Collaborate Disseminate
I want to use an IoT device’s TPM as a new Intermediate CA. I can prepare the device during manufacturing, and would like to then create new CAs during operation.
Traditionally, one would create an Initial Attestation Key (IAK) on the IoT … Continue reading Advantages of using IAK over EK for attesting purposes on a TPM
I use Linux on my laptop and I do Full Disk Encryption with the LUKS keys enrolled into TPM2 against proper PCRs to make sure firmware, UEFI and Secure Boot setup are in a known-good state. Additionally, my TPM setup has a 6-digit PIN with… Continue reading Is it possible to know when my TPM was last used to decrypt my disk?
I don’t know much about TPMs, and I admittedly don’t know as much about cryptography as I’d like to, though I am quite familiar with basic concepts. For the past two hours I’ve been attempting to improve this situation by trying to gain an… Continue reading How and why can a TPM be used for disk encryption or DRM?
I am using TPM to to encrypt and sign my data. But since I am not security expert, I need to come to you guys 😀
I am developing this app to verify file content. I already has this part sorted out with TPM. But now comes the tricky part. I… Continue reading How to securely store signature file
Who is responsible for calculating the Platform Configuration Register (PCR) value? Is the operation system or the TPM?
What if the operating system is hacked? Can the hacked system always calculate the "right" PCR value to fool … Continue reading How and who calculate the PCR values?
First of all, I must say that I’m using a VM with an emulated TPM 2.0.
I’ve created an LUKS2 encrypted partition and configured the TPM 2.0 to unseal the key only if the PCR 7 has a certain value.
For what I’ve understood so far in the PCR… Continue reading PCR 7 in TPM 2.0 has always the same value
In the TPM architecture, we know that after a "Measurement" procedure is performed, it is followed by a "PCR Extend" procedure, in which the resulting system configuration metrics data (20 bytes) are appended to the val… Continue reading TPM – How the integrity of the system configuration is guaranteed if the PCR hash is overwritten on each "Measurement"?
How long does it take to steal your Bitlocker keys? Try 43 seconds, using less than $10 in hardware. Encrypting your hard drive is good security. If you’re running Windows, …read more Continue reading Beating Bitlocker in 43 seconds
Within the measured boot process, consider a scenario where I aim to create a measurement for a specific piece of code, perhaps, for illustrative purposes, a potentially malicious operating system. so i know that the PCR is read and extend… Continue reading How does measured boot work using TPM
During remote attestation, a device sends the server the EK certificate, AK public, AK name. By using tpm2_makecredential/tpm2_activatecredential, the attestation sever can confirm that:
the EK is resident in the device TPM, and
the AK th… Continue reading How to bind TPM2.0 AK to the "AK name" used in tpm2_makecredential, and how is trust established in AIK?