IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [tpm]

A Trusted Platform Module (TPM) is a secure coprocessor found in some x86-based computers that provides cryptographic operations and system integrity measurements.

A Trusted Platform Module is a secure cryptoprocessor defined by the Trusted Computing Group and found on some x86 processors. It performs platform measurements that an operating system can use to ensure platform integrity, thus implementing a form of secure boot. The TPM also implements some common cryptographic algorithms. Each TPM contains a unique key and can therefore be used to authenticate the platform and to encrypt data that will not be decryptable without that particular TPM.

TrouSerS is an open-source TCG software stack (a TPM API). Microsoft's Bitlocker on Windows Vista and above leverages the TPM when present.

230 questions
6
votes
1 answer

How does ROCA affect Windows secure boot?

I've been doing some research on the Infineon vulnerability known as ROCA over the last few days. As I understand it, the vulnerability is present when a TPM running vulnerable firmware generates an RSA key. At that point, the public key can be used…
transportpoopmodule
  • 61
  • 1
6
votes
0 answers

Security of TPM 1.2 for providing tamper-evidence against firmware modification

I would like to use a TPM for providing tamper-evidence to my workstation, using SRTM (Static Root-of-Trust for Measurement). Currently, I plan to have the TPM seal a one-time value which only I know, similar to Qubes' Anti-Evil Maid implementation.…
guest
  • 219
  • 1
  • 5
6
votes
2 answers

Why VeraCrypt does not use a TPM?

According to the VeraCrypt FAQ, regarding whether or not TPMs are supported: No. Those programs use TPM to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer, and the attacker…
Duke Nukem
  • 687
  • 3
  • 9
  • 20
6
votes
1 answer

How to use TPM to identify a computer for licensing purposes?

I've been comissioned to use TPM to add a licensing system to an existing software project. The idea is to use TPM to uniquely identify the computer (that runs GNU/Linux, probably CentOS/RHEL/Fedora) so that the license file can only be used in that…
José Tomás Tocino
  • 163
  • 5
5
votes
1 answer

Decryption using GRUB and TPM

I'm trying to plan security routine for my new Linux install and few questions came up during searching for solution which meet my needs. Is it possible to use private key from TPM in GRUB to decrypt /boot partition located on external storage? Is…
Matthew
  • 53
  • 1
  • 3
5
votes
2 answers

How to use TPM to perform platform authentication?

I am currently looking at TPM (Trusted Platform Module) and wondering how does TPM offer platform authentication. Suppose a legal host is deployed on the cloud. How do I use TPM to assure that the host I am connecting to is that very host, rather…
user1834567
  • 51
  • 1
  • 2
5
votes
1 answer

Since TPM firmware is updatable can it be exploited by malicious hardware actors?

I have been reading about TPM for months and one thing seems to be odd. I noticed that TPM firmware can be updated in certain brands. Like "Lenovo" or this link which links a bunch of brands. Now from what I have read TPM is supposed to be hardcoded…
JackBixuis
  • 109
  • 5
5
votes
1 answer

What's the difference between Secure Boot and Attestation?

What's the exact difference between secure boot and device attestation. Nowadays with secure devices both are used, even at the same time, when in the core they do similar things, which is verification of the software running on the platform.
TrinityTonic
  • 231
  • 3
  • 10
5
votes
1 answer

What use does a TPM have for accurate timekeeping?

I stumbled across this image and something immediately stood out to me. This is a photograph of a discrete TPM card. That silver cylinder on the left is a crystal oscillator, used to tell time with very high precision. At first I thought it must be…
forest
  • 64,616
  • 20
  • 206
  • 257
5
votes
2 answers

securing Ubuntu bootloader using TPM

I am currently working with Ubuntu 16.04 , with an Intel CPU that supports TPM2 module. I am trying to harden my boot-loader, i tried using trustedgrub2 fork that supports TPM2 , i understand that trustedgrub2 currently does not support UEFI BIOS so…
mmelamud
  • 51
  • 1
  • 2
5
votes
1 answer

How do virtual trusted platform modules protect data?

From what I've read so far, vTPMs are able to securely store data on disk images. The disk images are encrypted and its keys are stored by the vTPM Manager. vTPM Manager also securely stores data on a disk image. However, I'm having difficulty…
O_O
  • 173
  • 1
  • 5
5
votes
1 answer

Is TPM ownership required for secure boot or measured boot?

I know: Secure Boot - can use the TPM Measured Boot - must use the TPM Can anyone intimately familiar with these processes explain if any TPM owner-authorized commands are required or used in these processes? Background: I am using a TPM in an…
Wilbur Whateley
  • 588
  • 6
  • 12
5
votes
2 answers

What is the correct way to remove bitlocker secrets from a TPM when returning a device for warranty?

Note: This is not a question about how to preserve data on a device that is returned for warranty. Rather, this is a question about how to ensure that the encrypted remnant data on the device is not accompanied by decryption keys when the device is…
alx9r
  • 569
  • 4
  • 18
5
votes
1 answer

LUKS TPM disk encryption attacks

Is it possible, or are there any known attacks, to get the encryption key for disk encryption tpm-luks? (Linux LUKS using encryption key stored in TPM) I know that there are attacks like cold boot where it is possible to recover disk encryption key…
user1563721
  • 1,099
  • 11
  • 22
5
votes
3 answers

Is there any mechanism available in Android platform for remote attestation?

I recently read about PC/Desktops which come with TPM chips which are used for remote attestation. So following are my questions: Does any Android smartphone come with a TPM chip? Is there any way for a service provider to check whether the user is…
aMa
  • 223
  • 2
  • 6
1 2
3
15 16