Linux: What can I do with a Trusted Platform Module (TPM)?

by in CIRT / SIRT / SOC / Blue Team, GNU Linux, Security and tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

In this post we’ll see how we can use a TPM, as always with a special eye on Linux OS, but I have added resources for Windows developers and administrators too.

Disclaimer

This article should be considered merely an introduction to what a Trusted Platform Module (TPM) can be used for and which resources are available to create software that uses the TPM.

Intro

After seeing what a TPM is (here), how to detect if we have one on our board and how to configure Linux to be able to use both TPM 1.2 and TPM 2.0, let’s see what we can do with it.

So far we have learned that:

  • The TPM is a set of specifications from the Trust Computing Group (TCG) designed to be OS agnostic
  • Such specifications are used to design a Cryptoprocessor (either in hardware or in software)
  • The function of the cryptoprocessor is to secure a platform (either hardware or software aka VM) using cryptographic keys and operations.

The functions provided by the TPM chip are:

  • Cryptographic hash functions
  • Support for data encryption (both symmetric and asymmetric), the TPM doesn’t encrypt our data, it offers support to data encryption algorithms
  • A random number generator (or RNG), which is particularly interesting when the TPM implementation is in hardware
  • Secure generation and storage of cryptographic keys (usable in multiple type of software and applications)
  • Safe data “sealing”, encryption that can only be unlocked if the TPM is in a specified state

As stated already in previous articles, the security level of such features will depend on which type of TPM we are using.

Also as we have seen that another important feature offered by the TPM is the Platform Configuration Registers (PCR). PCRs are fundamentally “slots” that contains “data” that can be read (but it cannot be written).

On top of the above each TPM “chip” has a secret Endorsement Key (EK) that is “burned” into it during its manufacturing. The design of each TPM should ensure that such a key is “sealed” inside the physical chip or the emulator and cannot be obtained without destroying the chip itself (this obviously won’t happen for the software versions!).

The endorsement key (EK) is a pair of public and private keys (2048-bit RSA) that is created randomly and stored on the chip at the time of manufacturing (it cannot be changed). The private key cannot be extracted from the chip. The public key is used for attestation and for encryption of sensitive data sent to the chip.

The other keys used in the TPM are derived from the EK and those are:

  • Storage Root Key (SRK), which is based on the EK and an owner-specific password
  • Attestation Key (AK), which can be used to hash critical measurements. This is used to prove they came from the TPM. Basically, an EK can prove the AK cis coming from a specific TPM. However, to protect privacy the design prevents tracing an AK back to the original EK and TPM.

How to use the TPM in my code?

For developers look at this chapter.

For SysAdmin etc look at this chapter.

For Software Developers

To have access to the TPM features you need to use what is known as TCG Software Stack (or TSS) interface. The interface definition is Open Source so there are both pre-implemented proprietary software stacks and Open Source ones.

On Microsoft Windows you can use Microsoft Cryptographic Application Programming Interface (CAPI). Here you also have the System Architecture documentation for CAPI.

On Microsoft Windows you can also have a look at Microsoft TPM Base Services (TBS) library. For all the details about TBS please have a look at:

Another way to use the TPM is through cryptographic service providers (CSPs).

Software stacks to use the TPM

So if we are interested in writing code that uses the TPM, because the TPM specification is open, we have plenty of Open Source software stacks that we can use. Here are a few examples:

If you are simply interested in integrating your OpenSSL with the TPM2 then here is a project that provides integration between TPM2 and OpenSSL library so that every dependence of your OpenSSL library will be able to use TPM2 without modifications.

For System Administrators

Software and tools that can use the TPMs are:

Some interesting project and ideas

Interesting new ideas include:

Ok that’s it for now, thanks for reading and I hope you’ve found some useful information here. If you enjoyed this post, please don’t forget to support my blog by:

  • Visiting my on-line hacking and engineering merchandise shop on redbubble.com by clicking here
  • Or you can also make a donation with the PayPal link in the column on your right
  • Or share this article

If you like my articles and want to keep getting informed on new ones you can follow me on on of those 21st Century thingies called FacebookTwitterInstagram or Pinterest

And as always if you have any questions please feel free to use the comments section below.

Thank you! 🙂

3 thoughts on “Linux: What can I do with a Trusted Platform Module (TPM)?

  1. Pingback: Hardware: TPM module | Paolo Fabio Zaino's Blog

  2. Pingback: Linux: Configure and use your TPM module on Linux | Paolo Fabio Zaino's Blog

  3. Pingback: Linux: Configure and use your TPM 2.0 module on Linux | Paolo Fabio Zaino's Blog

Leave a Reply or Ask a Question

This site uses Akismet to reduce spam. Learn how your comment data is processed.