Log in / Register
Home arrow Computer Science arrow A Practical Guide to TPM 2.0

A short course of lectures
«A Practical Guide to TPM 2.0»

System-Wide SecurityAMD Secure Technology™Storage HierarchyIntel TXT Platform ComponentsPassword Authorization LifecycleMultifactor AuthenticationRandom Number GeneratorSession AuditCommonly Used Sections of the SpecificationNV IndicesUsing an HMAC Session to Authorize a Single CommandObjectsAuthentication or Authorization TicketExample 3: A PC state, a Password, and a FingerprintCryptographic FamiliesMicrosoft SimulatorHMAC: Message Authentication CodeTesting the SimulatorProvisioningSeparation of PrivilegeTPM Administration and WMICompound Policies: Using Logical OR in a PolicyKey Types and AttributesLast ResortKey DestructionPolicySome TermsSetting Up the Software StackData BackupsSystem APIExtended Authorization (EA) PoliciesIdentificationBuilding the Simulator from Source CodeIntel TXT Boot SequenceGuidelines for TPM2_StartAuthSession Handles and ParametersPlatform Security Technologies That Use TPM 2.0System API Test CodeRemote Provisioning of PCs with IDevIDs Using the EKHow to Find Information in the SpecificationHMAC and Policy Sessions: DifferencesNULL HierarchyTechnique 3EncryptionKeys UnraveledSecurity DefinitionsPlatform OEM ProvisioningExample: A Policy for Work or Home ComputersCreating PoliciesCreating an HMAC SessionCommon Structure ConstructsMore Complex ErrorsRSA for Key EncryptionRestricted Signing KeyCommand AuditExample 2: A Policy for a Key Used Only for Signing with a PasswordDisabled FunctionThe NS bitUsing an HMAC Session to Send Multiple Commands (Rolling Nonces)Authorizations and SessionsThe Three TechnologiesUsing a Policy to Authorize a CommandHMAC Authorization LifecyclePersistent HierarchiesSpecial Rules Related to Power and Shutdown EventsCombined Authorization LifecycleResource ManagerEnhanced Authorization (New in 2.0)Transforming the Approved Policy in the Flexible PolicyIntel® Trusted Execution Technology (Intel® TXT)Example 5: A Policy for Flexible PCRsDuplication AttributesDuplicationNavigating the SpecificationManagement of Objects, Sessions, and SequencesPlatform Configuration RegistersPutting It All TogetherPCR AlgorithmsKey GenerationConsiderations in Creating PoliciesAuditing TPM CommandsTSS 2.0State of the External Device (GPS, Fingerprint Reader, and So On)Platform HierarchyDebug Trace AnalysisEnd User ProvisioningNumber of PCRsNULL HierarchyNV NamesTrustZone Is an Architectural FeatureSecure Hash (or Digest)Audit LogDeprovisioningPCR ValueFlexible (Wild Card) PolicySatisfying the Approved PolicyWrong TypeAsymmetric KeysInterruptsHigh-Level DescriptionStarting the Real Policy SessionPractical Use CasesSome DefinitionsKey GeneratorIdentifying Resources by Name (New in 2.0)Simple Assertion PoliciesSession VariationsKey HierarchyExisting Applications That Use TPMsKey AuthorizationTPM Context-Management CommandsECC Asymmetric-Key AlgorithmDefinitions of the Major Fields of the Response Byte StreamSetting Up the TPMTPM Software StackRandom Number GeneratorStartup InitializationPasswords of a Different ObjectCommand Context Allocation FunctionsSymmetric-Encryption KeyAudit DataSymmetric and Asymmetric Keys AttributesTAB and the Resource Manager: A High-Level DescriptionSession-Related DefinitionsCommand and Response Authorization Area DetailsStartup, Shutdown, and ProvisioningExample 7: A Policy for NV RAM between 1 and 100Example 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled SystemsNonceHow Extended Authorization WorksTPM Context-Management FeaturesDebugging High-level ApplicationsPlatform Configuration RegistersEphemeral HierarchyPseudocode FlowPassword Authorization: The Simplest AuthorizationDigital Signatures (such as Smart Cards)Applications That Should Use the TPM but Don'tDebuggingPublic Key CertificationEndorsement HierarchyMultiple Varieties of AuthenticationIBM File and Folder EncryptionCryptographic PrimitivesTPM on an AMD PlatformRSA for Digital SignaturesUse Cases for Session VariationsSolving Bigger Problems with the TPM 2.0Key CacheOffice RoleWhy AuditEndiannessCommand-Based AssertionsExample 1: Simple Key ManagementAdministrator RoleFeature APILow-Level Application DebuggingPython ScriptWave Systems Embassy SuiteKey Trees: Keeping Keys in a Tree with the Same Algorithm SetWhy a TPM?Setting Up a Binary Version of the SimulatorWhat Do Encrypt/Decrypt Sessions Do?TPM EntitiesPolicy AuthorizationThe Platform Crypto ProviderDevice DriverBad SizeExecution EnvironmentSpecial Error CodesKeysStarting the PolicyScenarios for Using TPM 1.2Non-Brittle PCRs (New in 2.0)Hash ExtendTechnique 2Algorithm Agility (New in 2.0)NVRAM StorageECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for SignaturesLocality of CommandSymmetric Key PrimitivesHardware Validated BootDaveApplications That Use TPMsInternal Value of an NV RAM LocationTSS.netBuilding Applications for TPM 1.2Reserved HandlesTCTIBuilding the Entity's Policy DigestActivating a CredentialSample CodeSending Policy Commands to Fulfill the PolicyMissing ObjectsHistory of Development of the TPM Specification from 1.1b to 1.2General DefinitionsNV PasswordDecrypt/Encrypt Sessions: Table DecorationsCommand Preparation FunctionsPCRs for AttestationPlatform Configuration Registers (PCRs)PCRs: State of the MachineKenProtection TargetCreating a Password Authorized EntityIf the Policy Is Flexible (Uses a Wild Card)NV Ordinary IndexThe Stack: a High-Level ViewTechnique 1Attacks on the Algorithm ItselfThe ProblemTPM 2.0 Library Specification: The PartsState DiagramsThe MonitorPCR Authorization and PolicyHMAC Session SecurityCommand Execution FunctionsSKINITQuick Key Loading (new in 2.0)PCR AttributesCalculating the Strength of Algorithms by TypeExclusive AuditAudit CommandsHigh-Level DescriptionRunning the SimulatorWhy Extended Authorization?: Notation SyntaxKey ActivationStarting HMAC and Policy SessionsKey CommandsTPM Access Broker (TAB)Securing a Server's LogonHistory of TPM 2.0 Specification DevelopmentAuthorization RolesGetting Started in Part 3: the CommandsSystem API Test CodeScenarios for Using Additional TPM 2.0 CapabilitiesPCR Quote in DetailExample 4: A Policy Good for One Boot CycleVirtual Smart CardRSA Asymmetric-Key AlgorithmAnalyze the Error CodeHierarchiesBasic Security ConceptsDigest PrimitivesCreating the Entity to Use the Policy DigestCode Example: Password SessionPassword, HMAC, and Policy Sessions: What Are They?Internal State of the TPM (Boot Counter and Timers)Performing the Action That Requires AuthorizationCryptographic AttacksMicrosoft BitLockerUnderstudy RoleHMAC and Policy Session Code ExampleOther Privacy ConsiderationsRestricted Decryption KeyPrivacy EnablementStartup and ShutdownTSS.netKey DestructionContext Management vs. LoadingTABCanonicalizationNV WrittenNV Index Handle ValuesWorld SwitchingEntity NamesKey ManagementPCRs for AuthorizationLocking Firmware in an Embedded System, but Allowing for UpgradesSalted vs. UnsaltedSymmetric-Key ModesCertified PoliciesResponse Authorization StructuresWillExample 1: Smart card and PasswordKey DistributionPCRsTPM2_StartAuthSession CommandTPM Internal SlotsHome RoleStructure with UnionPolicy Authorization Time IntervalsDictionary Attack Lockout ResetUsing a Password AuthorizationPasswords (Plaintext and HMAC) of the ObjectDefinitions of the Major Fields of the Command Byte StreamIf the Policy Is CompoundApplication Interfaces Used to Talk to TPMsBound vs. UnboundHistory of the TPMImplementation of TrustZoneKey StorageHow Does EA Work?Flexible Management (New in 2.0)Typical BugsResource Manager OperationsDecrypt/Encrypt SetupStrategies for Ramping Up on TPM 2.0PCR CommandsSession and Authorization: Compared and ContrastedKDF: Key Derivation FunctionMaking a Compound PolicyQuick Tutorial on TPM 2.0Multifactor AuthenticationPlatform NV EnableTSS.Net and TSS.C++Other TPM 2.0 SpecificationsBrute ForceHMAC PrimitivesAuthorizationHow TPM 2.0 Devices Are UsedSession Key and HMAC Key DetailsTPM Manufacturer ProvisioningRocks to Avoid When Developing TPM ApplicationsEnd User RoleHMAC AuthorizationCommand Authorization StructuresDecrypt/Encrypt LimitationsNew Manageability Solutions in TPM 2.0Command Authorization AreaARM® TrustZone®Audit TypesNV Counter IndexExample 6: A Policy for Group AdmissionTPM2B_XXX StructuresPrivacyPrimary Keys and SeedsPersistent EntitiesData DetailsSatisfying a PolicySeparate CommandsPassword Authorization SessionPersistence of KeysCommon BugsNV IndexesNonpersistent EntitiesSimple Assertions and Multifactor AssertionsSimple Code ExampleChanging a Password Authorization for an Already Created EntityContext ManagementRelationship to TPMsPermanent EntitiesResource ManagerNonvolatile IndexesPolicies and PasswordsDebug ProcessCertificationHow TPM 2.0 Developed from TPM 1.2Altering or Creating an Entity That Requires HMAC AuthorizationThree Persistent HierarchiesECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass KeysPolicy Authorization Lifecycle
Found a mistake? Please highlight the word and press Shift + Enter  
Business & Finance
Computer Science
Language & Literature
Political science