Improved Controllability
Separated control of the privacy and
• Different key hierarchies – storag
• Different authorizations – ownerA
• Different enables – shEnable and
• User gets to decide what gets us
TPM is more useful to the platform m
• Private key hierarchy
• Can use TPM to help ensure sec
Separate control for anti-hammering
• Owner knows the lockoutAuth (h
• Lets the OS manage the ownerA
Starting with Win8, have simplified T
26 Sept. 11
y
d security aspects of the TPM
ge and endorsement
Auth and endorsementAuth
d ehEnable
sed, or not
manufacturer
cure updates to the firmware
g reset
hopefully)
Auth
TPM provisioning
1, 2013
Miscellaneous Improvem
Added a notion of time
• Can set an expiration time for a k
• Can set an expiration on an auth
Better use of non-volatile memory
• Counters, revocation bits, and ap
• Special mode allowing high upda
Made it easier for different manufact
the same
• Specification contains source co
• Possible to build a TPM simulato
• Sources available to anyone
• Microsoft also provides machi
27 Sept. 11
ments
key
horization
pplication-specific PCR
ate rate without endurance problems
tures to build devices that worked
ode for all commands
or to test the specification
ine-readable sources to TCG members
1, 2013
Windows Sup
28 Sept. 11
pport of TPM
1, 2013
Windows Support of TPM
TPM 2.0 is a Win8 certification requi
systems
• These are the devices that are a
network (such as a cell phone)
Microsoft is planning on making TPM
regardless of the system type
• 2015 timeframe to give vendors
Microsoft is driving ubiquity because
security benefit of the TPM
• Easier to do this now that TPM 2
issues
• Also, not likely that TPM 2.0 will
cryptography
29 Sept. 11
M
irement for all “connected standby”
always on and connected to some
M 2.0 a certification requirement
time to plan for the transition
e everyone deserves to have the
2.0 has addressed many of the cost
be obsolete due to changes in
1, 2013
Current Windows TPM A
BitLocker / Device Encryption
Virtual Smart Card – TPM can be en
smart card for the computer
• Direct Connect can use this for a
• Don’t need to have a smart card
Keys with certificates can be protect
Measured Boot
More coming in Win8.1
• Details in Chris Hallum’s present
30 Sept. 11
Applications
nrolled and made to look like a
access to corporate network
reader on every computer
ted by TPM
tation
1, 2013
Quest
tions?
Thanks fo
or Coming!
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
The Hardware Identity The TPM uses an asymmetric key to identity the hardware • Key is statistically unique • In TPM 1.2, it is an RSA key,
Discover the best professional documents and content resources in AnyFlip Document Base.
Search