 English |
|
|
|
|
|
|
|
| L12-TCPA-PALLADIUM Datasheet, PDF (3/12 Pages) List of Unclassifed Manufacturers – TCPA and Palladium | |||
| |||
| ◁ |
3
Figure 1: The Authenticated Boot Process (courtesy of Joe Pato, HP Labs)
To achieve this, TCPA relies on the concept of a root of trust. A third party can rely on information
provided by a platformâs root of trust. The root of trust must be able to report on software that has
been executed, and must be able to keep secrets from the rest of the platform. There are two roots
of trust and it is necessary to trust these roots of trust for TCPA mechanisms to be relied upon.
⢠A root of trust for reporting â The component that can be trusted to store and report reliable
information about the platform
⢠A root of trust for measurement â The component that can be trusted to reliably measure
and report to the root of trust for reporting what software executes on platform boot
The Trusted Platform Module (TPM)
The TPM is the Root of Trust for Reporting and is uniquely bound to a single platform. TPM
functions and storage are isolated from all other components of the platform. The TPM is tamper
resistant and tamper evident. It also contains various cryptographic functions and properties includ-
ing PRNG, key storage, and some cryptographic functions. However, there is no bulk cryptography
built into the TPM.
The Core Root of Trust for Measurement (CRTM)
The CRTM is the ï¬rst piece of code that executes on a platform at boot time. It must be trusted
to property report to the TPM what software executes after it. The CRTM reports a hash of the
BIOS to the TPM, the TPM stores this, and then CRTM passes oï¬ control to the BIOS. The BIOS
hashes various ROMS associated (i.e. the OS Loader) with bootup, TPM securely stores this, the
BIOS then loads and executes ROM procedures.
Q: How does CRTM ensure that the boot is authentic?
A: The CRTM builds a chain of hash codes for each portion of the boot. This chain is used to
ascertain exactly what software was loaded on boot, the user can then check this with past
boot chains and gauge if the boot sequence has been tampered with.
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese