Menu
Home
Log in / Register
 
Home arrow Computer Science arrow A Practical Guide to TPM 2.0

A short course of lectures
«A Practical Guide to TPM 2.0»





Restricted Decryption KeyCommon BugsECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for SignaturesThree Persistent HierarchiesBuilding the Entity's Policy DigestSetting Up the Software StackPCR ValueMissing ObjectsPCRsHMAC: Message Authentication CodeTPM Context-Management CommandsHistory of TPM 2.0 Specification DevelopmentHMAC and Policy Sessions: DifferencesRemote Provisioning of PCs with IDevIDs Using the EKUnderstudy RoleSetting Up a Binary Version of the SimulatorAudit TypesPrivacy EnablementCreating an HMAC SessionSKINITKenNV Index Handle ValuesData DetailsSymmetric-Encryption KeyExample 1: Simple Key ManagementTPM2B_XXX StructuresHow to Find Information in the SpecificationDictionary Attack Lockout ResetSystem-Wide SecurityGetting Started in Part 3: the CommandsPassword Authorization SessionCommand Preparation FunctionsEndiannessNV PasswordPCR Quote in DetailTSS.Net and TSS.C++Technique 3Persistence of KeysHow TPM 2.0 Devices Are UsedHow TPM 2.0 Developed from TPM 1.2NULL HierarchySymmetric and Asymmetric Keys AttributesSimple Assertions and Multifactor AssertionsWave Systems Embassy SuiteNonvolatile IndexesAudit LogCreating PoliciesARM® TrustZone®More Complex ErrorsStarting the PolicySystem API Test CodeRestricted Signing KeyTSS.netExample 1: Smart card and PasswordKeysExample 2: A Policy for a Key Used Only for Signing with a PasswordState DiagramsCreating a Password Authorized EntityReserved HandlesHow Does EA Work?Audit CommandsPolicy Authorization Time IntervalsDuplication AttributesSome TermsCommand Context Allocation FunctionsCalculating the Strength of Algorithms by TypeKey HierarchySession and Authorization: Compared and ContrastedFlexible Management (New in 2.0)Changing a Password Authorization for an Already Created EntityRelationship to TPMsNonpersistent EntitiesKey CacheMicrosoft BitLockerTypical BugsThe MonitorThe Three TechnologiesExtended Authorization (EA) PoliciesAttacks on the Algorithm ItselfEntity NamesScenarios for Using Additional TPM 2.0 CapabilitiesState of the External Device (GPS, Fingerprint Reader, and So On)Authentication or Authorization TicketManagement of Objects, Sessions, and SequencesRandom Number GeneratorEphemeral HierarchyWorld SwitchingNonceSatisfying the Approved PolicyHistory of the TPMUsing an HMAC Session to Send Multiple Commands (Rolling Nonces)Certified PoliciesData BackupsFeature APIEnd User ProvisioningCommand Authorization StructuresLocking Firmware in an Embedded System, but Allowing for UpgradesTPM Software StackPrivacyPCRs for AuthorizationResource ManagerNV NamesSatisfying a PolicyGeneral DefinitionsWhy AuditCommand Authorization AreaRSA for Key EncryptionSession-Related DefinitionsTSS 2.0DebuggingHardware Validated BootSecurity DefinitionsPseudocode FlowPCR CommandsThe Stack: a High-Level ViewKey GenerationStorage HierarchyPCR AlgorithmsDebug Trace AnalysisSession Key and HMAC Key DetailsPasswords of a Different ObjectTPM Context-Management FeaturesVirtual Smart CardDaveExample 4: A Policy Good for One Boot CycleIntel® Trusted Execution Technology (Intel® TXT)Analyze the Error CodeDeprovisioningPolicy Authorization LifecycleNVRAM StorageUse Cases for Session VariationsKDF: Key Derivation FunctionTPM on an AMD PlatformExecution EnvironmentKey ManagementIdentificationSeparate CommandsAuthorizationUsing an HMAC Session to Authorize a Single CommandInternal State of the TPM (Boot Counter and Timers)Key Commands: Table DecorationsAlgorithm Agility (New in 2.0)Simple Code ExampleCode Example: Password SessionMultifactor AuthenticationTPM 2.0 Library Specification: The PartsTechnique 2PolicyCryptographic PrimitivesBad SizeKey StoragePrimary Keys and SeedsStarting HMAC and Policy SessionsKeys UnraveledAdministrator RolePCR AttributesDefinitions of the Major Fields of the Command Byte StreamAuditing TPM CommandsGuidelines for TPM2_StartAuthSession Handles and ParametersIntel TXT Boot SequencePython ScriptAltering or Creating an Entity That Requires HMAC AuthorizationSpecial Error CodesTAB and the Resource Manager: A High-Level DescriptionPasswords (Plaintext and HMAC) of the ObjectPlatform OEM ProvisioningPCR Authorization and PolicyStructure with UnionCombined Authorization LifecycleHMAC AuthorizationWhat Do Encrypt/Decrypt Sessions Do?Scenarios for Using TPM 1.2Authorizations and SessionsEnd User RoleCreating the Entity to Use the Policy DigestDevice DriverCommand-Based AssertionsTABRunning the SimulatorFlexible (Wild Card) PolicyExample 7: A Policy for NV RAM between 1 and 100Key DestructionInterruptsApplications That Use TPMsTPM2_StartAuthSession CommandPersistent HierarchiesNew Manageability Solutions in TPM 2.0RSA Asymmetric-Key AlgorithmDigital Signatures (such as Smart Cards)Strategies for Ramping Up on TPM 2.0Command Execution FunctionsWhy Extended Authorization?Policies and PasswordsMicrosoft SimulatorBrute ForceMultiple Varieties of AuthenticationTrustZone Is an Architectural FeatureUsing a Password AuthorizationQuick Tutorial on TPM 2.0Example 6: A Policy for Group AdmissionTPM Manufacturer ProvisioningHMAC Authorization LifecycleCryptographic AttacksKey DistributionSending Policy Commands to Fulfill the PolicyBasic Security ConceptsExclusive AuditHierarchiesDebugging High-level ApplicationsExample 3: A PC state, a Password, and a FingerprintExample 5: A Policy for Flexible PCRsLow-Level Application DebuggingDebug ProcessSpecial Rules Related to Power and Shutdown EventsStarting the Real Policy SessionSystem API Test CodeTCTIHMAC and Policy Session Code ExampleSession AuditContext ManagementContext Management vs. LoadingAsymmetric KeysAMD Secure Technology™Practical Use CasesSecuring a Server's LogonSolving Bigger Problems with the TPM 2.0TPM EntitiesAuthorization RolesSystem APIThe NS bitEnhanced Authorization (New in 2.0)Public Key CertificationApplications That Should Use the TPM but Don'tWhy a TPM?Definitions of the Major Fields of the Response Byte StreamIntel TXT Platform ComponentsCanonicalizationPerforming the Action That Requires AuthorizationCommon Structure ConstructsCertificationKey AuthorizationBuilding Applications for TPM 1.2Platform Configuration RegistersNV IndicesNV IndexesStartup InitializationMultifactor AuthenticationPlatform NV EnableSome DefinitionsActivating a CredentialTransforming the Approved Policy in the Flexible PolicyDecrypt/Encrypt SetupPlatform Configuration RegistersExample: A Policy for Work or Home ComputersPCRs for AttestationPassword Authorization LifecycleResponse Authorization StructuresCommonly Used Sections of the SpecificationNV Ordinary IndexOther TPM 2.0 SpecificationsProtection TargetStartup and ShutdownPCRs: State of the MachineCryptographic FamiliesSession VariationsDecrypt/Encrypt LimitationsMaking a Compound PolicyPassword Authorization: The Simplest AuthorizationSetting Up the TPMSymmetric-Key ModesRandom Number GeneratorPermanent EntitiesNumber of PCRsECC Asymmetric-Key AlgorithmTesting the SimulatorExisting Applications That Use TPMsInternal Value of an NV RAM LocationResource Manager OperationsKey DestructionBound vs. UnboundOffice RoleHistory of Development of the TPM Specification from 1.1b to 1.2Key Trees: Keeping Keys in a Tree with the Same Algorithm SetExample 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled Systems: Notation SyntaxTPM Access Broker (TAB)EncryptionPlatform Configuration Registers (PCRs)TSS.netEndorsement HierarchySymmetric Key PrimitivesCommand AuditThe ProblemKey GeneratorIdentifying Resources by Name (New in 2.0)High-Level DescriptionECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass KeysUsing a Policy to Authorize a CommandIBM File and Folder EncryptionWrong TypeKey Types and AttributesPersistent EntitiesRSA for Digital SignaturesHMAC PrimitivesBuilding the Simulator from Source CodeTPM Internal SlotsHMAC Session SecurityImplementation of TrustZoneNV WrittenNV Counter IndexConsiderations in Creating PoliciesStartup, Shutdown, and ProvisioningCompound Policies: Using Logical OR in a PolicyPassword, HMAC, and Policy Sessions: What Are They?DuplicationAudit DataSecure Hash (or Digest)How Extended Authorization WorksProvisioningOther Privacy ConsiderationsDisabled FunctionTechnique 1If the Policy Is CompoundDigest PrimitivesHigh-Level DescriptionResource ManagerSample CodeNavigating the SpecificationObjectsPutting It All TogetherDecrypt/Encrypt SessionsHash ExtendQuick Key Loading (new in 2.0)Application Interfaces Used to Talk to TPMsKey ActivationTPM Administration and WMINULL HierarchyRocks to Avoid When Developing TPM ApplicationsPlatform HierarchySalted vs. UnsaltedIf the Policy Is Flexible (Uses a Wild Card)WillNon-Brittle PCRs (New in 2.0)Last ResortCommand and Response Authorization Area DetailsThe Platform Crypto ProviderSeparation of PrivilegeLocality of CommandHome RolePlatform Security Technologies That Use TPM 2.0Simple Assertion PoliciesPolicy Authorization
 
Found a mistake? Please highlight the word and press Shift + Enter  
 
Subjects
Accounting
Business & Finance
Communication
Computer Science
Economics
Education
Engineering
Environment
Geography
Health
History
Language & Literature
Law
Management
Marketing
Mathematics
Political science
Philosophy
Psychology
Religion
Sociology
Travel