东北大学：《可信计算基础》课程教学资源（PPT课件讲稿）第6章 TPM核心功能（主讲：周福才）

第6章TPM核心功能永学 6.1TPM架构 6.2安全度量和报告 6.3远程证明 数据保护 5TPM密钥管

第6章 TPM核心功能 6.1 TPM架构 6.2 安全度量和报告 6.3 远程证明 6.4 数据保护 6.5 TPM密钥管理

1TPM架构 ⌒录 3大子 Smn nOrtheastern University TPM至少需要具备四个 主要功能:对称非对称 加密、安全存储、完整 TPM 操作系统 性度量和签名认证。数 非易失性 执行引擎 程序代码 储存 据的非对称加密和签名 可选状态配置 认证是通过RSA算法来「惠失性 实现的,而完整性度量 SHA1协处理器 则是通过高效的SHA1 随机数生成器 平台配置 RSA RSA 散列算法来完成,对称|处器|密钙生成 AIK 加密可以使用任意算法 既可以使用专用协处 理器也可以使用软件来 完成。三

6.1 TPM 架构 TPM至少需要具备四个 主要功能：对称/非对称 加密、安全存储、完整 性度量和签名认证。数 据的非对称加密和签名 认证是通过RSA算法来 实现的，而完整性度量 则是通过高效的SHA-1 散列算法来完成，对称 加密可以使用任意算法 ，既可以使用专用协处 理器也可以使用软件来 完成

1TPM架构 ⌒录 3大子 Northeastern University 口非易失性存储(N。 n-Volatile Storage) 口平台配置寄存器PCR 口身份认证密钥(Ates Platform Program Confiquration Identity 口程序代码( Program〔 Register(PCR) Key (AlK Communications 口随机数生成器RNG 口SHA-1引擎 Random Number Engine Generation Engine/Optin//Exec SHA-1 Key RSA Engine 口密钥生成( Key Gen,) Generator Trusted Platform Module(TPM) 口可选状态配置(opt-in) 口执行引擎( Exec engine) 口输入输出I/0

6.1 TPM 架构  非易失性存储（Non-Volatile Storage）  平台配置寄存器PCR  身份认证密钥（Attes. Id. K.)  程序代码（Program Code）  随机数生成器RNG  SHA-1引擎  密钥生成（Key Gen.）  可选状态配置(Opt-in)  执行引擎（Exec engine）  输入输出I/O

1TPM架构 ⌒录 3大子 Smn nOrtheastern University ●Non- olatile Storage Non-volatile storage is used to store Endorsement Key(EK), Storage Root Key (SRK),owner authorization data and persistent flags 非易失存储器:EK(2048bi)、EK证书、SRK(2048b)及 所有者( Owner)授权数据(160b)等 O Attestation ldentity Keys(Alk attestation Identity Keys must be persistent, but it is recommended that alk keys be stored as blobs in persistent external storage(outside the TpM rather than stored permanently inside TPM non-volatile storage. 专用于对TPM产生的数据(如TPM功能、PCR寄存器的值 等)进行签名的不可迁移的密钥,由TPM所有者生成

6.1 TPM 架构 ⚫ Non-Volatile Storage ❖ Non-volatile storage is used to store Endorsement Key (EK), Storage Root Key (SRK), owner authorization data and persistent flags. 非易失存储器：EK(2048bit)、 EK证书、SRK(2048bit)及 所有者(Owner)授权数据(160bit)等 ⚫ Attestation Identity Keys (AIK) ❖ Attestation Identity Keys must be persistent, but it is recommended that AIK keys be stored as Blobs in persistent external storage (outside the TPM), rather than stored permanently inside TPM non-volatile storage. 专用于对TPM产生的数据（如TPM功能、PCR寄存器的值 等）进行签名的不可迁移的密钥，由TPM所有者生成

1TPM架构 ⌒录 3大子 Northeastern University ●|O 冷 Protocol en-/decoding Enforce access policies associated with opt-in or other tpm functions ● Program Code Program code contains firmware for measuring platform devices. Logically, this is the Core Root of Trust for Measurement (CRTM 程序代码包含测量平台设备的固件。从逻辑上讲,这是 对可信核心根(cRTM)的测量

6.1 TPM 架构 ⚫ I/O ❖ Protocol en-/decoding ❖ Enforce access policies associated with Opt-in or other TPM functions ⚫ Program Code ❖ Program code contains firmware for measuring platform devices. Logically, this is the Core Root of Trust for Measurement (CRTM). 程序代码包含测量平台设备的固件。从逻辑上讲，这是 对可信核心根（CRTM）的测量

1TPM架构 ⌒录 3大子 Smn nOrtheastern University O Random Number Generator(RNG) RNG is the source of randomness in the TPM % The TPM uses these random values for nonce sy key generation and randomness in signatures allows implementation of a Pseudo random Number Generator( PRNG)algorithm .o the rnG output may or may not be shielded data (by the TPM or by external caller

6.1 TPM 架构 ⚫ Random Number Generator (RNG) ❖ RNG is the source of randomness in the TPM ❖ The TPM uses these random values for nonces, key generation and randomness in signatures. ❖ allows implementation of a Pseudo Random Number Generator (PRNG) algorithm ❖ The RNG output may or may not be shielded data (by the TPM or by external caller)

1TPM架构 ⌒录 3大子 Smn nOrtheastern University ●SHA-1 Engine A SHa-1 message digest engine is used for com puting signatures, creating key blobs and for general purpose use. ● HMAC engine i Computes the HMac digest auth Digest resulting from a secret and arbitrary data auth Digeste-HMAC(secret, data) Mainly used in TPMs authentication protocols provides two pieces of information to the TPM: proof of knowledge of the authorization data and proof that the request arriving is authorized and has no modifications made to the command in transit See OSAP/OlAP protocols

6.1 TPM 架构 ⚫ SHA-1 Engine ❖ A SHA-1 message digest engine is used for computing signatures, creating key Blobs and for general purpose use. ⚫ HMAC engine ❖ Computes the HMAC digest authDigest resulting from a secret and arbitrary data ➢authDigest←HMAC( secret, data) ❖ Mainly used in TPM’s authentication protocols ➢provides two pieces of information to the TPM: proof of knowledge of the authorization data and proof that the request arriving is authorized and has no modifications made to the command in transit. ➢See OSAP/OIAP protocols

1TPM架构 ⌒录 3大子 Smn nOrtheastern University ● RSA Key Generation tcG standardizes the rsa algorithm for use in TPM modules. Its recent release into the public domain makes it a good candidate for TCG. the RSa key generation engine is use to create signing keys and storage keys ● RSA Engine the rsa engine is used for signing with signing keys, encryption/decryption with storage keys, and decryption with the EK

6.1 TPM 架构 ⚫ RSA Key Generation ❖ TCG standardizes the RSA algorithm for use in TPM modules. Its recent release into the public domain makes it a good candidate for TCG. The RSA key generation engine is use to create signing keys and storage keys. ⚫ RSA Engine ❖ The RSA engine is used for signing with signing keys, encryption/decryption with storage keys, and decryption with the EK

1TPM架构 ⌒录 3大子 Smn nOrtheastern University ● Execution Engine the execution engine runs program code. It performs TPM initialization and measurement taking. o Platform Configuration Registers (PCR) .a Pcr is a 160-bit/20-byte storage location which is used to store integrity measurements Whether a PCR must be used to store a specific measurement(e.g. the CrTM, BlOS.Option ROM code., or, whether it is available for general use, is specified in platform specific specifications

6.1 TPM 架构 ⚫ Execution Engine ❖ The execution engine runs program code. It performs TPM initialization and measurement taking. ⚫ Platform Configuration Registers (PCR) ❖ A PCR is a 160-bit/20-byte storage location which is used to store integrity measurements. ❖ Whether a PCR must be used to store a specific measurement (e.g. the CRTM, BIOS…Option ROM code…), or, whether it is available for general use, is specified in platform specific specifications

1TPM架构 ⌒录 3大子 Smn nOrtheastern University Central Processing Unit (CPU) raphi Graphics and Memory Controller Controller HUB(GMCH System Memory Chipset(Northbridge Hard Disks Interface Controller USB Devices HUB (ICH Expansion Cards Chipset(Southbridge Network Interface Low Pin Count(LPC)Bus System BIOS TPM Floppy Drive Parallel 1/o Super 1/0 PS/2 (Legacy Devices) Serial l/o TPM Integration into Pc - Hardware

6.1 TPM 架构