Foundational Specifications
TPM Library Specification
This is the "main" TPM specification. It is broken down into the following parts:Part 1: Architecture
Part 2: Structures
Part 3: Commands
Part 4: Supporting Routines
https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0.zip
PC Client Platform Firmware Profile
The PC Client Platform Firmware Profile specifies requirements for the TPM as it is practically implemented on a platform; i.e., not TPM in an abstract sense, but how you would actually implement a TPM on a real system. Issues covered include platform and firmware provisioning, usage of a TPM to record measurements of platform code, PCR mapping, and functional interfaces. The target audience for this document is platform manufacturers.https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf
PC Client Specific Platform TPM Profile for TPM 2.0 (PTP)
The PC Client Specific Platform TPM Profile for TPM 2.0 (PTP) discusses the specifics regarding the requirements of the TPM for PC Client but only the requirements for the TPM itself, not the requirements for a platform integrating the TPM. The PTP discusses the details of what interfaces and protocols are used to communicate with the TPM and a platform-specific set of requirements. The PTP includes the definitions of items identified in the TPM Library specification as "Platform Specific", such as the minimum number of PCRs required and NV Storage available. The target audience for the PTP is TPM manufacturers, but platform manufacturers will also find value in it.https://trustedcomputinggroup.org/wp-content/uploads/TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22.pdf
Supporting Specifications
The following supporting specifications are specific to niche TPM-related topics in which you may or may not find value.TCG ACPI Specification
The TCG ACPI Specification covers interfaces for the OS to discover and interact with TPM devices according to the ACPI Standard. It covers implementation in both Client and Server machines. ACPI provides a standardized way to express the availability of TPM devices by using in-memory ACPI tables, methods, and namespace objects.https://trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification_v1.20_r8.pdf
TCG Physical Presence Specification
Physical Presence is a form of authorization required in order to perform certain privileged TPM functions, such as clearing ownership. For obvious security reasons, a user is required to be physically present at the machine to make such changes in order to prevent network-based attacks on the TPM. This specification defines an interface between an operating system and the firmware to manage the privileged configuration of the TPM.https://trustedcomputinggroup.org/wp-content/uploads/Physical-Presence-Interface_1-30_0-52.pdf
TCG Platform Reset Attack Mitigation Specification
When a platform reboots or shuts down, the contents of RAM are not immediately lost. Without an electric charge to maintain the data in memory, the data will begin to decay, but during this period there is a short timeframe during which an attacker can turn off or reboot the platform, quickly turn it back on, and boot into a program that dumps the contents of memory. Encryption keys and other secrets can be compromised through this method if the system does not implement a technology like total memory encryption. This specification defines a Memory Overwrite Request feature that zeros out memory to prevent such attacks.https://trustedcomputinggroup.org/wp-content/uploads/TCG_PlatformResetAttackMitigationSpecification_1.10_published.pdf
TCG EFI Protocol Specification
The purpose of this document is to define a standard interface to the TPM on UEFI-based systems. It defines data structures and APIs that allow an OS to interact with a UEFI BIOS to query information important in early OS boot stages. Such information includes: is a TPM present, which PCR banks are active, change active PCR banks, obtain the TCG boot log, extend hashes to PCRs, and append events to the TCG boot log.https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf
Post a Comment
Be sure to select an account profile (e.g. Google, OpenID, etc.) before typing your comment!