Professional Documents
Culture Documents
Tcpa Defcon 10
Tcpa Defcon 10
| Trusted Platform
Module (TPM), aka the
“Fritz Chip.”
z Tamper resistant chip
to be included on all
future motherboards.
z Surface mount; either
a separate part or
integrated into the
chipset.
z Common Criteria
EAL3 [augmented]
certified.
TPM Functionality Categories
| Measurement
| Reporting
TPM Measurement
| Cryptographic operations
| Key store
| Key management
| Cryptographic operations:
z Hashing (SHA-1, HMAC).
z Random number generation (RNG), post-
whitening output only.
z Asymmetric key generation (2048-bit RSA).
z Asymmetric key encrypt/decrypt (2048-bit
RSA).
z Symmetric encrypt/decrypt (3DES, AES).
• Symmetric key operations may be performed off-
chip.
| Tamper-resistant hash and key store.
TPM Key Management
| Endorsement Key
z Unique RSA key generated at time of
manufacture. Signed by
manufacturer’s key, which is signed
by the TCPA master key. Used to
prove that the TPM is genuine.
| User Keys
z One or more user RSA keys certified
by a “Privacy CA” at time of TPM
activation. Used to identify user.
TCP pre-OS Boot Process
Option
Store hash
ROMs
DRM
boot Store hash
loader
TPM
OS Store hash
Approved
Hardware
List (HCL),
Serial AES RSA
Number Load OS decrypt decrypt OS
Revocation OS binary binary key
List (SRL)
Phase II:
OS is running
inside TPM
TCP OS Known Initial State
| BIOS is TCPA-approved.
| PCI cards are TCPA-approved.
| DMA devices do not enable unapproved
access to operating RAM.
| No kernel-level debugger is loaded.
| Initial list of undesirable applications is
available for processing.
| Examples of TCPA operating systems:
z Microsoft: Palladium (DRM OS patent).
z HP: Linux.
TCP OS Initial Tasks
DRL
Servers
Verify
Obtain fresh
mandatory
SRL Obtain Document
applications are Application
Server fresh SRL. Revocation
running is ready
List (DRL).
(Spyware). for user.
Post-application Load
| Application
z Verifies hashes in TPM.
z Verifies application is licensed for the current
motherboard.
z Checks secure time against application
license duration.
z Obtains application-specific SRL via the
network.
z Verifies required applications are running.
(Enforces Spyware licensing).
z Obtains current Document Revocation List
(DRL) via the network.
TCPA Stifling Competition
| HP is developing a TCPA-compliant
version of Linux.
| GPL requires the result to be Open
Source.
| Source code will compile and can be
verified.
| But: the source alone is useless
without a TPM-specific certificate.
Suggested Fixes to the GPL
| Processor ID:
z Intel went alone. AMD publicly rejected
Processor ID.
z Online privacy advocates were not
considered a serious threat.
| TCPA:
z Intel, AMD, Motorola, BIOS vendors, system
vendors, and application vendors are all on
board.
z Two-prong technical and legislative initiative.
z Online privacy groups were briefed early.
TCPA-Enabled Platforms
Laptops Servers
PDAs
Mobile Phones
The End Result
TCPA Palladium
Published Published
specifications focus specifications focus
on pre-OS boot. on post-OS boot.
Higher measurement Lower measurement
resolution. resolution.
Support for multiple Support for MS
operating systems. Windows only.