IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [tpm]

A Trusted Platform Module (TPM) is a secure coprocessor found in some x86-based computers that provides cryptographic operations and system integrity measurements.

A Trusted Platform Module is a secure cryptoprocessor defined by the Trusted Computing Group and found on some x86 processors. It performs platform measurements that an operating system can use to ensure platform integrity, thus implementing a form of secure boot. The TPM also implements some common cryptographic algorithms. Each TPM contains a unique key and can therefore be used to authenticate the platform and to encrypt data that will not be decryptable without that particular TPM.

TrouSerS is an open-source TCG software stack (a TPM API). Microsoft's Bitlocker on Windows Vista and above leverages the TPM when present.

230 questions
9
votes
1 answer

What's the difference between the endorsement key and the attestation identity key within the TPM?

I'm trying to make notes about the TPM and what it does. More specifically I'm looking at the 3 RSA key pairs: the 'endorsement key', the 'storage root key' and the 'attestation identity key'. This is what I have written so far: The ‘Endorsement…
BetaInProgress
  • 91
  • 1
  • 2
9
votes
4 answers

Usage of Android Keystore

I'm using the Android Keystore to store an asymmetric cryptographic (to decrypt a file containing an asymmetric key). I did that because I want to encrypt a large set of data and an asymmetric isn't enough ans they keystore has symmetric keys since…
AndoKarim
  • 103
  • 1
  • 5
9
votes
1 answer

Do fTPM implementations protect against physical attacks?

I see that there is an increasing number of PCs shipped with firmware based TPM (fTPM), e.g. the Intel NUC. As far as I understand, these solutions practically emulate a TPM chip using the CPUs special instructions (ARM TrustZone or Intel SGX). This…
KovBal
  • 313
  • 2
  • 8
9
votes
2 answers

What is the use of TPM-based Bitlocker if the drive gets decrypted automatically?

I am using Bitlocker which uses a TPM to unlock the drive. My question is, although TPM provides security against tampering, how is it useful in defending against attacks that involve physical access? An attacker can just power on the computer and…
entropy
  • 362
  • 3
  • 10
9
votes
1 answer

What does CRTM refer to?

The Definition of CRTM in TCG specification says: Typically, the RTM is the CPU controlled by the Core Root of Trust for Measurement (CRTM). The CRTM is the first set of instructions executed when a new chain of trust is established. When a system…
Yuan Song
  • 91
  • 1
  • 2
8
votes
1 answer

Dynamic vs Static root of trust

In TCG specification (for TPM devices) they specify how a static root of trust can be built up using secure boot and trusted boot. An alternative method appears to be Intel's Dynamic boot using their Intel TXT technology. I was just wondering from a…
Nark
  • 539
  • 1
  • 5
  • 15
8
votes
2 answers

TPM or OpenSSL for key generation?

I would like to know which method is more secured. I know that they can be combined, but I would like to understand why TPM or OpenSSL might be a more secure technique to generate (encryption, decryption) keys
CyberHunter
  • 103
  • 5
8
votes
1 answer

How can one protect TPM firmware from tampering?

I know that a TPM includes ROM, nonvolatile (e.g. EEPROM), and volatile (e.g. SRAM) memories. The executable firmware is stored in ROM, such as various drivers and commands. But this time, I want to know how the firmware in ROM can be protected from…
TJCLK
  • 818
  • 8
  • 23
8
votes
1 answer

Issues/Vulnerabilities that TPM 2.0 aims to enhance/solve comparing to TPM 1.2

I have read some documents that comparing TPM 1.2 and TPM 2.0 (e.g. more supported algorithms like SHA-2, reduced code size, or even symmetric keys seems added, etc.) I want to ask that what are the objectives to develop a non-compatible TPM 2.0?…
TJCLK
  • 818
  • 8
  • 23
7
votes
2 answers

Can TPM "Storage Keys" be created outside the TPM?

I am interested in 'adding' preexisting keys to a TPM's storage hierarchy. An example of a desired key hierarchy can be shown as: (SRK)----->(User Storage Key)-------> User Working Key 1 | …
user13311
  • 81
  • 1
  • 5
7
votes
1 answer

TPM: signing key or Attestation Identity Key?

I am dealing with the TPM right now and do not get why there is a need for an extra signing key. Instead one could use one of the Attestation Identity Keys (AIKs) for signing as well?! Using different keys shall be good practice but I would like to…
onb
  • 73
  • 1
  • 6
7
votes
2 answers

What really is the difference between firmware TPM and a discreet one and should it be trusted more?

What really is the difference between a physical TPM and any implementation of a fTPM? I get that both adhere to the same specification and in my mind should be the same thing, but then, I don't understand why there even are 5 or so different types…
T. Maxx
  • 115
  • 1
  • 1
  • 5
7
votes
2 answers

Is it possible to make a laptop useless to thieves?

I was robbed... That included my Linux notebook and my company's notebook. Both are encrypted. Mine is encrypted with LVM over LUKS, using a passphrase to unlock the hard drive once the kernel has been started by the UEFI. But Secure Boot was…
Cilyan
  • 183
  • 6
6
votes
1 answer

Purpose of TPM "ownership" and "owner password"

I have a laptop with TPM 2.0, dual-booting Windows 10 and Linux. By default, Windows automatically takes ownership of the TPM with a throwaway password, but can be configured to store it in the Registry. However, Linux seems to have access to the…
user1686
  • 1,041
  • 8
  • 17
6
votes
1 answer

Use TPM2.0 to securely decrypt the hard drive in Linux -- unattended

I spent several days trying to figure out how to securely decrypt a hard drive on remote location using TPM2.0 in Linux. I'm no security expert and this is my first battle with TPM2.0. I learned a lot, but I still have questions. Could someone help…
Kamil
  • 171
  • 1
  • 5
1
2
3
15 16