tpm

问题 I simply want to store one 32 bytes long symmetric key persistently in the NV storage of the TPM and after a power-cycle, use it (without getting it out of the TPM) to encrypt small-sized data. I've tried to do that in two different ways: 1) Create the key with TPM's random bytes generator Define space in NV and write the key in it Problem : I know how to read it, but how can I load it so I can use it inside the TPM? 2) Create an AES key with TPM2_Create command Make it persistent with TPM2

问题 I'm reading up on my upcoming project that involves using my laptop's TPM on authentication software written in Java. A few entries came out on Google, but most of them are quite old, and I have no idea which is the best tutorial. So I'd like to know what's the recommended API to use, and where is the best place to get information from. Thanks. 回答1: To communicate with a TPM you need a Trusted Software Stack (TSS) . There are two major freely available TSS: TrouSerS and jTSS. jTSS is written

问题 I need to run .exe on client machine, which will create key pair within TPM. And then I will create CSR with public key part of key pair generated by TPM. My concerns are how do i ensure that keys are created inside TPM , and not by spoofed TPM. Which would enable private key to be migrated and copied. I heard that is what AIKs are for , but i don't understand how can this prevent TPM for being spoofed? One solution that i can think of is : I go to client, boot from USB with trusted OS, and

问题 I've gotten the Signing sample from here to run against the TPM Simulator. It looks like I have some sort of reference to the public key after calling: TpmPublic keyPublic; //This seems to have what we're looking for CreationData creationData; TkCreation creationTicket; byte[] creationHash; // // Ask the TPM to create a new primary RSA signing key. // TpmHandle keyHandle = tpm[ownerAuth].CreatePrimary( TpmRh.Owner, // In the owner-hierarchy new SensitiveCreate(keyAuth, null), // With this

问题 I've gotten the Signing sample from here to run against the TPM Simulator. It looks like I have some sort of reference to the public key after calling: TpmPublic keyPublic; //This seems to have what we're looking for CreationData creationData; TkCreation creationTicket; byte[] creationHash; // // Ask the TPM to create a new primary RSA signing key. // TpmHandle keyHandle = tpm[ownerAuth].CreatePrimary( TpmRh.Owner, // In the owner-hierarchy new SensitiveCreate(keyAuth, null), // With this

问题 So far I know that the TPM is using thermal noise for generating true random numbers. But I'm also sure that the TPM uses more sources for the entropy. In that that keystroke timings, drive seek time, or clock jitter would be possibilities. But which sources does the TPM use? And how does it convert them into a true random number? 回答1: How a TPM's random number generator has to look like can be read in the specification. For TPM 1.2, I link this PDF: Part 1 Design Principles When you look at

问题 I am trying to initialize the TPM set an owner create AIKs Any help/link would be appreciated. 回答1: Read MSDN. TBS Reference: http://msdn.microsoft.com/en-us/library/aa446794(VS.85).aspx Using TBS: http://msdn.microsoft.com/en-us/library/ms725663(v=VS.85).aspx TBS Base Services: http://msdn.microsoft.com/en-us/library/aa446796(VS.85).aspx You may also want to look at this article from MS about TPM, some of them with sample code: Overview of TPM Management http://technet.microsoft.com/en-us

问题 Is it possible to prove to the remote party that the application I am running in my system is the same as I am claiming that I am running using DRTM or SRTM? If yes then How? 回答1: Theoretically: yes. The concept is called remote attestation. The basic idea is: First you have a sound chain of trust built on your platform, like: BIOS ==> Boot loader ==> OS ==> Applications The resulting measurements are stored in the PCRs. Now you can let the TPM sign this set of PCRs, that's called quote . You

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago . I'd like to perform a TPM Seal operation in windows. I'm familiar with C++ programming but have no idea what libraries I'd even use. I'm currently stuck with the following two questions: Can I perform this action using e.g. WMI and a powershell script? This http://msdn.microsoft.com/en-us/library/windows/desktop

问题 How to extend the running application into PCR? and Which PCR can be used for it? 回答1: I assume you mean a TPM version 1.2 on a PC platform, so the following specification documents are of interest for you: TPM Main Part 2 TPM Structures TCG PC Client Specific TPM Interface Specification (TIS) Now to your questions: "How to extend the running application into PCR?" You need some piece of software that identifies " the running application " (= measure ) and issue a TPM_Extend command to the