![]() ![]() An EK can prove the AK came from a particular TPM, but to protect privacy the design prevents tracing an AK back to its EK/TPM.Īnother important part of a TPM is the Platform Configuration Register (PCR). Attestation Key (AK) which can be used to hash critical measurements to prove they came from the TPM.Storage Root Key (SRK), which is based on the EK and an owner-specific password.From this key are derived other keys used by the TPM including: TPMs are designed so that this secret key is sealed inside the chip and can’t be obtained without destroying the chip itself. “Sealing” of data: encryption that can only be unlocked if the TPM is in a specified stateĮach TPM chip has a secret Endorsement Key (EK) that is burned into it during manufacturing.Secure generation and storage of cryptographic keys.Data encryption – symmetric and asymmetric.A hardware random number generator (RNG).These chips provide several features, including (but not limited to): The specification is designed to provide a secure hardware cryptoprocessor, a dedicated chip designed to secure hardware using cryptographic keys and operations. The TPM specification is an operating system agnostic, international standard (from the Trusted Computing Group and International Standards Organization). This is actually the goal of a Trusted Platform Module (TPM), to establish a hardware root of trust that can be used to measure and extend that “ trust” up the stack to user-level software. We believe in sharing early and often the things we’re working on, but we want to note that unless otherwise stated the technologies and how-tos shared here aren’t part of supported products, nor promised to be in the future. Red Hat’s Emerging Technologies blog includes posts that discuss technologies that are under active development in upstream open source communities and at Red Hat. If trust could be established at the lowest level of hardware, could that trust be extended, and verified all the way up? ![]() If we’re developing a system or application, how can we trust that one of the many layers below us hasn’t been compromised? The world might be turtles all the way down but software does eventually end with hardware. Not only do we rely on their performance and functionality, we rely on them for security. Most of us only really work in one or two of those layers but we rely on all of the others below us to keep working. Modern software is layers upon layers upon layers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |