![]() ![]() A measure is just a digest (let’s say, a SHA256) of a memory region. Starting from a root of trust (typically the SoC Boot ROM), each software stage during the boot process (BL1, BL2, B元1, B元3/U-Boot, Linux) is supposed to do some measurements and store them in a safe place. These secrets are not exposed anywhere (unlike with any standard storage media) and TPMs have the capability to release these secrets only under specific conditions. Indeed, TPMs offer a small secure locker where users can store keys, passwords, authentication tokens, etc. It is impossible to know what has been corrupted exactly, but knowing someone has is already enough to not reveal secrets. Measuring boot is a way to inform the last software stage if someone tampered with the platform. ![]() Trusted Platform Module connected over SPI to Marvell EspressoBin platformĪmong the functions listed above, this blog post will focus on the measured boot functionality. If you need more details, there are many documents available at. ![]() The TPM2.0 specification is not backward compatible and this is the one this post is about. These TPM chips are either compliant with the first specification (up to 1.2) or the second specification (2.0+). The Trusted Computing Group (TCG) delivers a document called TPM Interface Specifications (TIS) which describes the architecture of such devices and how they are supposed to behave as well as various details around the concepts. It offers numerous features, such as storing secrets, ‘measuring’ boot, and may act as an external cryptographic engine. A Trusted Platform Module, in short TPM, is a small piece of hardware designed to provide various security functionalities. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |