第1页 / 共742页
第2页 / 共742页
第3页 / 共742页
第4页 / 共742页
第5页 / 共742页
第6页 / 共742页
第7页 / 共742页
第8页 / 共742页
可信软件栈最新规范,用户使用TPM的桥梁.pdf
1.The TCG Software Stack (TSS)
1.1General Introduction
1.2Introduction to the TSS
1.3TSS functions defined are not exclusive
1.4Platform Architecture
1.4.1Platform Modes
1.4.2Procedure Calls
1.4.2.1Local Procedure Call (LPC)
1.4.2.2Remote Procedure Call (RPC)
1.5Trust Boundaries
1.6Privacy Boundaries
1.7OS Dependency
1.8Roles
1.8.1TPM Owner
1.8.2TPM User
1.8.3Platform Administrator
1.8.4Platform User
1.8.5Operator
1.8.6Public
1.9TSS Architecture
1.9.1TCG Service Provider (TSP)
1.9.1.1TSP Interface (TSPI)
1.9.1.2TSP Context Manager (TSPCM)
1.9.1.3TSP Cryptographic Functions (TSPCF)
1.9.2TCG Core Services (TCS)
1.9.2.1TCS Interface (Tcsi)
1.9.2.2TCS Context Manager (TCSCM)
1.9.2.3TCS Key & Credential Manager (TCSKCM)
1.9.2.4TCS Event Manager (TCSEM)
1.9.2.5TCS TPM Parameter Block Generator (TcsipBG)
1.9.3TCG Device Driver Library (TDDL)
1.9.3.1TDDL Interface (Tddli)
1.9.4TPM Device Driver (TDD)
1.9.4.1TDD Interface (TDDI)
1.9.5Remote Procedure Calls
1.9.5.1Command Filtering
1.9.5.2Stateless
1.9.5.3Stateful
1.9.6Cryptographic Infrastructures
2.Common Environment
2.1Naming Conventions
2.2Abbreviations
2.3Definitions
2.3.1Data Types
2.3.2Defined Constants
2.3.2.1Object Type Definitions
2.3.2.2Object Initialization Definitions
2.3.2.3Attribute Definitions for a Context Object
2.3.2.4Attribute Definitions for a TPM Object
2.3.2.5Attribute Definitions for a Policy Object
2.3.2.6Attribute Definitions for a Key Object
2.3.2.7Attribute Definitions for a Data Object
2.3.2.8Attribute definitions for NV objects
2.3.2.9Attribute definitions for MigData objects
2.3.2.10Attribute Definitions for Hash Objects
2.3.2.11Attribute Definitions for a PcrComposite Object
2.3.2.12Attribute Definitions for DelFamily Objects
2.3.2.13Attribute Definitions for DAA Objects
2.3.2.14Policy Definitions for Secret Mode
2.3.2.15Policy Definition for Secret Lifetime
2.3.2.16TPM Status Flags Definitions
2.3.2.17Algorithm ID Definitions
2.3.2.18Capability Flag Definitions
2.3.2.19Sub-Capability Flag Definitions
2.3.2.20Persistent Storage Flag Definitions
2.3.2.21Migration Scheme Definitions
2.3.2.22Key Size Definitions
2.3.2.23Key Type Flags
2.3.2.24Key Structure Types
2.3.2.25Key Authorization
2.3.2.26Key Encryption Scheme Definitions
2.3.2.27Key Signature Scheme Definitions
2.3.2.28PCR Structure Types
2.3.2.29Event Type Definitions
2.3.2.30Well Known Secret
2.4Return Codes
2.4.1Return Codes Scheme
2.4.2Common Return Code Defines
2.4.3Common Return Code Rules
2.5OS Specific Considerations
2.5.1OS Specific Error Information:
2.5.1.1Windows Operating System:
2.5.1.1.1COM Error Codes:
2.5.1.1.2ErrorSample
2.5.2Unicode considerations
2.6Structures
2.6.1TSS_VERSION
2.6.2TSS_PCR_EVENT
2.6.3TSS_EVENT_CERT
2.6.4TSS_UUID
2.6.5TSS_KM_KEYINFO
2.6.6TSS_KM_KEYINFO2
2.6.7TSS_VALIDATION
2.6.8TPM_COUNTER_VALUE
2.6.9TSS_CALLBACK
3.DAA Structures
3.1TSS_DAA_PK
3.2TSS_DAA_PK_PROOF
3.3TSS_DAA_SK
3.4TSS_DAA_AR_PK
3.5TSS_DAA_AR_SK
3.6TSS_DAA_CRED_ISSUER
3.7TSS_DAA_CREDENTIAL
3.8TSS_DAA_CREDENTIAL_REQUEST
3.9TSS_DAA_SELECTED_ATTRIB
3.10TSS_DAA_SIGNATURE
3.11TSS_DAA_SIGN_CALLBACK
3.12TSS_DAA_SIGN_DATA
3.13TSS_DAA_ATTRIB_COMMIT
3.14TSS_DAA_PSEUDONYM
3.15TSS_DAA_PSEUDONYM_PLAIN
3.16TSS_DAA_PSEUDONYM_ENCRYPTED
3.17TSS_DAA_IDENTITY_PROOF
3.18TSS_DAA_JOIN_SESSION
3.19TSS_DAA_JOIN_ISSUER_SESSION
3.20DAA Error codes
3.21NonVolatile Memory Functions Definitions-Object Type Definitions
3.22Key Management
3.22.1TSS Load Key Command Flow
3.22.2TSS Load Key Flow Diagram
3.22.3Key Handles
3.23Portable Data
3.23.2Portable Data Format Conversion Functions
3.23.2.1Tspi_EncodeDER_TssBlob
3.23.2.2Tspi_DecodeBER_TssBlob
4.TCG Service Provider (TSP)
4.1Theory of Operation
4.1.1Functional Overview
4.1.2Interface Design
4.1.2.1Classes
4.1.2.2Object Relationship
4.1.3Authorization Data Handling
4.1.3.1Secrets Handled by Service Provider
4.1.3.2Secrets Handled by Application
4.1.4Implementation Considerations
4.1.5User Interface Elements
4.1.6Runtime Considerations
4.2TSPI-specific Return Code Defines
4.3Interface Description
4.3.1Syntax
4.3.2Calling Conventions regarding Memory Management
4.3.3Classes and Methods
4.3.3.1Common Methods Definition
4.3.3.1.1Tspi_SetAttribUint32
4.3.3.1.2Tspi_GetAttribUint32
4.3.3.1.3Tspi_SetAttribData
4.3.3.1.4Tspi_GetAttribData
4.3.3.1.5Tspi_ChangeAuth
4.3.3.1.6Tspi_ChangeAuthAsym
4.3.3.1.7Tspi_GetPolicyObject
4.3.3.2Tspi_Context Class Definition
4.3.3.2.1Tspi_Context_Create
4.3.3.2.2Tspi_Context_Close
4.3.3.2.3Tspi_SetAttribUint32
4.3.3.2.4Tspi_GetAttribUint32
4.3.3.2.5Tspi_SetAttribData
4.3.3.2.6Tspi_GetAttribData
4.3.3.2.7Tspi_Context_Connect
4.3.3.2.8Tspi_Context_FreeMemory
4.3.3.2.9Tspi_Context_GetDefaultPolicy
4.3.3.2.10Tspi_Context_CreateObject
4.3.3.2.11Tspi_Context_CloseObject
4.3.3.2.12Tspi_Context_GetCapability
4.3.3.2.13Tspi_Context_GetTPMObject
4.3.4 Encryption Transport Session
4.3.4.1Extensions of TSP-Context-Object
4.3.4.1.1Tspi_SetAttribUint32
4.3.4.1.2Tspi_GetAttribUint32
4.3.4.1.3Tspi_Context_SetTransEncryptionKey
4.3.4.1.4Tspi_Context_CloseSignTransport
4.3.4.2Finding, Loading, and Registering Keys in a Context
4.3.4.2.1Tspi_Context_LoadKeyByBlob
4.3.4.2.2Tspi_Context_LoadKeyByUUID
4.3.4.2.3Tspi_Context_RegisterKey
4.3.4.2.4Tspi_Context_UnregisterKey
4.3.4.2.5Tspi_Context_GetKeyByUUID
4.3.4.2.6Tspi_Context_GetKeyByPublicInfo
4.3.4.2.7Tspi_Context_GetRegisteredKeysByUUID
4.3.4.2.8Tspi_Context_GetRegisteredKeysByUUID2
4.3.4.2.9Tspi_TPM_KeyControlOwner
4.3.4.3TSS_PLATFORM_CLASS
4.3.4.4TSPI_Policy Class Definition
4.3.4.4.1Tspi_SetAttribUint32
4.3.4.4.2Tspi_GetAttribUint32
4.3.4.4.3Tspi_SetAttribData
4.3.4.4.4Tspi_GetAttribData
4.3.4.4.5Tspi_Policy_SetSecret
4.3.4.4.6Tspi_Policy_FlushSecret
4.3.4.4.7Tspi_Policy_AssignToObject
4.3.4.5Tspi_TPM_Class Definition
4.3.4.5.1Tspi_SetAttribUint32
4.3.4.5.2Tspi_GetAttribUint32
4.3.4.5.3Tspi_SetAttribData
4.3.4.5.4Tspi_GetAttribData
4.3.4.6Identity Management
4.3.4.6.1Tspi_TPM_CreateEndorsementKey
4.3.4.6.2Tspi_TPM_GetPubEndorsementKey
4.3.4.6.3Tspi_TPM_CollateIdentityRequest
4.3.4.6.4Tspi_TPM_ActivateIdentity
4.3.4.7New EK commands:
4.3.4.7.1Tspi_TPM_CreateRevocableEndorsementKey
4.3.4.7.2Tspi_TPM_RevokeEndorsementKey
4.3.4.8Setup and Takedown Commands
4.3.4.8.1Tspi_TPM_TakeOwnership
4.3.4.8.2Tspi_TPM_ClearOwner
4.3.4.8.3Tspi_TPM_CreateMaintenanceArchive
4.3.4.8.4Tspi_TPM_KillMaintenanceFeature
4.3.4.8.5Tspi_TPM_LoadMaintenancePubKey
4.3.4.8.6Tspi_TPM_CheckMaintenancePubKey
4.3.4.8.7Tspi_TPM_SetOperatorAuth
4.3.4.9TPM Get and Set Status Commands
4.3.4.9.1Tspi_TPM_SetStatus
4.3.4.9.2Tspi_TPM_GetStatus
4.3.4.10Get TPM Capabilities
4.3.4.10.1Tspi_TPM_GetCapability
4.3.4.10.2Tspi_TPM_GetCapabilitySigned
4.3.4.11Test Commands
4.3.4.11.1Tspi_TPM_SelfTestFull
4.3.4.11.2Tspi_TPM_CertifySelfTest
4.3.4.11.3Tspi_TPM_GetTestResult
4.3.4.12Random Numbers
4.3.4.12.1Tspi_TPM_GetRandom
4.3.4.12.2Tspi_TPM_StirRandom
4.3.4.13Old PCR Commands
4.3.4.13.1Tspi_TPM_GetEvent
4.3.4.13.2Tspi_TPM_GetEvents
4.3.4.13.3Tspi_TPM_GetEventLog
4.3.4.13.4Tspi_TPM_Quote
4.3.4.13.5Tspi_TPM_PcrExtend
4.3.4.13.6Tspi_TPM_PcrRead
4.3.4.14Tspi_Data Class Definition for Seal and PCRs
4.3.4.14.1 Tspi_GetAttribUint32 / Tspi_SetAttribUint32
4.3.4.15Tspi_PcrComposite Class Definition
4.3.4.15.1Tspi_SetAttribUint32
4.3.4.15.2Tspi_GetAttribUint32
4.3.4.15.3Tspi_PcrComposite_SelectPcrIndex
4.3.4.15.4Tspi_PcrComposite_SetPcrValue
4.3.4.15.5Tspi_PcrComposite_GetPcrValue
4.3.4.16New PCR commands:
4.3.4.16.1Tspi_TPM_PcrReset
4.3.4.16.2Tspi_Data_Seal
4.3.4.16.3Tspi_Data_SealX
4.3.4.16.4Tspi_TPM_Quote2
4.3.4.16.5Tspi_PcrComposite_SetPcrLocality
4.3.4.16.6Tspi_PcrComposite_GetPcrLocality
4.3.4.16.7Tspi_PcrComposite_GetCompositeHash
4.3.4.16.8Tspi_PcrComposite_SelectPcrIndexEx
4.3.4.17Keys: Create, load, manage
4.3.4.17.1Tspi_ChangeAuth
4.3.4.17.2Tspi_GetPolicyObject
4.3.4.18Tspi_Key Class Definition
4.3.4.18.1Tspi_SetAttribUint32
4.3.4.18.2Tspi_GetAttribUint32
4.3.4.18.3Tspi_SetAttribData
4.3.4.18.4Tspi_GetAttribData
4.3.4.18.5Tspi_Key_LoadKey
4.3.4.18.6Tspi_Key_UnloadKey
4.3.4.18.7Tspi_Key_GetPubKey
4.3.4.18.8Tspi_Key_CertifyKey
4.3.4.18.9Tspi_Key_CreateKey
4.3.4.18.10Tspi_Key_WrapKey
4.3.4.18.11Tspi_TPM_AuthorizeMigrationTicket
4.3.4.18.12Tspi_Key_CreateMigrationBlob
4.3.4.18.13Tspi_Key_ConvertMigrationBlob
4.3.4.18.14Tspi_ChangeAuth
4.3.4.18.15Tspi_ChangeAuthAsym
4.3.4.18.16Tspi_GetPolicyObject
4.3.4.19CMK commands:
4.3.4.19.1Tspi_TPM_CMKSetRestrictions
4.3.4.19.2Tspi_TPM_CMKApproveMA
4.3.4.19.3Tspi_TPM_CMKCreateTicket
4.3.4.20Tspi_MigData Class Definition
4.3.4.20.1Tspi_SetAttribUint32
4.3.4.20.2Tspi_GetAttribUint32
4.3.4.20.3Tspi_SetAttribData
4.3.4.20.4Tspi_GetAttribData
4.3.4.20.5Tspi_Key_MigrateKey
4.3.4.20.6Tspi_Key_CMKCreateBlob
4.3.4.20.7Tspi_Key_CMKConvertMigration
4.3.4.21Tspi_Hash Class Definition
4.3.4.21.1Tspi_SetAttribData
4.3.4.21.2Tspi_Hash_Sign
4.3.4.21.3Tspi_Hash_VerifySignature
4.3.4.21.4Tspi_Hash_SetHashValue
4.3.4.21.5Tspi_Hash_GetHashValue
4.3.4.21.6Tspi_Hash_UpdateHashValue
4.3.4.22Tspi_Data Class Definition
4.3.4.22.1Tspi_SetAttribUint32
4.3.4.22.2Tspi_GetAttribUint32
4.3.4.22.3Tspi_SetAttribData
4.3.4.22.4Tspi_GetAttribData
4.3.4.22.5Tspi_Data_Bind
4.3.4.22.6Tspi_Data_Unbind
4.3.4.22.7Tspi_Data_Unseal
4.3.4.22.8Tspi_ChangeAuth
4.3.4.22.9Tspi_ChangeAuthAsym
4.3.4.22.10Tspi_GetPolicyObject
4.3.4.23Monotonic Counter functions
4.3.4.23.1Tspi_TPM_ReadCurrentCounter
4.3.4.24Time Stamping Function Definitions
4.3.4.24.1Tspi_TPM_ReadCurrentTicks
4.3.4.24.2Tspi_Hash_TickStampBlob
4.3.4.25DIR Commands
4.3.4.25.1Tspi_TPM_DirWrite
4.3.4.25.2Tspi_TPM_DirRead
4.3.4.26Tspi_NV Class Definition
4.3.4.26.1Tspi_SetAttribUint32
4.3.4.26.2Tspi_GetAttribUint32
4.3.4.26.3Tspi_SetAttribData
4.3.4.26.4Tspi_GetAttribData
4.3.4.26.5Tspi_NV_DefineSpace
4.3.4.26.6Tspi_NV_ReleaseSpace
4.3.4.26.7Tspi_NV_WriteValue
4.3.4.26.8Tspi_NV_ReadValue
4.3.4.27GPIO
4.3.4.28Delegation TSPI functions
4.3.4.28.1Tspi_SetAttribUint32
4.3.4.28.2Tspi_GetAttribUint32
4.3.4.28.3Tspi_SetAttribData
4.3.4.28.4Tspi_GetAttribData
4.3.4.28.5Tspi_TPM_Delegate_AddFamily
4.3.4.28.6Tspi_TPM_Delegate_GetFamily
4.3.4.28.7Tspi_TPM_Delegate_InvalidateFamily
4.3.4.28.8Tspi_TPM_Delegate_CreateDelegation
4.3.4.28.9Tspi_TPM_Delegate_CacheOwnerDelegation
4.3.4.28.10Tspi_TPM_Delegate_UpdateVerificationCount
4.3.4.28.11Tspi_TPM_Delegate_VerifyDelegation
4.3.4.28.12Tspi_TPM_Delegate_ReadTables
4.3.4.29DAA Commands
4.3.4.29.1Introduction
4.3.4.29.2Components
4.3.4.30DAA Protocols
4.3.4.30.1DAA Join
4.3.4.30.2Limitation
4.3.4.30.3DAA Sign
4.3.4.30.4Keys of DAA Issuer
4.3.4.30.5Notation
4.3.4.30.6Join Protocol
4.3.4.30.7Sign Protocol
4.3.4.30.8Definitions
4.3.4.30.9Lengths
4.3.4.30.10Input to hash functions
4.3.4.31DAA Functions
4.3.4.31.1Tspi_SetAttribUint32
4.3.4.31.2Tspi_GetAttribUint32
4.3.4.31.3Tspi_SetAttribData
4.3.4.31.4Tspi_GetAttribData
4.3.4.31.5Tspi_TPM_DAA_JoinInit
4.3.4.31.6Tspi_TPM_DAA_JoinCreateDaaPubKey
4.3.4.31.7Tspi_TPM_DAA_JoinStoreCredential
4.3.4.31.8Tspi_TPM_DAA_Sign
4.3.4.31.9Tspi_DAA_IssuerKeyVerification
4.3.4.31.10Tspi_DAA_IssueSetup
4.3.4.31.11Tspi_DAA_IssueInit
4.3.4.31.12Tspi_DAA_IssueCredential
4.3.4.31.13Tspi_DAA_VerifyInit
4.3.4.31.14Tspi_DAA_VerifySignature
4.3.4.31.15Tspi_DAA_RevokeSetup
4.3.4.31.16Tspi_DAA_ARDecrypt
4.3.4.32Audit Commands:
4.3.4.32.1New Attribute Definitions for a TPM Object
4.3.4.32.2Tspi_SetAttribUint32
4.3.4.32.3Tspi_TPM_GetAuditDigest
4.3.4.32.4Tspi_TPM_SetOrdinalAuditStatus
4.3.4.33Callback Function Definitions
4.3.4.33.1Tspicb_CallbackHMACAuth
4.3.4.33.2Tspicb_CallbackXorEnc
4.3.4.33.3Tspicb_CallbackTakeOwnership
4.3.4.33.4Tspicb_CallbackSealxMask
4.3.4.33.5Tspicb_CallbackChangeAuthAsym
4.3.4.33.6Tspicb_CollateIdentity
4.3.4.33.7Tspicb_ActivateIdentity
4.3.4.33.8Tspicb_DAA_Sign
4.3.4.33.9Tspicb_DAA_VerifySignature
4.3.4.34Platform Class Command
4.3.4.34.1Tspi_TPM_ReturnPlatformClass
5.TCG Core Services (TCS)
5.1.1TCS Memory Manager
5.1.2TCS Data Marshalling
5.1.3TCS Interface Dynamics
5.2TCS-specific Return Code Defines
5.3TSPI-specific Return code Rules
5.4Structures and Definitions
5.4.1Data Types of the Tcsi
5.4.2TCS_LOADKEY_INFO
5.5TCS Context Manager
5.5.1TCS Context Manager Functions and Operations
5.5.2TCS Context Manager Interface
5.5.2.1Tcsi_OpenContext
5.5.2.2Tcsi_CloseContext
5.5.2.3Tcsi_FreeMemory
5.5.2.4Tcsi_GetCapability
5.6TCS Key and Credential Manager
5.6.1TCS Key & Credential Manager Functions and Operations
5.6.1.1TCS Key Manager
5.6.1.2TCS Key Cache Manager
5.6.1.3TCS Credential Management
5.6.2TCS Key and Credential Manager Interface
5.6.2.1Interfaces
5.6.2.2Key Registration
5.6.2.2.1Tcsi_RegisterKey
5.6.2.2.2Tcsip_UnregisterKey
5.6.2.2.3Tcsip_KeyControlOwner
5.6.2.3TCS Get Key Hierarchy Information
5.6.2.3.1Tcsi_EnumRegisteredKeys
5.6.2.3.2Tcsi_GetRegisteredKey
5.6.2.3.3Tcsi_GetRegisteredKeyBlob
5.6.2.3.4Tcsip_GetRegisteredKeyByPublicInfo
5.6.2.4TCS Loading a Key
5.6.2.4.1Tcsip_LoadKeyByBlob
5.6.2.4.2Tcsip_LoadKeyByUUID
5.6.2.4.3Tcsip_EvictKey
5.6.2.5TCS Creating a Key
5.6.2.5.1Tcsip_CreateWrapKey
5.6.2.6TCS Working with Keys
5.6.2.6.1Tcsip_GetPubKey
5.6.2.6.2Tcsip_OwnerReadInternalPub
5.6.2.7TCS Credential Management
5.6.2.7.1Tcsip_MakeIdentity
5.6.3TCS Use Models
5.6.3.1TCS Load Key by UUID
5.7TCS Event Manager
5.7.1TCS Event Manager Functions and Operations
5.7.2TCS Event Manager Interface
5.7.2.1TCS Event Manager Interface Structures and Definitions
5.7.2.1.1TCS The Event Log
5.7.2.2TCS Event Manager Interface Functions
5.7.2.2.1Tcsi_LogPcrEvent
5.7.2.2.2Tcsi_GetPcrEvent
5.7.2.2.3Tcsi_GetPcrEventsByPcr
5.7.2.2.4Tcsi_GetPcrEventLog
5.8TCS TPM Parameter Block Generator
5.8.1TCS TPM Parameter Block Generator Functions and Operations
5.8.2TCS TPM Parameter Block Generator Interface
5.8.2.1Functions
5.8.2.2TPM Ownership, Authorization, and Identity
5.8.2.2.1Tcsip_SetOwnerInstall
5.8.2.2.2Tcsip_TakeOwnership
5.8.2.2.3Tcsip_OIAP
5.8.2.2.4Tcsip_OSAP
5.8.2.2.5Tcsip_ChangeAuth
5.8.2.2.6Tcsip_ChangeAuthOwner
5.8.2.2.7Tcsip_ChangeAuthAsymStart
5.8.2.2.8Tcsip_ChangeAuthAsymFinish
5.8.2.2.9Tcsip_TerminateHandle
5.8.2.2.10Tcsip_ActivateTPMIdentity
5.8.2.3TCS Context
5.8.2.3.1Tcsi_GetCapability (Versioning, Platform-Type)
5.8.2.4Transport Protection
5.8.2.4.1Tcsip_EstablishTransport
5.8.2.4.2Tcsip_ExecuteTransport
5.8.2.4.3Tcsip_ReleaseTransportSigned
5.8.2.5TPM Mandatory
5.8.2.5.1Tcsip_Extend
5.8.2.5.2Tcsip_PcrRead
5.8.2.5.3Tcsip_Quote
5.8.2.5.4Tcsip_Quote2
5.8.2.5.5Tcsip_DirWriteAuth
5.8.2.6Tcsip_DirRead
5.8.2.6.1Tcsip_Seal
5.8.2.6.2Tcsip_Unseal
5.8.2.6.3Tcsip_UnBind
5.8.2.6.4Tcsip_Sealx
5.8.2.6.5Tcsip_LoadKey2ByBlob
5.8.2.6.6Tcsip_CreateMigrationBlob
5.8.2.6.7Tcsip_ConvertMigrationBlob
5.8.2.6.8Tcsip_AuthorizeMigrationKey
5.8.2.6.9Tcsip_SetOperatorAuth
5.8.2.7TPM Cryptographic Capabilities
5.8.2.7.1Tcsip_CertifyKey
5.8.2.7.2Tcsip_CertifyKey2
5.8.2.7.3Tcsip_Sign
5.8.2.7.4Tcsip_GetRandom
5.8.2.7.5Tcsip_StirRandom
5.8.2.7.6Tcsip_GetCapability
5.8.2.7.7Tcsip_GetCapabilitySigned
5.8.2.7.8Tcsip_GetCapabilityOwner
5.8.2.7.9Tcsip_CreateEndorsementKeyPair
5.8.2.7.10Tcsip_ReadPubek
5.8.2.7.11Tcsip_DisablePubekRead
5.8.2.7.12Tcsip_OwnerReadPubek
5.8.2.8TPM Self-Test and Management
5.8.2.8.1Tcsip_SelfTestFull
5.8.2.8.2Tcsip_CertifySelfTest
5.8.2.8.3Tcsip_ContinueSelfTest
5.8.2.8.4Tcsip_GetTestResult
5.8.2.8.5Tcsip_OwnerSetDisable
5.8.2.8.6Tcsip_OwnerClear
5.8.2.8.7Tcsip_DisableOwnerClear
5.8.2.8.8Tcsip_ForceClear
5.8.2.8.9Tcsip_DisableForceClear
5.8.2.8.10Tcsip_PhysicalDisable
5.8.2.8.11Tcsip_PhysicalEnable
5.8.2.8.12Tcsip_PhysicalSetDeactivated
5.8.2.8.13Tcsip_SetTempDeactivated
5.8.2.8.14Tcsip_SetTempDeactivated2
5.8.2.8.15Tcsip_PhysicalPresence
5.8.2.8.16Tcsip_FieldUpgrade
5.8.2.8.17Tcsip_SetRedirection
5.8.2.9Delegation
5.8.2.9.1Tcsip_DSAP
5.8.2.9.2Tcsip_Delegate_Manage
5.8.2.9.3Tcsip_Delegate_CreateKeyDelegation
5.8.2.9.4Tcsip_Delegate_CreateOwnerDelegation
5.8.2.9.5Tcsip_Delegate_LoadOwnerDelegation
5.8.2.9.6Tcsip_Delegate_UpdateVerificationCount
5.8.2.9.7Tcsip_Delegate_VerifyDelegation
5.8.2.9.8Tcsip_Delegate_ReadTable
5.8.2.10NVRAM
5.8.2.10.1Tcsip_NV_DefineOrReleaseSpace
5.8.2.10.2Tcsip_NV_WriteValue
5.8.2.10.4Tcsip_NV_WriteValueAuth
5.8.2.10.5Tcsip_NV_ReadValue
5.8.2.10.6Tcsip_NV_ReadValueAuth
5.8.2.11TPM Optional
5.8.2.11.1Tcsip_CreateMaintenanceArchive
5.8.2.11.2Tcsip_LoadMaintenanceArchive
5.8.2.11.3Tcsip_KillMaintenanceArchive
5.8.2.11.4Tcsip_LoadManufacturerMaintenancePub
5.8.2.11.5Tcsip_ReadManufacturerMaintenancePub
5.8.2.12New EK Commands
5.8.2.12.1Tcsip_CreateRevocableEndorsementKeyPair
5.8.2.12.2Tcsip_RevokeEndorsementKeyPair
5.8.2.13Section 2: New PCR commands:
5.8.2.13.1Tcsip_PcrReset
5.8.2.14Monotonic Counter TCS functions
5.8.2.14.1Tcsip_ReadCounter
5.8.2.14.2Tcsip_CreateCounter
5.8.2.14.3Tcsip_IncrementCounter
5.8.2.14.4Tcsip_ReleaseCounter
5.8.2.14.5Tcsip_ReleaseCounterOwner
5.8.2.15Time Stamping Function Definitions
5.8.2.15.1Tcsip_TPM_ReadCurrentTicks
5.8.2.15.2Tcsip_TickStampBlob
5.8.2.16DAA Commands
5.8.2.16.1Tcsip_TPM_DAA_Join
5.8.2.16.2Tcsip_TPM_DAA_Sign
5.8.2.17CMK commands:
5.8.2.17.1Tcsip_MigrateKey
5.8.2.17.2Tcsip_CMK_SetRestrictions
5.8.2.17.3Tcsip_CMK_ApproveMA
5.8.2.17.4Tcsip_CMK_CreateKey
5.8.2.17.5Tcsip_CMK_CreateTicket
5.8.2.17.6Tcsip_CMK_CreateBlob
5.8.2.17.7Tcsip_CMK_ConvertMigration
5.8.2.18TPM Set/Get Capability Commands
5.8.2.18.1Tcsip_SetCapability
5.8.2.19Audit Commands:
5.8.2.19.1Tcsip _GetAuditDigest
5.8.2.19.2Tcsip _GetAuditDigestSigned
5.8.2.19.3Tcsip _SetOrdinalAuditStatus
6.TCG Device Driver Library (TDDL)
6.1TDDL Architecture
6.2Memory Management
6.3TDDL Error Code Defines
6.4TDDL-specific Return code Rules
6.5TDDL Interface
6.5.1Tddli_Open
6.5.2Tddli_Close
6.5.3Tddli_Cancel
6.5.4Tddli_GetCapability
6.5.5Tddli_SetCapability
6.5.6Tddli_GetStatus
6.5.7Tddli_TransmitData
6.5.8Tddli_PowerManagement
6.5.9Tddli_PowerManagementControl
7.Flow Chart
8.Administration Functions
8.1Locality Administration
8.1.1Tcsi_Admin_TSS_SessionsPerLocality
8.1.2 Tcsi_Admin_TSS_MaxTimePerLocality
9.References
10.APPENDIX 2. TSP Function Authorization Usage
TCG Software Stack (TSS)
Specification Version 1.2
Level 1
Part1: Commands and Structures
January 6, 2006
Copyright © 2006 Trusted Computing Group, Incorporated.
THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO WARRANTIES
WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY,
NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR
ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL,
SPECIFICATION OR SAMPLE. Without limitation, TCG disclaims all liability,
including liability for infringement of any proprietary rights, relating to use of
information in this specification and to the implementation of this specification,
and TCG disclaims all liability for cost of procurement of substitute goods or
services, lost profits, loss of use, loss of data or any incidental, consequential,
direct, indirect, or special damages, whether under contract, tort, warranty or
otherwise, arising in any way out of use or reliance upon this specification or
any information herein.
No license, express or implied, by estoppel or otherwise, to any TCG or TCG
member intellectual property rights is granted herein.
Except that a license is hereby granted by TCG to copy and reproduce
this specification for internal use only.
Contact the Trusted Computing Group at http://trustedcomputinggroup.org for
information on specification licensing through membership agreements.
Any marks and brands contained herein are the property of their respective
owners.
TCG Software Stack (TSS) Specification
Page 2
Change History
Description
Version 1.2 Level 1 Jan 11, 2006
TCG Software Stack (TSS) Specification
Copyright TCG 2006
Version
Date
9/9/05
Errata 1
Errata 1a
Errata 2
Errata 2a
Errata 2b
Errata 3
Errata 3b
Errata 3c
Errata 3d
Errata 4
9/14/05
9/26/05
10/05/05
10/12/05
10/20/05
11/04/05
11/28/05
11/30/05
12/14/05
Errata 5
Errata 5a
12/21/05
1/3/06
Errata 5b
1/6/06
TSS_ES_RSAESOIAP_SHA1_MGF1
Based on Golden Candidate1. Fixed numerous typos, per
HP's and NTRU review. Set port to 30003. Fixed
parameters in TickStampBlob. Removed 3 duplicate
functions, moved one function to a different section,
added TSS_TCSCAP_RETURNVALUE_INFO, put in
correction for allowing both hashing with/without
terminating zero (backwards compatilibilty-previously
agreed upon) and some clarifications in the text of the
document.
Added missing attribs under details of SetAttrib
Command for Policy object and missing details on the
hashing in Errata 1.
Added changes to Transport, audit, commas, minamed
variables
Added in parameter for key size in GetAttrib for Tspi_Key
Class definitions
Remove ', out' from hPolicy parameter in delegation.
Clarification in NV_Define/ReleaseSpace from Infineon
TSS_TPMCAP_MIN_COUNTER added into section
4.3.4.10.1 and 2.3.2.19
Deleted
and
TSS_ES_RSAESOAP_SHA1_MGF2 from approved schemes,
section 2.3.2.26 as they didn't make sense.
Removed “automatic registration of keys” as it made
no sense.
Added descriptive text in
TSS_TPM_PcrExtend and in 2.6.2 on how the data to
extend is calculated.
Formatting changes.
Synchronized 2.3.2.17 and the Get/Set commands that
use those flags
Remove Return values from DAA Tcsi commands.
Remove blank sections. Change format of title of a
number of sections (which renumbers them)
Change two pictures of DAA (Zimmerman). Update
fomulae for DAA (per Zimmerman note, December 05).
This includes adding some parameters to one function,
VerifyInit,
and changing DAA_VerfiySignature
parameters from out to in (which also changes the type).
Add public key information to Tcsi_KeyControlOwner
function. Update formatting of algorithms to better
reflect comparison paper.
Added in Tcsip_OwnerReadInternalPub, contents at
beginning of second section.
Fixed some typos in DAA section pointed out by Roger,
added “p” to pointers variables in NV_ReadValue and
CreateRevokableEndorsementKey
Fixed
->CONTEXT_VERSION_MODE and
CONTEXT_VERSION
formatting of
name
TCG Software Stack (TSS) Specification
Page 3
Changes
1/23
Tcsip_ReleaseTransportSigned. Fixed Tables of Content
that correspond to them as well.
Added in
GetAttribUint32 section for additional Context regarding
transport
Added last two lines of table 4.3.3.2.4 to 4.3.3.2.3
Version 1.2 Level 1 Jan 11, 2006
TCG Software Stack (TSS) Specification
Copyright TCG 2006
TCG Software Stack (TSS) Specification
Page 4
Acknowledgement
TCG wishes to thank all those who contributed to this specification. This version builds on
the work published in version 1.1b and those who helped on that version have helped on
this version.
A special thank you goes to the members of the TSS workgroup who had early access to
this version and made invaluable contributions, corrections and support.
David Challener
TSS Workgroup Chair
Version 1.2 Level 1 Jan 11, 2006
TCG Software Stack (TSS) Specification
Copyright TCG 2006
TCG Software Stack (TSS) Specification
Page 5
Introduction
Start of informative comment:
The TCG 1.2 Main specification defines a subsystem with protected storage and protected
capabilities. This subsystem is the Trusted Platform Module (TPM). Since the TPM is both a
subsystem intended to provide trust and to be an inexpensive component, resources within
it are restricted. This narrowing of the resources, while making the security properties
easier and cheaper to build and verify, causes the interfaces and capabilities to be
cumbersome. TCG has solved this by separating the functions requiring the protected
storage and capabilities from the functions that do not; putting those that do not into the
platform’s main processor and memory space where processing power and storage exceed
that of the TPM. The modules and components that provide this supporting functionality
comprise the TSS.
The TSS 1.2 specification contains additions to the TSS 1.1b specification that correspond
to enhancement that were made in the main TPM specification. Code written using the TSS
1.1b specification should continue to work when executed against a TSS 1.2 stack.
However, the reverse is not always the case, as there is new functionality included in the
1.2 main specification that is reflected in the TSS.
That enhancement comes in several areas:
New Functionality:
Auditing – Auditing was broken in the 1.1b main specification, so it was not
implemented in the 1.1b TSS specification. With changes made in the 1.2 specification, it
is now ready to be used by application vendors.
securely.
Non-volatile monotonic counters – This new functionality is just what it sounds
like – the TPM will have several non-volatile monotonic counters, and making use of them
requires new APIs.
Delegation: In the 1.1b specification, the only way to let someone or something to
use a key was to give them the use_authentication data. Needless to say, this removed the
possibility of retracting that permission. Delegation allows a finer control, so that use of a
function may be delegated to another person / piece of software, without losing the ability
to retract that permission.
Context Saving – Since loading keys into the TPM turned out to be time consuming,
context saving gives the TPM the ability to cache its internal memory outside the chip
without causing a security vulnerability. In 1.1b, this functionality was optional. In 1.2 it
is now mandatory.
NonVolatile Storage – Early in the boot sequence, some systems don’t have access
to persistent storage. Additionally, some customers typically wipe a hard drive and
install a corporate image before using a system, leaving no place to store a certificate on the
platform. NonVolatile storage provides a small amount of persistent storage that can be
used in these cases.
Secure Timing: It was too expensive to require a TPM to have a real time clock, with
battery, that could be used to do time stamping. However, it is possible to do something
similar by correlating a tick counter with an external time stamping source, and then using
Transport sessions – This new functionality allows an application to talk to a TPM
Version 1.2 Level 1 Jan 11, 2006
TCG Software Stack (TSS) Specification
Copyright TCG 2006
TCG Software Stack (TSS) Specification
Page 6
the TPM to do secure time stamping that piggybacks off the external time source. 1.2
provides a means of implementing this.
Direct Proof: Some privacy organizations were worried that no privacy CA would
exist by the time that the need for them arose. As a result, a new means of providing
anonymous (and pseudonymous) proof that a key came from a genuine TPM was developed
that does not require a third party anonymizer.
Because the TPM has limited resources, a requirement for direct anonymous attestation
was that the operations carried out on the TPM be minimal and, if possible, be outsourced
to TSS. Of course, security must be maintained, i.e., a (corrupted) Platform TSS should not
be able to authenticate without interacting with the TPM. However, privacy/anonymity
needs only be guaranteed if the Platform TSS is not corrupted: as the host controls all the
communication of the TPM to the outside, a corrupted Platform TSS can always break
privacy/anonymity by just adding some identifier to each message sent by the TPM. In fact,
our scheme satisfies an even stronger requirement: when the corrupted software is
removed, the privacy/anonymity properties are restored.
Compared to other TSS functions, the TSS DAA functions will do a great amount of
computations for reasons explained above.
Besides the TPM and its Platform TSS, DAA interacts with a DAA Issuer, DAA Verifier, DAA
Mediator and DAA Anonymity Revocation Authority which do not need a TPM themselves.
Their behavior is specified in optional TSS functions.
Extended functionality: Some of the functions that already existed in the 1.1b
specification have been extended to provide more flexibility in their use. These include:
Identity generation – Identity certificates can now be locked to PCRs and locality,
and “soft” identities, whose private key does not reside in the TPM can now be created.
PCR use – It used to be the case that the same PCRs were recorded at creation and
unseal – now each can be specified separately. In addition, PCR 15 has been reserved for
software testing, and can be reset without problem. In addition, some PCRs can be set to
be resettable only when the TPM in in a specific locality state.
Authentication – Authentication necessary to use a key used to be either through
an HMAC or PCR values (or both). Now locality can also be used as well
New signing key types – Some new varieties of keys have been generated, which will
have restricted usage.
New types of migratable keys – These CMKs (Certified Migratable Keys) are tied at
creation to a migration pub key or migration authority.
New flexibility in EKs. In the 1.1b specification, endorsement keys were fixed in the
chip at manufacture. This allowed a certificate to be provided by the manufacturer for the
key. However, some privacy advocates are worried about the EK becoming a non-
changeable identifier (in spite of all the privacy controls around it, which would make doing
this very difficult). As a result, the specification allows a manufacturer to allow the key to
be removed by the end user and regenerated. Of course the certificate at that point would
become worthless, and it could be very expensive for the end user to get a new certificate.
New Attributes:As mentioned in the above, some structures in the specification are
getting new attributes. Specifically, locality, which is a state of the TPM controlled by
special signals from the bus, and PCR attributes, which allow the PCR to become resettable
in certain locality states. Additionally, PCR[15] will be a debug PCR and will be resettable in
every locality.
Version 1.2 Level 1 Jan 11, 2006
TCG Software Stack (TSS) Specification
Copyright TCG 2006
TCG Software Stack (TSS) Specification
Page 7
As new TPM specifications come out and more platform specific specifications come out, the
programmer has a more and more difficult time determining when he is using a attribute
that is guaranteed to exist on the platform (s) he is targeting. This is not just a problem of
functions, which might be solvable through a table, but also a problem of key types. For
example, the signing function does not change when going from a 1.1 platform to a 1.2
platform, but if PCR_long is used instead of PCR_short in that function, it will only work in
a 1.1 platform and not a 1.2 platform. It is necessary for a program designer to know what
functionality is guaranteed available in the platforms he is targeting to run his code.
Failing this, a programmer will have to provide code to determine if the platform the
application is running on actually supports all the features he needs.
In spite of the fact that there are multiple localities that can use the TPM, the TSS is
written assuming it has exclusive access to the TPM and to the sessions it has access to
according to the values recorded in NVRAM. If virtualization of the TPM is necessary to
provide this service, it is assumed such will be provided.
End of informative comment.
Version 1.2 Level 1 Jan 11, 2006
TCG Software Stack (TSS) Specification
Copyright TCG 2006
TCG Software Stack (TSS) Specification
Page 8
Table of Contents
1. The TCG Software Stack (TSS)...................................................................................................................... 28
1.1 General Introduction................................................................................................................................. 29
1.2 Introduction to the TSS............................................................................................................................ 30
1.3 TSS functions defined are not exclusive.................................................................................................. 31
1.4 Platform Architecture................................................................................................................................ 32
1.4.1 Platform Modes................................................................................................................................. 32
1.4.2 Procedure Calls................................................................................................................................ 32
1.4.2.1 Local Procedure Call (LPC).................................................................................................... 33
1.4.2.2 Remote Procedure Call (RPC)................................................................................................ 33
1.5 Trust Boundaries....................................................................................................................................... 34
1.6 Privacy Boundaries................................................................................................................................... 35
1.7 OS Dependency........................................................................................................................................ 36
1.8 Roles......................................................................................................................................................... 37
1.8.1 TPM Owner....................................................................................................................................... 37
1.8.2 TPM User.......................................................................................................................................... 37
1.8.3 Platform Administrator...................................................................................................................... 37
1.8.4 Platform User.................................................................................................................................... 38
1.8.5 Operator............................................................................................................................................ 38
1.8.6 Public................................................................................................................................................ 38
1.9 TSS Architecture...................................................................................................................................... 39
1.9.1 TCG Service Provider (TSP)............................................................................................................. 40
1.9.1.1 TSP Interface (TSPI).............................................................................................................. 41
1.9.1.2 TSP Context Manager (TSPCM)............................................................................................ 41
1.9.1.3 TSP Cryptographic Functions (TSPCF).................................................................................. 41
1.9.2 TCG Core Services (TCS)................................................................................................................ 42
1.9.2.1 TCS Interface (Tcsi)................................................................................................................ 42
1.9.2.2 TCS Context Manager (TCSCM)............................................................................................ 42
1.9.2.3 TCS Key & Credential Manager (TCSKCM)........................................................................... 43
1.9.2.4 TCS Event Manager (TCSEM)............................................................................................... 43
1.9.2.5 TCS TPM Parameter Block Generator (TcsipBG).................................................................. 43
1.9.3 TCG Device Driver Library (TDDL)................................................................................................... 44
1.9.3.1 TDDL Interface (Tddli)............................................................................................................ 44
1.9.4 TPM Device Driver (TDD)................................................................................................................. 45
Version 1.2 Level 1 Jan 11, 2006
TCG Software Stack (TSS) Specification
Copyright TCG 2006
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
