Menu
Home
Log in / Register
 
Home arrow Computer Science arrow A Practical Guide to TPM 2.0
Next >
A Practical Guide to TPM 2.0 - Will Arthur




Chapter 1. History of the TPMWhy a TPM?History of Development of the TPM Specification from 1.1b to 1.2How TPM 2.0 Developed from TPM 1.2History of TPM 2.0 Specification DevelopmentSummaryChapter 2. Basic Security ConceptsCryptographic AttacksBrute ForceCalculating the Strength of Algorithms by TypeAttacks on the Algorithm ItselfSecurity DefinitionsCryptographic FamiliesSecure Hash (or Digest)Hash ExtendHMAC: Message Authentication CodeKDF: Key Derivation FunctionAuthentication or Authorization TicketSymmetric-Encryption KeySymmetric-Key ModesNonceAsymmetric KeysRSA Asymmetric-Key AlgorithmRSA for Key EncryptionRSA for Digital SignaturesECC Asymmetric-Key AlgorithmECDH Asymmetric-Key Algorithm to Use Elliptic Curves to Pass KeysECDSA Asymmetric-Key Algorithm to Use Elliptic Curves for SignaturesPublic Key CertificationSummaryChapter 3. Quick Tutorial on TPM 2.0Scenarios for Using TPM 1.2IdentificationEncryptionKey StorageRandom Number GeneratorNVRAM StoragePlatform Configuration RegistersPrivacy EnablementScenarios for Using Additional TPM 2.0 CapabilitiesAlgorithm Agility (New in 2.0)Enhanced Authorization (New in 2.0)Quick Key Loading (new in 2.0)Non-Brittle PCRs (New in 2.0)Flexible Management (New in 2.0)Identifying Resources by Name (New in 2.0)SummaryChapter 4. Existing Applications That Use TPMsApplication Interfaces Used to Talk to TPMsTPM Administration and WMIThe Platform Crypto ProviderVirtual Smart CardApplications That Use TPMsApplications That Should Use the TPM but Don'tBuilding Applications for TPM 1.2TSS.Net and TSS.C++Wave Systems Embassy SuiteRocks to Avoid When Developing TPM ApplicationsMicrosoft BitLockerIBM File and Folder EncryptionNew Manageability Solutions in TPM 2.0SummaryChapter 5. Navigating the SpecificationTPM 2.0 Library Specification: The PartsSome DefinitionsGeneral DefinitionsDefinitions of the Major Fields of the Command Byte StreamDefinitions of the Major Fields of the Response Byte StreamGetting Started in Part 3: the CommandsData DetailsCommon Structure ConstructsTPM2B_XXX StructuresStructure with UnionCanonicalizationEndiannessPart 2: Notation SyntaxPart 3: Table DecorationsCommonly Used Sections of the SpecificationHow to Find Information in the SpecificationStrategies for Ramping Up on TPM 2.0WillKenDaveOther TPM 2.0 SpecificationsSummaryChapter 6. Execution EnvironmentSetting Up the TPMMicrosoft SimulatorBuilding the Simulator from Source CodeSetting Up a Binary Version of the SimulatorRunning the SimulatorTesting the SimulatorPython ScriptTSS.netSystem API Test CodeSetting Up the Software StackTSS 2.0TSS.netSummaryChapter 7. TPM Software StackThe Stack: a High-Level ViewFeature APISystem APICommand Context Allocation FunctionsCommand Preparation FunctionsCommand Execution FunctionsSimple Code ExampleSystem API Test CodeTCTITPM Access Broker (TAB)Resource ManagerDevice DriverSummaryChapter 8. TPM EntitiesPermanent EntitiesPersistent HierarchiesEphemeral HierarchyDictionary Attack Lockout ResetPlatform Configuration Registers (PCRs)Reserved HandlesPassword Authorization SessionPlatform NV EnableNonvolatile IndexesObjectsNonpersistent EntitiesPersistent EntitiesEntity NamesSummaryChapter 9. HierarchiesThree Persistent HierarchiesPlatform HierarchyStorage HierarchyEndorsement HierarchyPrivacyActivating a CredentialOther Privacy ConsiderationsNULL HierarchyCryptographic PrimitivesRandom Number GeneratorDigest PrimitivesHMAC PrimitivesSymmetric Key PrimitivesSummaryChapter 10. KeysKey CommandsKey GeneratorPrimary Keys and SeedsPersistence of KeysKey CacheKey AuthorizationKey DestructionKey HierarchyKey Types and AttributesSymmetric and Asymmetric Keys AttributesDuplication AttributesRestricted Signing KeyRestricted Decryption KeyContext Management vs. LoadingNULL HierarchyCertificationKeys UnraveledSummaryChapter 11. NV IndexesNV Ordinary IndexNV Counter IndexNV WrittenNV Index Handle ValuesNV NamesNV PasswordSeparate CommandsSummaryChapter 12. Platform Configuration RegistersPCR ValueNumber of PCRsPCR CommandsPCRs for AuthorizationPCRs for AttestationPCR Quote in DetailPCR AttributesPCR Authorization and PolicyPCR AlgorithmsSummaryChapter 13. Authorizations and SessionsSession-Related DefinitionsPassword, HMAC, and Policy Sessions: What Are They?Session and Authorization: Compared and ContrastedAuthorization RolesCommand and Response Authorization Area DetailsCommand Authorization AreaCommand Authorization StructuresResponse Authorization StructuresPassword Authorization: The Simplest AuthorizationPassword Authorization LifecycleCreating a Password Authorized EntityChanging a Password Authorization for an Already Created EntityUsing a Password AuthorizationCode Example: Password SessionStarting HMAC and Policy SessionsTPM2_StartAuthSession CommandSession Key and HMAC Key DetailsGuidelines for TPM2_StartAuthSession Handles and ParametersSession VariationsSalted vs. UnsaltedBound vs. UnboundUse Cases for Session VariationsHMAC and Policy Sessions: DifferencesHMAC AuthorizationHMAC Authorization LifecycleAltering or Creating an Entity That Requires HMAC AuthorizationCreating an HMAC SessionUsing an HMAC Session to Authorize a Single CommandHMAC and Policy Session Code ExampleUsing an HMAC Session to Send Multiple Commands (Rolling Nonces)HMAC Session SecurityPolicy AuthorizationHow Does EA Work?Policy Authorization Time IntervalsPolicy Authorization LifecycleBuilding the Entity's Policy DigestCreating the Entity to Use the Policy DigestStarting the Real Policy SessionSending Policy Commands to Fulfill the PolicyPerforming the Action That Requires AuthorizationCombined Authorization LifecycleSummaryChapter 14. Extended Authorization (EA) PoliciesPolicies and PasswordsWhy Extended Authorization?Multiple Varieties of AuthenticationMultifactor AuthenticationHow Extended Authorization WorksCreating PoliciesSimple Assertion PoliciesPasswords (Plaintext and HMAC) of the ObjectPasswords of a Different ObjectDigital Signatures (such as Smart Cards)PCRs: State of the MachineLocality of CommandInternal State of the TPM (Boot Counter and Timers)Internal Value of an NV RAM LocationState of the External Device (GPS, Fingerprint Reader, and So On)Flexible (Wild Card) PolicyCommand-Based AssertionsMultifactor AuthenticationExample 1: Smart card and PasswordExample 2: A Policy for a Key Used Only for Signing with a PasswordExample 3: A PC state, a Password, and a FingerprintExample 4: A Policy Good for One Boot CycleExample 5: A Policy for Flexible PCRsExample 6: A Policy for Group AdmissionExample 7: A Policy for NV RAM between 1 and 100Compound Policies: Using Logical OR in a PolicyMaking a Compound PolicyExample: A Policy for Work or Home ComputersConsiderations in Creating PoliciesEnd User RoleAdministrator RoleUnderstudy RoleOffice RoleHome RoleUsing a Policy to Authorize a CommandStarting the PolicySatisfying a PolicySimple Assertions and Multifactor AssertionsIf the Policy Is CompoundIf the Policy Is Flexible (Uses a Wild Card)Satisfying the Approved PolicyTransforming the Approved Policy in the Flexible PolicyCertified PoliciesSummaryChapter 15. Key ManagementKey GenerationKey Trees: Keeping Keys in a Tree with the Same Algorithm SetDuplicationKey DistributionKey ActivationKey DestructionPutting It All TogetherExample 1: Simple Key ManagementExample 2: An Enterprise IT Organization with Windows TPM 2.0 Enabled SystemsSummaryChapter 16. Auditing TPM CommandsWhy AuditAudit CommandsAudit TypesCommand AuditSession AuditAudit LogAudit DataExclusive AuditSummaryChapter 17. Decrypt/Encrypt SessionsWhat Do Encrypt/Decrypt Sessions Do?Practical Use CasesDecrypt/Encrypt LimitationsDecrypt/Encrypt SetupPseudocode FlowSample CodeSummaryChapter 18. Context ManagementTAB and the Resource Manager: A High-Level DescriptionTABResource ManagerResource Manager OperationsManagement of Objects, Sessions, and SequencesTPM Context-Management FeaturesTPM Internal SlotsSpecial Error CodesTPM Context-Management CommandsSpecial Rules Related to Power and Shutdown EventsState DiagramsSummaryChapter 19. Startup, Shutdown, and ProvisioningStartup and ShutdownStartup InitializationProvisioningTPM Manufacturer ProvisioningPlatform OEM ProvisioningEnd User ProvisioningDeprovisioningSummaryChapter 20. DebuggingLow-Level Application DebuggingThe ProblemAnalyze the Error CodeDebug Trace AnalysisMore Complex ErrorsLast ResortCommon BugsDebugging High-level ApplicationsDebug ProcessTypical BugsAuthorizationDisabled FunctionMissing ObjectsWrong TypeBad SizePolicySummaryChapter 21. Solving Bigger Problems with the TPM 2.0Remote Provisioning of PCs with IDevIDs Using the EKTechnique 1Technique 2Technique 3Data BackupsSeparation of PrivilegeSecuring a Server's LogonLocking Firmware in an Embedded System, but Allowing for UpgradesSummaryChapter 22. Platform Security Technologies That Use TPM 2.0The Three TechnologiesSome TermsIntel® Trusted Execution Technology (Intel® TXT)High-Level DescriptionIntel TXT Platform ComponentsIntel TXT Boot SequenceHow TPM 2.0 Devices Are UsedNV IndicesPCRsConclusion: Intel TXTARM® TrustZone®High-Level DescriptionTrustZone Is an Architectural FeatureProtection TargetSystem-Wide SecurityImplementation of TrustZoneThe NS bitThe MonitorWorld SwitchingInterruptsRelationship to TPMsAMD Secure Technology™Hardware Validated BootTPM on an AMD PlatformSKINITSummary
 
Found a mistake? Please highlight the word and press Shift + Enter  
Next >
 
Subjects
Accounting
Business & Finance
Communication
Computer Science
Economics
Education
Engineering
Environment
Geography
Health
History
Language & Literature
Law
Management
Marketing
Philosophy
Political science
Psychology
Religion
Sociology
Travel