Collaborate Disseminate
Suppose I have created an Attestation key (AK) and dumped the public portion for my use. Further using TPM2 Evict Control, I make the attestation key persistent on an address in TPM.
$ tpm2_createak -C ek.handle -c ak.ctx -u ak.pub -n ak.n… Continue reading TPM2-TOOLS: Dump TPM2 Attestation Key after it has been created
I’m reading about TPM, and I’m currently thinking how to visualize their relationships.
Basically, reading from https://link.springer.com/chapter/10.1007/978-1-4302-6584-9_12 (and the TPM documents) I gather the following:
PCR: It is a mem… Continue reading Understanding TPM PCRs, PCR banks, indexes and their relations
I find that names and terms used in relation to Trusted (Trustworthy, Confidential,..) Computing are highly interchanged and thus creating confusion for laymen as am I.
Trusted Computing has been around since the 90’s and the idea is being… Continue reading Hardware roots of trust nowadays
Recent years had seen a rise in many open-sourced projects developing tools to support program execution in TEEs (SGX, OP-TEE in ARM, Microsoft Azure) across platforms (the CCC’s Enarx, SGX SDK,..) essentially enabling trusted app executio… Continue reading How can a hardware-based TEE supplement TPMs?
What is the difference betwen a Trusted Computing Base (TCB) and a Root of Trust (RoT)? Can both terms be used interchangeably?
A TCB is defined by the NIST as follows:
Totality of protection mechanisms within a computer system, including… Continue reading What is the difference betwen a Trusted Computing Base and a Root of Trust?
I plan to use the TPM to generate CSR’s backed by a private key stored on the TPM. The CSR’s will then be signed by an external HSM.
Since a certificate is tied to a particular private key, how do you support multiple users on the same lap… Continue reading Using TPM to generate certificates associated with different users on the same device
I read somewhere that TPMs are not hard to be rendered useless or broken by improper use of its API, considering I have complete user access to it via the command line. Is that true? Could you give an example of what I could do to destroy … Continue reading Can I damage my hardware TPM by improperly treating it?
What really is the difference between a physical TPM and any implementation of a fTPM?
I get that both adhere to the same specification and in my mind should be the same thing, but then, I don’t understand why there even are 5 or so differ… Continue reading What really is the difference between firmware TPM and a discrete one and should it be trusted more?
what really is the difference between a physical TPM and any implementation of a fTPM? I get that both adhere to the same specification and in my mind should be the same thing, but then, what is the advantage of the physical chip over firm… Continue reading What really is the difference between firmware TPM and a discreet one and should it be trusted more?
I’ve been reading many research articles about RoT – Root of Trust – for establishing a chained root of trust going up from BIOS to the Kernel.
However, most of the article go briefly on how RoT works for different brands.
A good article o… Continue reading Root of Trust – The general Mechanism of how RoT Authenticates higher levels of software