Trusted Platform Module (TPM) was conceived by a
computer industry consortium called
Trusted Computing Group (TCG), and was standardized by
International Organization for Standardization (ISO) and
International Electrotechnical Commission (IEC) in 2009 as ISO/IEC 11889.
[1]
When a new revision is released it is broken down into 3 parts by the Trusted Computing Group. Each part consists of a PDF that makes up the whole of the new TPM specification.
- Part 1 – Design Principles
- Part 2 – Structures of the TPM
- Part 3 – Commands
TCG continues to revise the TPM specifications keeping it up with current needs.
TPM Main Specification Version 1.2 was finalized on March 3, 2011, completing its revision.
[2] TCG then released
TPM Library Specification 2.0, with its most recent edition published in 2019.
[3]
Trusted Platform Module provides
- A hardware random number generator[4][5]
- Facilities for the secure generation of cryptographic keys for limited uses.
- Remote attestation: Creates a nearly unforgeable hash key summary of the hardware and software configuration. The software in charge of hashing the configuration data determines the extent of the summary. This allows a third party to verify that the software has not been changed.
- Binding: Encrypts data using the TPM bind key, a unique RSA key descended from a storage key[clarification needed].[6]
- Sealing: Similar to binding, but in addition, specifies the TPM state[7] for the data to be decrypted (unsealed).[8]
- Other Trusted Computing functions for the data to be decrypted (unsealed).[9]
Computer programs can use a TPM to
authenticate hardware devices, since each TPM chip has a unique and secret Endorsement Key (EK) burned in as it is produced. Security embedded in hardware provides more protection than a software-only solution.
[10]
github.com
