Trusted Platform Module (TPM) | TPM Information for Windows 11
Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.
Trusted Platform
Module (TPM) was conceived by a computer industry consortium
called Trusted Computing Group (TCG), and was standardized
by International Organization for Standardization (ISO)
and International Electrotechnical Commission (IEC) in 2009 as
ISO/IEC 11889.
TCG continued to
revise the TPM specifications. The last revised edition of TPM Main
Specification Version 1.2 was published on March 3, 2011. It consisted of
three parts, based on their purpose. For the second major version of TPM,
however, TCG released TPM Library Specification 2.0. Its latest edition
and errata were published in 2019.
Overview
Trusted Platform
Module provides
- A hardware random number generator
- Facilities for the secure generation
of cryptographic keys for limited uses.
- Remote attestation: Creates a nearly
unforgeable hash key summary of the hardware and software
configuration. The software in charge of hashing the configuration data
determines the extent of the summary. This allows a third party to verify
that the software has not been changed.
- Binding: Encrypts data using the TPM
bind key, a unique RSA key descended from a storage key[clarification
needed].
- Sealing: Similar to binding, but in
addition, specifies the TPM state for the data to be decrypted
(unsealed).
- Other Trusted
Computing functions for the data to be decrypted (unsealed).
Computer programs
can use a TPM to authenticate hardware devices, since each TPM chip
has a unique and secret Endorsement Key (EK) burned in as it is produced.
Pushing the security down to the hardware level provides more protection than a
software-only solution
Uses
The United
States Department of Defense (DoD) specifies that "new computer
assets (e.g., server, desktop, laptop, thin client, tablet, smartphone,
personal digital assistant, mobile phone) procured to support DoD will include
a TPM version 1.2 or higher where required by DISA STIGs and
where such technology is available." DoD anticipates that TPM is to be
used for device identification, authentication, encryption, and device
integrity verification.
Platform
integrity
The primary scope
of TPM is to assure the integrity of a platform. In this context,
"integrity" means "behave as intended", and a
"platform" is any computer device regardless of its operating
system. It is to ensure that the boot process starts from a trusted
combination of hardware and software, and continues until the operating system
has fully booted and applications are running.
The responsibility
of assuring said integrity using TPM is with the firmware and the operating
system. For example, Unified Extensible Firmware Interface (UEFI) can
use TPM to form a root of trust: The TPM contains several Platform Configuration
Registers (PCRs) that allow secure storage and reporting of security-relevant
metrics. These metrics can be used to detect changes to previous configurations
and decide how to proceed. Good examples can be found in Linux Unified Key
Setup (LUKS), BitLocker and PrivateCore vCage memory
encryption. (See below.)
Another example of
platform integrity via TPM is in the use of Microsoft Office
365 licensing and Outlook Exchange.
An example of TPM
use for platform integrity is the Trusted Execution Technology (TXT),
which creates a chain of trust. It could remotely attest that a computer is
using the specified hardware and software.
Disk encryption
Full disk
encryption utilities, such as dm-crypt and BitLocker, can
use this technology to protect the keys used to encrypt the computer's storage
devices and provide integrity authentication for a trusted boot
pathway that includes firmware and boot sector.
Password
protection
Operating systems
often require authentication (involving a password or other
means) to protect keys, data or systems. If the authentication mechanism is
implemented in software only, the access is prone to dictionary attacks.
Since TPM is implemented in a dedicated hardware module, a dictionary attack
prevention mechanism was built in, which effectively protects against guessing
or automated dictionary attacks, while still allowing the user a sufficient and
reasonable number of tries. Without this level of protection, only passwords
with high complexity would provide sufficient protection.
Other uses and
concerns
Any application can
use a TPM chip for:
- Digital rights management (DRM)
- Windows Defender
- Windows Domain logon
- Protection and enforcement
of software licenses
- Prevention of cheating in online
games
Other uses exist,
some of which give rise to privacy concerns. The "physical
presence" feature of TPM addresses some of these concerns by requiring
BIOS-level confirmation for operations such as activating, deactivating,
clearing or changing ownership of TPM by someone who is physically present at
the console of the machine.
There are five
different types of TPM 2.0 implementations (listed in order from most to least
secure):
· Discrete
TPMs are dedicated chips that implement TPM functionality in their own
tamper resistant semiconductor package. They are theoretically the most secure
type of TPM because the routines implemented in hardware should be more
resistant to bugs[clarification needed] versus routines
implemented in software, and their packages are required to implement some
tamper resistance.
· Integrated
TPMs are part of another chip. While they use hardware that resists
software bugs, they are not required to implement tamper
resistance. Intel has integrated TPMs in some of its chipsets.
· Firmware
TPMs are firmware-based (e.g. UEFI) solutions that run in a
CPU's trusted execution environment. Intel, AMD and Qualcomm have
implemented firmware TPMs.
· Hypervisor
TPMs are virtual TPMs provided by and rely on hypervisors, in an
isolated execution environment that is hidden from the software running
inside virtual machines to secure their code from the software in the
virtual machines. They can provide a security level comparable to a firmware
TPM.
· Software
TPMs are software emulators of TPMs that run with no more protection
than a regular program gets within an operating system. They depend entirely on
the environment that they run in, so they provide no more security than what
can be provided by the normal execution environment, and they are vulnerable to
their own software bugs and attacks that are penetrating the normal execution
environment.[citation needed] They are useful for development
purposes.
The official TCG
reference implementation of the TPM 2.0 Specification has been developed
by Microsoft. It is licensed under BSD License and the source
code is available on GitHub. Microsoft provides a Visual
Studio solution and Linux autotools build scripts.
In
2018, Intel open-sourced its Trusted Platform Module 2.0 (TPM2)
software stack with support for Linux and Microsoft Windows. The source code is
hosted on GitHub and licensed under BSD License.
Infineon funded
the development of an open source TPM middleware that complies with the
Software Stack (TSS) Enhanced System API (ESAPI) specification of the TCG. It
was developed by Fraunhofer Institute for Secure Information
Technology (SIT).
IBM's Software TPM
2.0 is an implementation of the TCG TPM 2.0 specification. It is based on the
TPM specification Parts 3 and 4 and source code donated by Microsoft. It
contains additional files to complete the implementation. The source code is
hosted on SourceForge and GitHub and licensed
under BSD License.
TPM 1.2 vs
TPM 2.0
While TPM 2.0
addresses many of the same use cases and has similar features, the details are
different. TPM 2.0 is not backward compatible to TPM 1.2.
|
Specification |
TPM 1.2 |
TPM 2.0 |
|
Architecture |
The
one-size-fits-all specification consists of three parts. |
A complete
specification consists of a platform-specific specification which references
a common four-part TPM 2.0 library. Platform-specific specifications
define what parts of the library are mandatory, optional, or banned for that
platform; and detail other requirements for that platform. Platform-specific
specifications include PC Client, mobile,and Automotive-Thin. |
|
Algorithms |
SHA-1 and RSA are
required. AES is optional. Triple DES was once an
optional algorithm in earlier versions of TPM 1.2, but has been banned
in TPM 1.2 version 94. The MGF1 hash-based mask generation function that
is defined in PKCS#1 is required. |
The PC Client
Platform TPM Profile (PTP) Specification
requires SHA-1 and SHA-256 for
hashes; RSA, ECC using the Barreto-Naehrig 256-bit curve and
the NIST P-256 curve for public-key cryptography and
asymmetric digital signature generation and
verification; HMAC for symmetric digital signature generation and
verification; 128-bit AES for symmetric-key algorithm; and the
MGF1 hash-based mask generation function that is defined
in PKCS#1 are required by the TCG PC Client Platform TPM Profile
(PTP) Specification. Many other algorithms are also defined but are
optional. Note that Triple DES was readded into TPM 2.0, but
with restrictions some values in any 64-bit block. |
|
Crypto Primitives |
A random
number generator, a public-key cryptographic algorithm,
a cryptographic hash function, a mask generation function, digital
signature generation and verification, and Direct Anonymous
Attestation are required. Symmetric-key
algorithms and exclusive or are optional. Key generation is
also required. |
A random
number generator, public-key cryptographic
algorithms, cryptographic hash functions, symmetric-key
algorithms, digital signature generation and verification, mask
generation functions, exclusive or, and ECC-based Direct
Anonymous Attestation using the Barreto-Naehrig 256-bit curve are
required by the TCG PC Client Platform TPM Profile (PTP)
Specification. The TPM 2.0 common library specification also
requires key generation and key derivation functions. |
|
Hierarchy |
One (storage) |
Three (platform,
storage and endorsement) |
|
Root Keys |
One (SRK
RSA-2048) |
Multiple keys and
algorithms per hierarchy |
|
Authorization |
HMAC, PCR,
locality, physical presence |
Password, HMAC,
and policy (which covers HMAC, PCR, locality, and physical presence). |
|
NVRAM |
Unstructured data |
Unstructured
data, Counter, Bitmap, Extend, PIN pass and fail |
Related: