IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [trusted-computing]

Trusted Platform Module (TPM) and other protocols and components of trust in a computer or computer network

Trusted computing primarily refers to standards published by the Trusted Computing Group. TCG designs include the Trusted Platform Module (TPM), an add-on chip for PC-like system that is meant to be tamper-resistant and monitor the operation of the main processor. The TCG has also published designs that are not directly related to the TPM, such as the TNC protocol suite.

114 questions
10
votes
1 answer

TPM support with OpenSSL FIPS Object Module

How can I use a TPM chip along with the OpenSSL FIPS Object Module without modifying OpenSSL FIPS Object Module (to avoid Private Label certification)? Should we add an engine interface in OpenSSL module as well in OpenSSL FIPS Object Module?
user50392
  • 101
  • 3
10
votes
1 answer

What prevents the Intel TXT boot loader from being maliciously altered?

From my understanding of Intel TXT, the technology can be used to put the processor in a trusted state where measurements can be performed. My understanding looks something like this, where I believe TBoot is typically used to launch SINIT. However …
Nark
  • 539
  • 1
  • 5
  • 15
10
votes
2 answers

TPM- Symmetric key storage

I understand that the TPM can be used to store an unlimited number of keys. However I am left with a few questions: Presuming the TPM is connected on the LPC what protects the data travelling across that interface. If I follow the SRK key approach…
Nark
  • 539
  • 1
  • 5
  • 15
9
votes
0 answers

OPAL Hardware Encryption

I recently bought a laptop which has OPAL compliant Self encrypting hard drive. I wanted to know how I could use/check the status of the Hardware Encryption features of an OPAL drive (windows, linux or else)? How do I make sure it's active and…
Jean-François Rioux
  • 589
  • 5
  • 10
9
votes
1 answer

What's the difference between the endorsement key and the attestation identity key within the TPM?

I'm trying to make notes about the TPM and what it does. More specifically I'm looking at the 3 RSA key pairs: the 'endorsement key', the 'storage root key' and the 'attestation identity key'. This is what I have written so far: The ‘Endorsement…
BetaInProgress
  • 91
  • 1
  • 2
9
votes
1 answer

What does CRTM refer to?

The Definition of CRTM in TCG specification says: Typically, the RTM is the CPU controlled by the Core Root of Trust for Measurement (CRTM). The CRTM is the first set of instructions executed when a new chain of trust is established. When a system…
Yuan Song
  • 91
  • 1
  • 2
8
votes
2 answers

Using a TPM with Linux

I have the need for a company laptop (Dell e6540) that contains our java application on it to go out for evaluation purposes. For this reason I would like to make sure that the HDD is protected from customers (or anyone else) being able to take our…
agregory
  • 81
  • 1
  • 1
  • 2
8
votes
1 answer

Dynamic vs Static root of trust

In TCG specification (for TPM devices) they specify how a static root of trust can be built up using secure boot and trusted boot. An alternative method appears to be Intel's Dynamic boot using their Intel TXT technology. I was just wondering from a…
Nark
  • 539
  • 1
  • 5
  • 15
8
votes
3 answers

vt-d Virtualisation and Trusted Execution Technology

Being a long time VirtualBox user and having recently purchased a new laptop equipped with an intel i7 720QM I discovered that it supported vt-d. In the meantime I've found out that vt-d comes with TXT which is a kind of hardware security addition…
Alain Pannetier
  • 277
  • 5
  • 9
8
votes
2 answers

When taking ownership of a TPM in Windows 7, how is the SRK derived from the password?

When you take ownership of a TPM in Windows 7 you encounter a screen like this: Based on this document, it is my understanding that completing this dialog box somehow results in the generation of the Storage Root Key (SRK) based on the…
alx9r
  • 569
  • 4
  • 18
8
votes
2 answers

What are the differences between HSM and SE?

What are the differences between a Hardware Security Module (HSM) and a Secure Element (SE)? Can both terms be used interchangeably? I came across various related question (TPM vs. HSM and TPM vs. SE) but the various HSM and SE definitions found…
DurandA
  • 107
  • 1
  • 10
8
votes
1 answer

How can one protect TPM firmware from tampering?

I know that a TPM includes ROM, nonvolatile (e.g. EEPROM), and volatile (e.g. SRAM) memories. The executable firmware is stored in ROM, such as various drivers and commands. But this time, I want to know how the firmware in ROM can be protected from…
TJCLK
  • 818
  • 8
  • 23
8
votes
1 answer

Issues/Vulnerabilities that TPM 2.0 aims to enhance/solve comparing to TPM 1.2

I have read some documents that comparing TPM 1.2 and TPM 2.0 (e.g. more supported algorithms like SHA-2, reduced code size, or even symmetric keys seems added, etc.) I want to ask that what are the objectives to develop a non-compatible TPM 2.0?…
TJCLK
  • 818
  • 8
  • 23
7
votes
2 answers

Can TPM "Storage Keys" be created outside the TPM?

I am interested in 'adding' preexisting keys to a TPM's storage hierarchy. An example of a desired key hierarchy can be shown as: (SRK)----->(User Storage Key)-------> User Working Key 1 | …
user13311
  • 81
  • 1
  • 5
7
votes
1 answer

TPM: signing key or Attestation Identity Key?

I am dealing with the TPM right now and do not get why there is a need for an extra signing key. Instead one could use one of the Attestation Identity Keys (AIKs) for signing as well?! Using different keys shall be good practice but I would like to…
onb
  • 73
  • 1
  • 6
1
2
3 4 5 6 7 8