IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [tpm]

A Trusted Platform Module (TPM) is a secure coprocessor found in some x86-based computers that provides cryptographic operations and system integrity measurements.

A Trusted Platform Module is a secure cryptoprocessor defined by the Trusted Computing Group and found on some x86 processors. It performs platform measurements that an operating system can use to ensure platform integrity, thus implementing a form of secure boot. The TPM also implements some common cryptographic algorithms. Each TPM contains a unique key and can therefore be used to authenticate the platform and to encrypt data that will not be decryptable without that particular TPM.

TrouSerS is an open-source TCG software stack (a TPM API). Microsoft's Bitlocker on Windows Vista and above leverages the TPM when present.

230 questions
0
votes
0 answers

Is it (easily) possible to deactivate a TPM in order to update the BIOS?

My assumption is that a BIOS update, while having a TPM activated, would render the computer unusable so that I could trash it unless I can revert the changes to the BIOS. 1) Is it possible to deactivate the TPM, for example in order to install a…
Manuel
  • 33
  • 3
0
votes
2 answers

Bitlocker/Filevault and VeraCrypt together?

I'm researching ways to make the most secure encryption for additional fixed drives to protect against unknown vulnerabilities, side channel attacks, etc. Basically, securing the data beyond just a single password on ALL drives. The OS utilizes a…
Matt
  • 11
  • 1
0
votes
2 answers

TLS 1.3 protected by TPM 2.0

I have seen some implementation of TLS using TPM 2.0 like the tpm2-tss-engine engine which can be used to protect the server private key associated with the certificate and sign with it inside the TPM. The same thing can be done with the client if…
runnenolleb
  • 1
  • 1
0
votes
1 answer

Device authentication, common method

What are some standard device authentication methods, in a scenario when: The desktop computer is being authenticated on web service I provide the .exe on the desktop I control the web service The desktop has a TPM chip installed Should I get the…
guest
  • 1
  • 2
0
votes
0 answers

What is the difference between SGX and TPM?

What is the difference between Intel Guard Extensions (SGX) and Trusted Module Platform (TPM)? This answer tells you what the similarities are and what the features are, but not explicitly what the differences are.
user199561
  • 1
  • 1
0
votes
1 answer

Asymmetric/Symmetric Encryption of a TPM key hierarchy

I know that keys in a TPM key hierarchy are encrypted with their parent keys. But I read that those parent keys (for instance an asymmetric SRK) need to have some symmetric secret for said encryption. Is is mandatory to encrypt child keys with a…
Sushiman
  • 55
  • 5
0
votes
0 answers

How common are computers with a TPM

When writing software, is it worth targeting a TPM for increased security? That boils down to: how common are normal business desktop and laptop computers with a TPM (not servers, not so interested in personal computers/gaming rigs etc)? On a scale…
Martin Bonner supports Monica
  • 236
  • 2
  • 9
0
votes
0 answers

TPM and the secret key

It's written that the TPM never allows these private keys to be exported outside the chip. This means that the only way to sign something with one of those keys is to use the computer to send a request to the TPM. Now when it comes to remote…
user180095
0
votes
2 answers

How does the TPM provide security for the cloud?

The primary scope of TPM is to assure the integrity of a platform. In this context, "integrity" means "behave as intended". ~Wiki I'm learning more about how the TPM performs integrity covering aspects as root of trust, chain of trust, PCRs…
user178521
0
votes
1 answer

How can I detect a MITM when the communication partner is in on it?

I was thinking about a host computer having a hardware TPM (Trusted Platform Module), with which I can get trustworthy information about the platform (first and foremost, that I am not in a virtual machine). Then I thought, what would happen, if I…
Minix
  • 109
  • 4
0
votes
2 answers

Hardware / firmware backdoors : TPM as a security risk - How to turn it into security advantage?

--- Question: What are the exact risks of using TPM 2.0 or owning this integrated chip? In what circumstances? What are the solutions to minimize risks? Details: My primary goal was to try to find out, how could deeper level backdoors compromise…
TriloByte
  • 231
  • 2
  • 8
0
votes
1 answer

How Does The TPM Work With The CPU To Decrypt Data

Okay, from what I've been reading, At startup, the BIOS performs an integrity check and produces a hash value to set in the PCRs of the TPM (aka Core Root of Trust Module), and when all of the needed PCRs are correct the operating system will have…
Alpha
  • 1
  • 2
0
votes
1 answer

How to configure TPM lockout in Bitlocker when using a PIN

I have Windows 10 (1607) and use Bitlocker with Pin protection. It is a TPM 2.0 chip. I got completely locked out of my a machine. It kept saying "Too many PIN attempts" at the Pre-Boot stage. I eventually followed the instructions here:…
user1102550
  • 981
  • 1
  • 10
  • 15
0
votes
1 answer

What is the maximum depth for child keys in the TPM device?

How many levels of child keys may be used in the real TPM device? Are there any limitations?
Victor Signaevskyi
  • 121
  • 5
0
votes
1 answer

How would "hardware verified" API calls be constructed?

Problem Thinking about the Snapshat clones, that stole API credentials, and then used an API without permission.. I think the underlying hardware and OS should have prevented this. Proposed solution In other words, I think that hardware-verified…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
1 2 3
15
16