IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [trusted-computing]

Trusted Platform Module (TPM) and other protocols and components of trust in a computer or computer network

Trusted computing primarily refers to standards published by the Trusted Computing Group. TCG designs include the Trusted Platform Module (TPM), an add-on chip for PC-like system that is meant to be tamper-resistant and monitor the operation of the main processor. The TCG has also published designs that are not directly related to the TPM, such as the TNC protocol suite.

114 questions
49
votes
3 answers

How does the TPM perform integrity measurements on a system?

I am trying to find out how the TPM performs an integrity measurement on a system. It is well-documented in the TPM specification how it seals the data it has measured in the PCRs and how it is updated. But that which I can't find explained is how…
user1049697
  • 1,107
  • 2
  • 10
  • 15
24
votes
2 answers

Difference between TPM, TEE and SE

What is the difference between a Secure Element (SE), a Trusted Execution Environment (TEE) and a Trusted Platform Module (TPM)? I understand that they all refer to an external secure cryptoprocessor, which is designed to store cryptographic keys…
Raoul722
  • 491
  • 1
  • 4
  • 10
21
votes
2 answers

Tamper-proof BIOS password & settings storage with Trusted Platform Module?

In the olden days, one could trivially bypass BIOS passwords on most PCs by removing the BIOS battery and clearing the CMOS. My question is: On modern PCs equipped with a Trusted Platform Module (TPM), how tamper-resistant are BIOS passwords and…
user2122
21
votes
2 answers

What is known about the capabilities of AMD's Secure Processor?

I've found a fair amount of research about what Intel's ME does, including the "Intel x86 considered harmful (Chapter 4 is about ME)" survey paper by Joanna Rutkowska, but I'm having a much harder time finding information about AMD's Secure…
mikkros
  • 211
  • 2
  • 4
19
votes
2 answers

Does the ARM TrustZone technology support sealing a private key under a code hash?

One of the extremely valuable functions of a Trusted Platform Module (TPM) chip is its ability to seal a private key under the hash of the code that will use it. This means that one can create a private key which can only be read by a a piece of…
runeks
  • 393
  • 1
  • 2
  • 8
19
votes
3 answers

How secure is Microsoft-mandated UEFI Secure Boot, really?

I've read a few articles recently about the UEFI Secure Boot feature, and how Microsoft will be requiring it to be enabled by default on all Windows 8 certified x86 systems. In theory, it sounds like a good idea - the system will check the boot…
Iszi
  • 26,997
  • 18
  • 98
  • 163
17
votes
3 answers

Status of Trusted Computing and Remote Attestation deployment

Hardware support for various client-side controls based on Trusted Computing (Wikipedia) has been evolving over the years, e.g. TCPM, TPM, TXT (LaGrande, DRTM). I've heard of one practical application, for convenient disk encryption via a…
nealmcb
  • 20,544
  • 6
  • 69
  • 116
17
votes
1 answer

What are the functional similarities and differences between TPM and SGX in trusted computing?

I know about the TPM (Trusted Platform Module). In recent years, more researchers start to develop on Intel SGX, which I do not have any experience with. They are both crypto chips, but what are their functional similarities and difference? What…
TJCLK
  • 818
  • 8
  • 23
16
votes
1 answer

TPM and storage of keys

A TPM hardware device has very limited non-volatile protected memory just sufficient to store the EK (Endorsement Key) and SRK (Storage Root Key). How does a TPM allow nearly unlimited number of symmetric keys to be safely stored on an otherwise…
niklr
  • 581
  • 1
  • 4
  • 11
16
votes
3 answers

Using TPM with DMcrypt?

Is it possible to use TPM for storage of some private key? It's not a full-disk encryption , I want it to be compatible with existing LUKS, just add another key, and store it in the TPM.
daisy
  • 1,735
  • 3
  • 25
  • 39
14
votes
0 answers

TPM PCR value unchanged with BIOS configuration changes

I have been experimenting with the TPM on a Dell R710 (BIOS version 6.3.0). My goal was to detect changes to BIOS settings through TPM PCRs. The research I have done leads me to believe that BIOS configuration changes should be reflected in PCR…
MattyG
  • 141
  • 1
  • 3
14
votes
1 answer

How are TPMs provisioned for Intel Trusted Execution Environment (TXT)?

For Intel TXT to work, the TPM must be provisioned. Intel provides some tools for doing this but many are protected by non-public login or an NDA. Many OEM platform vendors provision their boards and machines at manufacturing time so an end user…
Wilbur Whateley
  • 588
  • 6
  • 12
13
votes
4 answers

How to trust ICs?

While it is theoretically possible to thoroughly examine the source code of Open Source Software to check for backdoors (neglecting a Ken Thompson hack), and given sufficiently adequate knowledge in Electrical Engineering one can probably figure out…
Tobias Kienzler
  • 7,578
  • 10
  • 43
  • 66
11
votes
2 answers

How do you know a computer is not compromised when you first get it?

How do you know a computer is not compromised when you first get it? How do you know that manufacturers have not intentionally built vulnerabilities into the system?
Kinnard Hockenhull
  • 213
  • 1
  • 4
11
votes
3 answers

Does "late launch"/"dynamic chain of trust" allow remote attestation?

One of the features support by modern processes and Trusted Platform Modules is "dynamic chain of trust" (also known under the acronym DRTM, for dynamic root of trust measurement). This allows loading a critical piece of software in an isolated…
D.W.
  • 98,420
  • 30
  • 267
  • 572
1
2 3 4 5 6 7 8