IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [trusted-computing]

Trusted Platform Module (TPM) and other protocols and components of trust in a computer or computer network

Trusted computing primarily refers to standards published by the Trusted Computing Group. TCG designs include the Trusted Platform Module (TPM), an add-on chip for PC-like system that is meant to be tamper-resistant and monitor the operation of the main processor. The TCG has also published designs that are not directly related to the TPM, such as the TNC protocol suite.

114 questions
1
vote
0 answers

"Trusted memory" What does it mean?

It is often cited "to load from untrusted memory to a trusted system memory" when describing the secure boot process. I wonder, when can we consider a memory as "trusted"?
Lavender
  • 259
  • 1
  • 9
1
vote
1 answer

Why authenticated boot not Secure boot?

Context: Secure boot is one of the important elements of Trusted Computing in computer system. One variety of the Secure boot is authenticated boot. While secure boot prevent the boot of a non trusted software, the authenticated boot detects a non…
Lavender
  • 259
  • 1
  • 9
1
vote
1 answer

Using keys inside a secure enclave on a non trusted hardware and OS

Are secure enclaves like intel SGX protected from memory leaks? What if a non trusted privileged user dumps all the physical RAM memory. Is it possible to extract the keys in this way?
prosaad
  • 13
  • 3
1
vote
1 answer

Symmetric Keys for a TPM

I am currently researching the capabilities of TPM in creating and storing different kinds of cryptographic keys. I know that a TPM can create and store keys for asymmetric algorithms like RSA or elliptic curves. But what about symmetric keys, like…
Sushiman
  • 55
  • 5
1
vote
0 answers

TPM and trust in cloud provider

I'm kinda unclear and confused ,i'm searching on the subject of trusted module platform and i can resume the main tpm's functions are: authentication functions, integrity measurement functions and attestation functions. By trust we mean that the…
user180095
1
vote
1 answer

TPM with the three main groups of functions

I’m a little unclear on this (marked strong): "The public key authentication functions provide for on-chip key pair generation using a hardware random number generator, along with public key signature, verification, encryption, and decryption. By…
user180095
1
vote
1 answer

Verifying that the CRTM is read-only for the purpose of trusted computing

When using a TPM to provide integrity measurements for a system via SRTM, the trusted computing base is reduced to only the TPM and CRTM. The CRTM is a component of the BIOS (specifically the bootblock) which executes first and allows the TPM to…
forest
  • 64,616
  • 20
  • 206
  • 257
1
vote
1 answer

TCG OPAL 2.0 Specification on technical Implementation?

Where can one find more technical information on the TCG OPAL 2.0 standard regarding how exactly the crypto has to been implemented in self encrypting drives? I couldn't find OPAL 2.0 implementation technical papers…
user3200534
  • 851
  • 8
  • 19
1
vote
1 answer

Understanding differences between kernel-based TCB and micro-kernel TCB

Recently I've been learning the concept of trusted computing base, and I've seen 2 types of TCB: Kernel-based TCB Micro-kernel TCB Where, from my understanding, the main difference is that in the former we have many OS oriented processes, like file…
sel
  • 413
  • 1
  • 4
  • 7
1
vote
1 answer

Does periodically rebooting secure-boot-enabled devices improve security by preventing persistent compromise?

Many devices now enforce verified/trusted/secure boot, which according to Wikipedia "will only allow signed software to run on the device." Platforms that support this feature include Android, iOS, Windows, and Chrome OS. From what I understand,…
tonytan
  • 698
  • 5
  • 8
1
vote
1 answer

Secure communication protocol for equality test

I'm solving a theoretical problem with two entities, each having one secret number. They need to find out whether these number equal without disclosing their number when they differ. Easy solution is to encrypt both numbers and compare these…
Honza
  • 11
  • 1
1
vote
1 answer

Deep attestation of VM's

Hypervisors like Xen have virtual TPM (vTPM) support. In cloud environments, are there any implementations where such vTPM's are being used during remote attestation in addition to the host TPM based attestation in practice? What are the possible…
DaTaBomB
  • 635
  • 1
  • 6
  • 16
1
vote
1 answer

Take ownership on TPM 2.0

When I try to take the ownership on my TPM 2.0, I run the tpm2_takeownership command. For the first time, I got this error: ./tpm2_takeownership -e 0123 -o 0123 -l 0123 ......Change Hierarchy Owner Auth Succ...... ......Change Hierarchy Endorsement…
Damien
  • 293
  • 4
  • 15
1
vote
1 answer

In practice, does TPM SRK really be decrypted by EK first, before it decrypt its child keys

I know that TPM SRK was generated when user take TPM ownership, and it is encrypted by EK public part. All the child keys under SRK need to be loaded into TPM and decrypted by SRK before use. (These are what the books tell us.) However, it seems…
TJCLK
  • 818
  • 8
  • 23
0
votes
0 answers

TPM2-TOOLS: Dump TPM2 Attestation Key after it has been created

Suppose I have created an Attestation key (AK) and dumped the public portion for my use. Further using TPM2 Evict Control, I make the attestation key persistent on an address in TPM. $ tpm2_createak -C ek.handle -c ak.ctx -u ak.pub -n ak.name #…
Harsh
  • 3
  • 1
1 2 3 4 5 6
7
8