Upload
ashutosh-tripathi
View
225
Download
0
Embed Size (px)
Citation preview
7/31/2019 Trusted Platform Module White Paper
1/20
Trusted Platform Module (TPM) based Security onNotebook PCs - White Paper
Sundeep Bajikar([email protected])
Mobile Platforms GroupIntel Corporation
June 20, 2002
7/31/2019 Trusted Platform Module White Paper
2/20
Trust ed Plat form Mo dule White Paper
Inte l Corporat ion Page 2 of 20
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTELPRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TOANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT ASPROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTELASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS ORIMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING
LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE,MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHERINTELLECTUAL PROPERTY RIGHT. Intel products are not intended for use in medical, lifesaving, life sustaining applications.
Except that a license is hereby granted to copy and reproduce this Document for internal useonly.
Intel may make changes to specifications and product descriptions at any time, without notice.
Designers must not rely on the absence or characteristics of any features or instructions marked"reserved" or "undefined." Intel reserves these for future definition and shall have no responsibilitywhatsoever for conflicts or incompatibilities arising from future changes to them.
This product may contain design defects or errors known as errata which may cause the productto deviate from published specifications. Current characterized errata are available on request.
Contact your local Intel sales office or your distributor to obtain the latest specifications andbefore placing your product order.
Copies of documents which have an ordering number and are referenced in this document, orother Intel literature, may be obtained from:
Intel Corporation
www.intel.com
or call 1-800-548-4725
Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United
States and other countries.
*Other names and brands may be claimed as the property of others.
Copyright 2002, Intel Corporation
7/31/2019 Trusted Platform Module White Paper
3/20
Trust ed Plat form Mo dule White Paper
Inte l Corporat ion Page 3 of 20
CONTENTS
INTRODUCTION................................................................................................................. 5
NOTEBOOK SECURITY THREATS.................................................................................. 5
Physical data theft................................................................................................................................................5
Data communication attack...............................................................................................................................6
Threat Matrix.......................................................................................................................................................6
TPM ARCHITECTURE ....................................................................................................... 7
Crypto Capabilities..............................................................................................................................................7RSA Accelerator ...............................................................................................................................................7
Engine for SHA-1 hash algorithm...................................................................................................................7Random Number Generator .............................................................................................................................7Limited NVRAM for TPM Contents...............................................................................................................7
Contents.................................................................................................................................................................7Endorsement Key (EK) ....................................................................................................................................8Attestation Identity Key (AIK) ........................................................................................................................9Certificates ........................................................................................................................................................9
Software Stack......................................................................................................................................................9 TCPA Software Stack (TSS) ..........................................................................................................................10 Microsoft* CAPI TPM Crypto Service Provider (CSP)..............................................................................10 BIOS Code ......................................................................................................................................................11
USAGE MODELS ............................................................................................................. 12
Hardware Protected Storage............................................................................................................................12
Binding Information to the Platform..............................................................................................................13
Attestation (Platform Authentication)............................................................................................................14
Example Application (Microsoft* Outlook) ..................................................................................................15
TPM IMPLEMENTATION ON NOTEBOOK PCS ............................................................ 16
Mechanical Requirements................................................................................................................................16
Electrical Requirements ...................................................................................................................................16
Software Requirements.....................................................................................................................................17
Privacy Related Requirements ........................................................................................................................17
7/31/2019 Trusted Platform Module White Paper
4/20
Trust ed Plat form Mo dule White Paper
Inte l Corporat ion Page 4 of 20
MANAGING PRIVACY...................................................................................................... 17
Introduction........................................................................................................................................................17
Customer Types .................................................................................................................................................17Privacy conscious consumer ..........................................................................................................................17
Enterprise User................................................................................................................................................18
Privacy Requirements.......................................................................................................................................18Notice...............................................................................................................................................................18Access..............................................................................................................................................................18Choice..............................................................................................................................................................18 Security............................................................................................................................................................18
TPM Configuration & Shipping Options ......................................................................................................19
BANIAS TPM ENABLING INITIATIVES ........................................................................... 19
REFERENCES.................................................................................................................. 20
7/31/2019 Trusted Platform Module White Paper
5/20
Trust ed Plat form Mo dule White Paper
Inte l Corporat ion Page 5 of 20
IntroductionBusiness and commerce depend on trust. With the growth of the Internet,wireless communication technologies and connected mobile computing, trust hasbecome a pivotal issue for e-Commerce. Since notebook PCs are increasingly
used for e-Commerce, there is a growing need to make the notebook platformmore trustworthy.
As the mobility of the platform increases, it becomes more and more susceptibleto theft. Stolen data is often regarded as being more valuable than the notebookhardware itself. Thus, the need to protect user data and secrets is underscored ina mobile computing environment.
In the Spring of 1999, the Trusted Computing Platform Alliance (TCPA) waschartered to encourage industry participation in the development and adoption ofan open specification for an improved computing platform. The TCPA
participants agreed that the specification for the trusted computing PC platformshould focus on two areas ensuring privacy and enhancing security. TCPAmembers include Intel*, Microsoft*, Infineon*, National*, Atmel*, and a largenumber of other organizations.
The objective of the TCPA is to complement existing capabilities, including theX.509 standard for digital certificates, IPSEC (Internet Protocol SecurityProtocol), IKE (Internet Key Exchange), VPN (Virtual Private Network), PKI(Public Key Infrastructure), PC/SC Specification for smart cards, biometrics,S/MIME (Secure Multi-purpose Internet Mail Extensions), SSL, SET (SecureElectronic Transaction), IEEE 802.11 WEP, IEEE 802.1x, etc. The TCPA
provides for a platform root of trust, which uniquely identifies a particularplatform, and provides various crypto capabilities including hardware-protectedstorage.
The Trusted Platform Module (TPM) is defined as a hardware instantiation of theTCPA specification. The current revision of the TCPA main specification isversion 1.1a.
This document provides a discussion about the various requirements for aTCPA-enabled mobile PC platform, as described in the TCPA specificationslisted in the References section towards the end of the document.
Notebook Security ThreatsNotebook computers are exposed to several security threats. Notebook securitythreats can be broadly classified into:
Physical data theft
This threat arises from the fact that notebook computers are more susceptible tobe stolen than their desktop counterparts. Once stolen, notebooks can be subject
7/31/2019 Trusted Platform Module White Paper
6/20
Trust ed Plat form Mo dule White Paper
Inte l Corporat ion Page 6 of 20
to a variety of hardware as well as software attacks. It is often found that thestolen data is more valuable than just the cost of the notebook hardware.
Data communication attack
Notebooks often operate outside of corporate firewalls. Also, they use various
means of communication to access the corporate network or the Internet. Thereare a number of ways in which a determined hacker can attack thecommunication channel used by the notebook to steal the data beingtransceived. This poses a threat to sensitive data resident on the notebook asalso sensitive data resident on the network. Furthermore, this poses a threat tothe entire network, as a compromised communication channel can be vulnerableto various types of attacks on different critical pieces of the networkinfrastructure.
Threat Matrix
The table below performs a gap analysis on current solutions to notebook threat
models to point out the areas in which a TPM on the platform can help.
Threats Current Solutions Weaknesses TPM SolutionsData theft Data encryption
(EFS, VPN,encrypted email,etc.)
Encryption keysare stored on thehard disk and aresusceptible totampering
Protected storageof keys throughhardware
Unauthorizedaccess to platform
1. Username /Password
2. Biometrics and
external tokensfor userauthentication
1. Subject todictionaryattacks
2. Biometricscan bespoofed
3. Authenticationcredentialsnot bound toplatform
Protection ofauthenticationcredentials by
binding them toplatform
Unauthorizedaccess to network
Windows networklogon, IEEE 802.1x
1. Can bebypassed
2. Certificatecan be
spoofed3. Authentication
data is storedon the harddisk and issusceptible totampering
1. PKI basedmethod forplatformauthentication
2. Hardwareprotection ofauthenticationdata
7/31/2019 Trusted Platform Module White Paper
7/20
Trust ed Plat form Mo dule White Paper
Inte l Corporat ion Page 7 of 20
TPM ArchitectureThe TPM hardware along with its supporting software and firmware provides theplatform root of trust. It is able to extend its trust to other parts of the platform by
building a chain of trust, where each link extends its trust to the next one. Thefollowing sections describe the capabilities and contents of the TPM and explainhow the trust comes about in various usage scenarios.
The TPM is basically a secure micro-controller with added cryptographicfunctionalities. To simplify system integration into the PC platform, the TPM usesthe Low Pin Count (LPC) bus interface to attach to the PC chipset.
Crypto Capabilities
The TPM provides a set of crypto capabilities that allow certain crypto functionsto be executed within the TPM hardware. Hardware and software agents outside
of the TPM do not have access to the execution of these crypto functions withinthe TPM hardware, and as such, can only provide I/O to the TPM.A TPM has the following hardware crypto capabilities.
RSA Accelerator
The TPM contains a hardware engine to perform up to 2048 bit RSAencryption/decryption. The TPM uses its built-in RSA engine during digitalsigning and key wrapping operations.
Engine for SHA-1 hash algorithm
The TPM uses its built-in hash engine to compute hash values of small pieces ofdata. Large pieces of data (such as an email message) are hashed outside of theTPM, as the TPM hardware may be too slow in performance for such purposes.
Random Number Generator
The RNG is used to generate keys for various purposes.
Limited NVRAM for TPM Contents
Refer to the next sub-section for the TPM Contents.
Contents
The figure on the next page illustrates the various contents within the TPMsinternal hardware protected storage.
7/31/2019 Trusted Platform Module White Paper
8/20
Trust ed Plat form Mo dule White Paper
Inte l Corporat ion Page 8 of 20
Endorsement Key (EK)
The Endorsement Key (EK) is a public/private key-pair. The size of the key-pairis mandated to have a modulus (a.k.a. key size) of 2048 bits. The privatecomponent of the key-pair is generated within the TPM and is never exposedoutside the TPM.
The EK is unique to the particular TPM and therefore the particular platform.There are two ways to generate the EK. The first method is to use the TPMcommand specified for this purpose (TPM_CreateEndorsementKeyPair). Thesecond method is called squirting, in which the TPM manufacturer can squirtan externally generated EK into the TPM during the manufacturing process.
Note that much of the value (or trust) associated with the TPM comes from thefact that the EK is unique and that it is protected within the TPM at all times. Thisproperty is certified by the Endorsement Certificate (Cert). The same party thatprovides the EK may not provide the Endorsement Cert.
TPM
Platform
Platform Cert
Conformance Cert
End orsement Cert
TPM
Other Key
Other Key
PCR
Endorsement
Key (EK)
AttestationID Key
Attestation
ID Keys
7/31/2019 Trusted Platform Module White Paper
9/20
Trust ed Plat form Mo dule White Paper
Inte l Corporat ion Page 9 of 20
Attestation Identity Key (AIK)
AIKs are used to provide platform authentication to a service provider. This isalso called pseudo-anonymous authentication and is different from userauthentication. Refer to the section on attestation under usage models for anillustration of how AIKs are obtained.
Certificates
Three types of certificates that may be stored in the TPM are: EndorsementCertificate (Endorsement Cert), Platform Cert, and Conformance Cert.
The Endorsement Cert contains the public key of the EK. The purpose of theEndorsement Cert is to provide attestation that the particular TPM is genuine, i.e.that the EK is protected.
The Platform Cert is provided by the platform vendor and provides attestationthat the security components of the platform are genuine.
The Conformance Cert is provided by the platform vendor or an evaluation lab. Itprovides attestation by an accredited party as to the security properties of theplatform.
Software Stack
The figure below illustrates the TPM software stack. At the lowest level is theTPM hardware device, which is accessed via the TPM device driver library.
CCAAPPII PPKKCCSS##1111
TTSSSS ((TTCCPPAA SSooffttwwaarree SSttaacckk))
TTPPMM DDeevviiccee DDrriivveerr LLiibbrraarryy
TTPPMM HHaarrddwwaarree
AApplliiccaattiioonn AApplliiccaattiioonn AApplliiccaattiioonn
TTSSPP
7/31/2019 Trusted Platform Module White Paper
10/20
Trust ed Plat form Mo dule White Paper
Intel Corporat ion Page 10 of 20
Applications can utilize the TPM either through the MS-CAPI standard interface,or by directly implementing a communication interface with theTSS, especially forcertain TCPA functions that may not be supported by MS-CAPI.
TCPA Software Stack (TSS)
The TCPA Software Stack (TSS) is comprised of modules and components thatprovide the supporting functionality to the TPM. Based on the TCPAspecification, certain functions and services are outside of the scope of the TPMhardware. These functions and services are delivered using the host CPU andsystem memory. The TSS provides the necessary software architecture tosupport the offloading of security functions from the TPM to the main CPU andmemory resources of the system.
Microsoft* CAPI TPM Crypto Service Provider (CSP)
The Microsoft* Cryptographic API (CAPI) provides services that enableapplication developers to add cryptography to their Win32 applications.
Applications can use the functions in CAPI without knowing anything about theunderlying implementation of security hardware. All cryptographic operations areperformed by independent modules known as Cryptographic Service Providers(CSPs). One CSP, the Microsoft* RSA Base Provider, is bundled with theoperating system. Each CSP provides a different implementation of the CAPI.Some provide stronger cryptographic algorithms while others contain hardwarecomponents such as smartcards.
The Microsoft* CAPI system is composed of a number of different components,as illustrated in the figure below.
7/31/2019 Trusted Platform Module White Paper
11/20
Trust ed Plat form Mo dule White Paper
Intel Corporat ion Page 11 of 20
The TPM CSP provides an interface between the CAPI and theTSS. Since thescope of the TSS is much broader than that of the CAPI, several TSS capabilitiesare not accessible through the CAPI. Such advanced capabilities are directlyaccessed through the TSS applications needing such capabilities have todirectly talk to the TSS.
BIOS Code
The TCPA specifies the measurement of integrity of BIOS code at systemstartup. In order to accomplish such integrity measurement and reporting, thesystem BIOS has to be enhanced with integrity measurement functions.
Depending on the existing BIOS architecture, such enhancements can be acomplex task.
Platform vendors may wish to provide various pre-boot security functions usingthe TPM. The necessary code to provide such functions is either implementeddirectly within the system BIOS or provided as an option ROM.
Certificate Encode/Decode
Functions
Application
CryptoAPI
Certificate StoreFunctions
Simplified CryptographicFunctions
Message FunctionsCertificate Functions
Microsoft RSABase Provider
CSP #1
Smart CardService Provider
CSP #2
TTPPMM CCSSPP
Key Database
Base Cryptographic Functions
Key Database Key Database
CAPI
7/31/2019 Trusted Platform Module White Paper
12/20
Trust ed Plat form Mo dule White Paper
Intel Corporat ion Page 12 of 20
Whether or not any pre-boot functionality is provided on the platform, minimumchanges have to be made to the BIOS code to ensure that the TPM is defined asa motherboard device within the ACPI descriptor tables. This enables theOperating System to identify the device, allocate resources to it, and loadnecessary device drivers.
Usage Models
Hardware Protected Storage
Hardware protected storage provides the ability to protect the users secret datathrough a dedicated piece of hardware. Examples of secret data that the usermight want to protect include File Encryption keys, VPN keys, Authenticationkeys, etc. Hardware protection is accomplished by encrypting the secret data insuch a manner that it can only be decrypted by the dedicated piece of hardware,which contains the necessary private key.
For small pieces of secret data such as keys less than 2048 bits long, theencryption of the secret data can be performed within the TPM hardware usingits built in RSA engine. For large pieces of secret data, there are two options ingeneral:
1. The platform can encrypt the large piece of secret data using a one-timesymmetric key (less than 2048 bits). The platform can then use the TPMto protect the one-time symmetric key.
2. The platform can render the large piece of secret data as smaller blocks ofsecret data and then use the TPM to encrypt each of the smaller blocks.The platform has the responsibility to manage the block creation and re-
assembly to recover the original piece of secret data upon decryption.
In general, the first option is easier and faster. The figure below illustrates theprocess of using the TPM to encrypt a small piece of secret data.
The TPM implements a key hierarchy of all keys used for protected storagefunctions. The root of this hierarchy is the Storage Root Key (SRK). Each key inthe hierarchy is encrypted using the key that is at the next level up in thehierarchy. Thus, the encryption of secret data using the TPM results in a DataBlob and a Key Blob, both of which are opaque and can be stored away onarbitrary media.
7/31/2019 Trusted Platform Module White Paper
13/20
Trust ed Plat form Mo dule White Paper
Intel Corporat ion Page 13 of 20
Binding Information to the Platform
Certain types of critical data can be logically bound to the platform on which theycan be used. Data that is bound to a particular platform is only accessible by thatplatform if the conditions specified in the binding are met. If this data migrates toa different platform, or if the specific binding conditions on the same platform arenot met, the data cannot be accessed.
Specific hardware and/or software configuration information about the platformcan be used to implement the logical binding of critical information to it. Suchinformation about the platform is calculated by the TPM software stack andstored into the Platform Configuration Registers (PCR) available within the TPM.
While binding secret data to the platform, the TPM merges the data together withthe values contained in one or more PCR registers and then encrypts thecombination as a whole. At a later time, when the secret data needs to beaccessed, the values of the necessary platform configurations are calculated andthe data is released for use only if the calculated and stored values match.
DDaattaa
KK
RRSSAADDaattaaBBlloobb
SSRRKK
KKeeyy
BBlloobb
KK--11
FFEEKK
FFiilleeEEnnccrryyppttiioonn
PPllaaiinntteexxttFFiillee
VVPPNNKKeeyy
880022..11xxkkeeyy
TTPPMM
EEnnccrryypptteeddFFiillee
7/31/2019 Trusted Platform Module White Paper
14/20
Trust ed Plat form Mo dule White Paper
Intel Corporat ion Page 14 of 20
Attestation (Platform Authentication)
The figure below illustrates the process of acquiring AIKs.
TTPPMM
DDaattaa
PPCCRR nn
BBiinndd
KK
SSRRKK
KK--11
DDaattaaBBlloobb
KKeeyyBBlloobb
Platform Cert
Conformance Cert
Endorsement Cert
TPM
Attestation
ID Key
Endorsement
Key (EK)
Attestation
ID Keys
PlatformTrusted 3rd Party
(Privacy CA)
2
2. Owner sends ID request toTTP
4
4. TTP signs ID
5
5. Signed ID sent to TPM
ID PubKe
1. Owner bundles into an IDrequest:New ID PubKeyEndorsement Cert,Platform Cert,Conformance Cert
1
3. TTP verifies Certificates
3
7/31/2019 Trusted Platform Module White Paper
15/20
Trust ed Plat form Mo dule White Paper
Intel Corporat ion Page 15 of 20
AIKs are created using Certificates (also called Credentials) available within theTPM. AIKs do not have any direct association with the EK or the credentials.
AIKs are always bound to the platform and can be used to provide attestation tothe platforms identification and configuration. It is important to note that the
service provider (or challenger) trusts the Trusted Third Party (TTP) to do its duediligence before issuing AIKs to a platform.
Example Application (Microsoft* Outlook)
The illustration below shows how the TPM can be used through Microsoft*Outlook to acquire an email signing/encryption certificate from a TTP such asVerisign*, and carry out email signing and encryption.
MMiiccrroossoofftt**OOuuttllooookk XXPP
VVeerriissiiggnn**WWeebbssiittee
PrivateKey
PPuubblliiccKKeeyy
Create New Key
TTPPMM
11
22
33
44
55
* Note: Third Party Brands and Trademarks are Property of Their Respective Owners.
OOuuttllooookk GGeett ddiigg iittaall IIDD llaauunncchheess VVeerr iissiiggnn wweebbssiittee VVeerriissiiggnn uusseess TTPPMM CCSSPP ttoo ttaallkk ttoo TTPPMM hhaarrddwwaarree TTPPMM ggeenneerraatteess aa nneeww kkeeyy ppaaii rr ffoorr ssiiggnniinngg TTPPMM sseenndd tthhee ppuubblliicc kkeeyy ooff aabboovvee ppaaiirr ttoo VVeerriissiiggnn VVeerriissiiggnn ssiiggnnss tthhee ppuubblliicc kkeeyy aanndd rreettuurrnnss ttoo OOuuttllooookk
7/31/2019 Trusted Platform Module White Paper
16/20
Trust ed Plat form Mo dule White Paper
Intel Corporat ion Page 16 of 20
TPM implementation on Notebook PCs
Mechanical Requirements
The TPM has to be permanently attached to the motherboard by soldering itdown. This reinforces the fact that the TPM provides a 1:1 binding between itselfand the platform that it is attached to. Due to this requirement it is a good idea tofactor in the real estate required for the TPM at an early stage in the motherboarddesign and layout process. The TCPA also recommends the provision of atamper detection mechanism that can provide tamper evidence. An example of atamper detection mechanism is the use of tamper tape.
Electrical Requirements
The TPM attaches to the platform via the LPC bus. Mobile platforms implementaggressive techniques for power management to conserve battery life. The LPCbus is powered down during platform sleep states and so is the TPM. It isimportant that the TPM comply with platform power management schemes, asspecified in the ACPI specification.
MMiiccrroossoofftt**
OOuuttllooookk XXPP
TTPPMM
PrivateKey
RRSSAASSiiggnn
11
33
OOuuttllooookk sseennddss HHAASSHH vvaalluuee ooff eemmaaiillmmeessssaaggee tteexxtt ttoo TTPPMM
TTPPMM ssiiggnnss ((RRSSAA eennccrryyppttiioonn)) tthhee HHAASSHHuussiinngg iittss PPrriivvaattee KKeeyy
TTPPMM rreettuurrnnss tthhee ssiiggnneedd bblloobb bbaacckk ttooOOuuttllooookk
22
* Note: Third Party Brands and Trademarks are Property of Their Respective Owners.
7/31/2019 Trusted Platform Module White Paper
17/20
Trust ed Plat form Mo dule White Paper
Intel Corporat ion Page 17 of 20
Software Requirements
All the components identified in the software stack subsection of the TPMarchitecture section are required. At this time there is no single provider of all thedifferent software components, and as such, each TPM vendor has to supply allthe necessary components to implement their TPM part on the platform.
Privacy Related Requirements
Please refer to the next section on managing privacy.
Managing Privacy
Introduction
Privacy is extremely important to every business and individual concerned aboutprotecting confidential & personal information. In the computing context, privacy
provides a way to prevent others from gaining access to information without theinformed consent of its owners. Cell phones, caller ID, credit cards, and Internetprovide people with dramatic new levels of freedom that can enhance businessprocesses and personal lives, but these innovations come with a privacy pricetag. All of these systems are capable of providing information, including financialand personal data that most users assume to be confidential. The TCPA believesthat the ability to ensure such confidentiality through privacy controls is anessential prerequisite of a trusted system. The following sections take a look atthe different types of platform users and the privacy control mechanismsavailable on a TPM device.
Customer TypesAs described in the previous sections, the TPM helps provide means to protectdata and to provide platform identification in a trusted manner. Different types ofusers have different security and privacy needs. Below are two broad categoriesof platform users.
Privacy conscious consumer
This type of user is extremely protective of his platform and doesnt necessarilyunderstand the exact benefits and limitations of a TPM based platform. This typeof user would rather just not use the TPM.
A variation of this category is a user that wants to control when & how the TPMin the platform is used. For example, this user may want to use the protectedstorage capability of the TPM at all times, but not the capability to provideplatform authentication. This type of user would need a way to disable theplatform attestation capability when he has to.
7/31/2019 Trusted Platform Module White Paper
18/20
Trust ed Plat form Mo dule White Paper
Intel Corporat ion Page 18 of 20
Enterprise User
This type of user has limited control of the security and privacy functions of theplatform, as these are controlled by the corporate IT department.
Privacy Requirements
Fair information practices require the use of the following principles (whereapplicable) while designing a product with privacy related implications:
Notice
Before collection of information, or its use or disclosure, the owner of theinformation must be notified about the who, how, what & why aspects of theinformation transfer. The notice must be provided in a clear, easy to read andfollow type of manner.
In the case of platforms with TPMs, the owner of the platform must be madeaware of the nature and extent of the security features provided by the TPM, anda set of guidelines for proper use.
Access
Individuals must be given reasonable access to personal information for thepurpose of reviewing for accuracy and making updates. This principle is notdirectly applicable to TPM based platforms.
Choice
An individual is able to decide if and how their private information may be used.Choice is typically provided through Opt-in or Opt-out mechanisms.
Opt-in
This mechanism requires the user to say Yes before a particular function,feature, or service is provided, i.e. it is disabled by default.
Opt-out
This mechanism requires the user to explicitly say No to a particular feature orfunction to disable it, i.e. it is enabled by default.
In the case of platforms with TPMs, the platform manufacturer must provide amechanism for user opt-in or opt-out according to the manufacturers product
privacy guidelines.
Security
This refers to the protection of private information that is stored or transmitted.
In the case of platforms with TPMs, the TPM, if enabled, enables protectedstorage of private information.
7/31/2019 Trusted Platform Module White Paper
19/20
Trust ed Plat form Mo dule White Paper
Intel Corporat ion Page 19 of 20
TPM Configuration & Shipping Options
The TPM allows for numerous states to be set before the shipping of theplatform. The three main controls on the TPM are: Physical Presence, EnableOwnership, and Enabling the TPM. The stated default in the specification is toship without a TPM Owner, with TakeOwnership disabled and the TPM itself
disabled. This combination is the most restrictive and the highest privacysensitive setting.
The platform manufacturer will set the TPM according to the requirementsspecified by the platform user. Thus, although the physical hardware may beexactly the same, the settings may be different.
Physical Presence requires that the platform designer include some mechanismto indicate that a human is next to the platform. This could be the inclusion of a
jumper that can be set, a button to push (including the keyboard), or biometricdevice. It is important that this mechanism creates an unambiguous indication
that the human is present something that cannot be spoofed by local orremotely running software.
The TPM must have an owner to perform most operations. Taking ownership,as a TCPA function, has to be accomplished by the platform (and TPM) ownerbefore the TPM can perform any useful operations. One way to clear anyprevious ownership and create a new TPM owner is through the physicalpresence mechanism. The TakeOwnership flag provides the capability todisallow the creation of a TPM owner.
The TCPA provides mechanisms to temporarily activate/deactivate and
enable/disable the TPM. Please refer to the TCPA specification for the details.However, in addition to the privacy protections provided by the TCPA, it isgenerally a good idea to provide a separate hardware disable mechanism for theTPM device in the system so that it is possible to guarantee that the TPM deviceis completely shut off in the system when required.
Banias TPM Enabling InitiativesThe TPM is a key element of Intels Safer Computing initiative. On September10, 2002, at the Intel Developers Forum in San Jose, CA, Intel and VeriSign*announced their collaboration on enhancing the value and garnering industry
support of safer computing for PC clients, with an initial focus on next generationwireless notebook PCs. VeriSign* will optimize its digital certificates andPersonal Trust Agent (PTA) on the future mobile computing platforms with TPMsupport, based on Intels next generation mobile processor, code named Banias.The collaboration will enable PC OEMs to integrate VeriSigns* PTA and digitalcertificates into Banias processor-based notebooks, enabling a platform ready forcorporate IT to deploy with VeriSigns Public Key Infrastructure services to
7/31/2019 Trusted Platform Module White Paper
20/20
Trust ed Plat form Mo dule White Paper
I l C i P f
enable strong authentication, authorization, digital signatures, encryption andmore secure messaging.
Intel and VeriSign* will jointly promote security (especially security on wirelessnotebooks), TPM version 1.1 adoption, and VeriSigns* Managed PKI services.
By incorporating digital certificate functionality into TPM chips that supportBanias processor-based notebook PCs, a users digital certificates and attributescan be stored in hardware, making it much more difficult to compromise thecertificates and attributes via traditional network or Internet connections. Thisalso transforms any TPM-enabled Banias processor-based notebook PC into adigital credential that can then be used to perform many e-business functions inthe corporate IT environment, such as single sign-on, more secure remoteaccess, and trusted peer-to-peer computing.
References
TCPA Main Specification v1.1bTSS Specification v1.0TCPA PC Specific Implementation Specification