How many levels of child keys may be used in the real TPM device? Are there any limitations?
Asked
Active
Viewed 464 times
0
-
Can you please clarify which tpm device you are discussing. There are various ones with different specifications... – Rory Alsop Dec 05 '16 at 08:43
-
@Rory Alsop I gave the correct answer to my question. No matter which kind of TPM device is used. – Victor Signaevskyi Dec 05 '16 at 08:54
-
I'm not sure your answer is that useful for all TPM's - some can handle multiples internally without resorting to an external store, so while your concluding sentence, "...depth of child keys is unlimited" may be true, it doesn't provide an overall answer that will satisfy someone who has a TPM that can handle multiple child layers internally. – Rory Alsop Dec 05 '16 at 10:15
-
@Rory Alsop I cannot agree. When under acronym "TPM" we mean "Trusted Platform Module". TPM has its own specification, named as TCG. If carefully read this documentation we may find universal answer for all TPM modules. – Victor Signaevskyi Dec 05 '16 at 10:45
1 Answers
0
Recently, I've read one interesting answer:
The Storage Root Key (SRK) is used to wrap TPM protected keys which can be stored outside the TPM. That data stored outside the TPM can be decrypted by passing it back through the TPM again for a decryption operation.
Keys wrapped by the SRK can themselves be used to wrap other keys, too. This method of wrapping can be used to create a key hierarchy of parent key and child keys. To load a child, first load its parent. Once the child is loaded, the parent key can be unloaded from the TPM to free up TPM chip resources.
Taking mentioned into account I can conclude, that depth of child keys is unlimited.
Victor Signaevskyi
- 121
- 5