IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [trusted-computing]

Trusted Platform Module (TPM) and other protocols and components of trust in a computer or computer network

Trusted computing primarily refers to standards published by the Trusted Computing Group. TCG designs include the Trusted Platform Module (TPM), an add-on chip for PC-like system that is meant to be tamper-resistant and monitor the operation of the main processor. The TCG has also published designs that are not directly related to the TPM, such as the TNC protocol suite.

114 questions
3
votes
1 answer

Securely read encryption key from NVRAM of TPM 1.2

I have configured a disk encryption in linux using LUKS with TPM with secure boot. The encryption key is loaded from TPM from NV memory using command TPM_NV_ReadValueAuth. The problem is that it is read as a clear text and it can be captured on LPC…
user1563721
  • 1,099
  • 11
  • 22
2
votes
1 answer

TPM - number of AIKs and signing key

I try to learn a bit about the TPM and have a few questions I could not solve by myself. There are some privacy concerns about using the EK for identifying a TPM. I do not get these privacy concerns. Can anyone provide me a small example how one…
onb
  • 21
  • 1
2
votes
2 answers

Why doesn't Bitlocker mix the password with stored key?

Bitlocker doesn't support USB key + PIN (password). The reasoning was "the password is too weak to provide additional security". Isn't that flawed? With a USB key and password, I've got some level of two-factor, right? The USB drive contains 128/256…
MichaelGG
  • 380
  • 1
  • 9
2
votes
1 answer

How to measure the integrity of the OS (Linux)?

I am working on a project which requires Integrity measurement of OS (Linux). One way to do that is using IMA but I am not sure if it fits in the scenario below. The scenario of the project is some what like this: The systems boots up and…
user3130920
  • 21
  • 3
2
votes
2 answers

Which PCR we can extend by using our own code?

As there are 24 PCR's in TPM 1.2 specification. Some of these PCRs are reserved and cannot be extended by user's code. Below are the PCR Index with their usage: 0 - CRTM, BIOS and Platform Extensions 1 - Platform Configuration 2 - Option ROM Code 3…
Geek
  • 469
  • 1
  • 4
  • 9
2
votes
2 answers

Is there any way of recover a locked drive using TPM?

Just reading I learned about the TPM technology and how it works. However, it make me wonder... if the motherboard crashes, is the data lost forever? Because you can't use the drive in other system due to the unique RSA key used by the TPM.
The Illusive Man
  • 10,487
  • 16
  • 56
  • 88
2
votes
0 answers

Using TPM to generate certificates associated with different users on the same device

I plan to use the TPM to generate CSR's backed by a private key stored on the TPM. The CSR's will then be signed by an external HSM. Since a certificate is tied to a particular private key, how do you support multiple users on the same laptop on the…
Dr. Lecter
  • 121
  • 1
2
votes
1 answer

Root of Trust - The general Mechanism of how RoT Authenticates higher levels of software

I've been reading many research articles about RoT - Root of Trust - for establishing a chained root of trust going up from BIOS to the Kernel. However, most of the article go briefly on how RoT works for different brands. A good article on RoT is…
Omar Jarkas
  • 21
  • 2
2
votes
1 answer

What does a TPM have in common with smart cards?

The title really says it all. I'm starting to dig a little bit into computer security and from what I've watched or from what I have read in books or articles there's always a mention of basic smart cards (e.g. Chapter 3, “Scenarios for Using TPM…
T. Maxx
  • 115
  • 1
  • 1
  • 5
2
votes
1 answer

Where to store signing key in TPM

I'm using TPM 2.0 to do a remote attestation for a computer. In order to do that you have to generate a signing key from a primary key. This generate a public key and an encrypted private key. As per the official documentation it says "Preservation…
Marwen Jadla
  • 23
  • 3
2
votes
1 answer

Can I prove the relation between AIK and EK without asking to the TPM 2.0?

The Endorsement Key (EK), the Public part, is available directly on the TPM chip, I know that you can generate an AIK key and then sign with that key, the hash must be generated by the TPM. The idea is to execute remote attestation with the…
jbarbosa
  • 23
  • 3
2
votes
1 answer

With TPM how are the initial PCR values seeded with 'good' values?

I am trying to learn more about trusted boot / trusted platform modules and I understand about Platform Configuration Register (PCR) values being a measurement of a 'good' configuration signed by a key locked from access within the TPM chip. What I…
decodebytes
  • 131
  • 4
2
votes
0 answers

Use TPM 1.2 to store the private key of a certificate

Let's say I have an application that requires certificates (HTTPS, MQTTs, etc.) due to the use of TLS. I'm planning to build my own tier-1 PKI hierarchy with my own company CA signing device certificates. One of our products has a TPM available on…
TrinityTonic
  • 231
  • 3
  • 10
2
votes
1 answer

Distinguishing features of TPM from software solutions

It's said that TPM is proposed to address issues that software alone cannot. To my understanding, this means TPM cannot be simulated using software. For example, as far as I know, TPM comes with a hardware-based random number generator. I think it's…
Lingxi
  • 121
  • 2
2
votes
1 answer

Windows 8 in a VDI environment and the use of Secure Boot

I have a question, How would secure boot be implemented in a virtulized environment, say XEN hypervisor with multiple guest OS's including Windows 8 guest VM? does the guest VM need access to the hardware validation as well?
Arabisc
  • 21
  • 1
1 2 3 4
5
6 7 8