第6章TPM核心功能 承5大学 Northeastern University 6.1TPM架构 6.2安全度量和报告 6.3远程证明 6.4数据保护 6.5TPM密钥管理
第6章 TPM核心功能 6.1 TPM架构 6.2 安全度量和报告 6.3 远程证明 6.4 数据保护 6.5 TPM密钥管理
6.1TPM架构 家北大学 Northeastern University TPM至少需要具备四个 主要功能:对称非对称 加密、安全存储、完整 TPM 操作系统 性度量和签名认证。数 非易失性 执行引擎 储存 程序代码 据的非对称加密和签名 可选状态配置 认证是通过RSA算法来 易失性 实现的,而完整性度量 储存 SHA-1协处理器 则是通过高效的SHA-1 随机数生成器 平台配置 RSA RSA 散列算法来完成,对称 寄存器 协处理器 密钥生成 AIK 加密可以使用任意算法 ,既可以使用专用协处 理器也可以使用软件来 完成
6.1 TPM 架构 TPM至少需要具备四个 主要功能:对称/非对称 加密、安全存储、完整 性度量和签名认证。数 据的非对称加密和签名 认证是通过RSA算法来 实现的,而完整性度量 则是通过高效的SHA-1 散列算法来完成,对称 加密可以使用任意算法 ,既可以使用专用协处 理器也可以使用软件来 完成
6.1TPM架构 束大学 Northeastemn University ▣非易失性存储(Non-Volatile Storage) 口平台配置寄存器PCR 目身份认证密钥(At比es Platform Attestation NomVolatile Program Configuration Identity Storage Code 目 程序代码(Program( Register(PCR) Key(AIK) Communications 随机数生成器RNG l/o 目 Random SHA-1引擎 SHA-1 Key RSA Exec Number Opt-In Engine Generation Engine Engine 目 密钥生成(Key Gen.) Generator Trusted Platform Module(TPM) 可选状态配置(Opt-in) 目 执行引擎(Exec engine) 日输入输出I/O
6.1 TPM 架构 非易失性存储(Non-Volatile Storage) 平台配置寄存器PCR 身份认证密钥(Attes. Id. K.) 程序代码(Program Code) 随机数生成器RNG SHA-1引擎 密钥生成(Key Gen.) 可选状态配置(Opt-in) 执行引擎(Exec engine) 输入输出I/O
6.1TPM架构 家北大学 Northeastemn University ● Non-Volatile Storage Non-volatile storage is used to store Endorsement Key (EK),Storage Root Key (SRK),owner authorization data and persistent flags. 非易失存储器:EK(2048bit)、EK证书、SRK(2048bit)及 所有者(Owner)授权数据160bit)等 Attestation Identity Keys (AlK) Attestation Identity Keys must be persistent,but it is recommended that AlK keys be stored as Blobs in persistent external storage (outside the TPM),rather than stored permanently inside TPM non-volatile storage. 专用于对TPM产生的数据(如TPM功能、PCR寄存器的值 等)进行签名的不可迁移的密钥,由TPM所有者生成
6.1 TPM 架构 ⚫ Non-Volatile Storage ❖ Non-volatile storage is used to store Endorsement Key (EK), Storage Root Key (SRK), owner authorization data and persistent flags. 非易失存储器:EK(2048bit)、 EK证书、SRK(2048bit)及 所有者(Owner)授权数据(160bit)等 ⚫ Attestation Identity Keys (AIK) ❖ Attestation Identity Keys must be persistent, but it is recommended that AIK keys be stored as Blobs in persistent external storage (outside the TPM), rather than stored permanently inside TPM non-volatile storage. 专用于对TPM产生的数据(如TPM功能、PCR寄存器的值 等)进行签名的不可迁移的密钥,由TPM所有者生成
6.1TPM架构 家北大学 Northeastern University ●/o Protocol en-/decoding Enforce access policies associated with Opt-in or other TPM functions ●Program Code Program code contains firmware for measuring platform devices.Logically,this is the Core Root of Trust for Measurement(CRTM). 程序代码包含测量平台设备的固件。从逻辑上讲,这是 对可信核心根(CRTM)的测量
6.1 TPM 架构 ⚫ I/O ❖ Protocol en-/decoding ❖ Enforce access policies associated with Opt-in or other TPM functions ⚫ Program Code ❖ Program code contains firmware for measuring platform devices. Logically, this is the Core Root of Trust for Measurement (CRTM). 程序代码包含测量平台设备的固件。从逻辑上讲,这是 对可信核心根(CRTM)的测量
6.1TPM架构 家北大学 5 Northeastemn University ● Random Number Generator(RNG) RNG is the source of randomness in the TPM The TPM uses these random values for nonces, key generation and randomness in signatures. allows implementation of a Pseudo Random Number Generator(PRNG)algorithm The RNG output may or may not be shielded data (by the TPM or by external caller)
6.1 TPM 架构 ⚫ Random Number Generator (RNG) ❖ RNG is the source of randomness in the TPM ❖ The TPM uses these random values for nonces, key generation and randomness in signatures. ❖ allows implementation of a Pseudo Random Number Generator (PRNG) algorithm ❖ The RNG output may or may not be shielded data (by the TPM or by external caller)
6.1TPM架构 家北大学 5 Northeastern University SHA-1 Engine A SHA-1 message digest engine is used for computing signatures,creating key Blobs and for general purpose use. ●HMAC engine Computes the HMAC digest authDigest resulting from a secret and arbitrary data >authDigest-HMAC(secret,data) Mainly used in TPM's authentication protocols >provides two pieces of information to the TPM:proof of knowledge of the authorization data and proof that the request arriving is authorized and has no modifications made to the command in transit. >See OSAP/OlAPprotocols
6.1 TPM 架构 ⚫ SHA-1 Engine ❖ A SHA-1 message digest engine is used for computing signatures, creating key Blobs and for general purpose use. ⚫ HMAC engine ❖ Computes the HMAC digest authDigest resulting from a secret and arbitrary data ➢authDigest←HMAC( secret, data) ❖ Mainly used in TPM’s authentication protocols ➢provides two pieces of information to the TPM: proof of knowledge of the authorization data and proof that the request arriving is authorized and has no modifications made to the command in transit. ➢See OSAP/OIAP protocols
6.1TPM架构 家北大学 Northeastern University ●RSA Key Generation TCG standardizes the RSA algorithm for use in TPM modules.Its recent release into the public domain makes it a good candidate for TCG.The RSA key generation engine is use to create signing keys and storage keys. ●RSA Engine The RSA engine is used for signing with signing keys,encryption/decryption with storage keys, and decryption with the EK
6.1 TPM 架构 ⚫ RSA Key Generation ❖ TCG standardizes the RSA algorithm for use in TPM modules. Its recent release into the public domain makes it a good candidate for TCG. The RSA key generation engine is use to create signing keys and storage keys. ⚫ RSA Engine ❖ The RSA engine is used for signing with signing keys, encryption/decryption with storage keys, and decryption with the EK
6.1TPM架构 家北大学 Northeastern University Execution Engine The execution engine runs program code.It performs TPM initialization and measurement taking. Platform Configuration Registers(PCR) A PCR is a 160-bit/20-byte storage location which is used to store integrity measurements. Whether a PCR must be used to store a specific measurement (e.g.the CRTM,BlOS...Option ROM code...),or,whether it is available for general use,is specified in platform specific specifications
6.1 TPM 架构 ⚫ Execution Engine ❖ The execution engine runs program code. It performs TPM initialization and measurement taking. ⚫ Platform Configuration Registers (PCR) ❖ A PCR is a 160-bit/20-byte storage location which is used to store integrity measurements. ❖ Whether a PCR must be used to store a specific measurement (e.g. the CRTM, BIOS…Option ROM code…), or, whether it is available for general use, is specified in platform specific specifications
6.1TPM架构 束北大学 5 Northeastemn University Central Processing Unit (CPU) Graphics Graphics and Memory Controller Controller HUB(GMCH) System Memory Chipset(Northbridge) Hard Disks Interface Controller USB Devices HUB(ICH) Expansion Cards Chipset(Southbridge) Network Interface Low Pin Count (LPC)Bus System BlOS TPM Floppy Drive Parallel l/o Super l/O (Legacy Devices) PS/2 Serial l/o TPM Integration into PC-Hardware
6.1 TPM 架构
