Bind (TSS Specification) . . . . 208
16.2 The TPM_UnBind Command . . . . . . . . . . . . . . . . . . . . . . 212
16.3 The TPM_Seal Command . . . . . . . . . . . . . . . . . . . . . . . . . 214
16.4 The TPM_UnSeal Command . . . . . . . . . . . . . . . . . . . . . . . 218
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
