Ownerpassword 160 bits and persistent ags private

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 2048 bit modulus SHA1: Outputs 20 byte digest Dan Boneh Non-volatile storage 1. Endorsement Key (EK) (2048- bit RSA) –  Created at manufacturing 2me. Cannot be changed. –  Used for “a_esta2on” (described later) 2. Storage Root Key (SRK) (2048- bit RSA) –  Used for encrypted storage. Created aHer running TPM_TakeOwnership( OwnerPassword, … ) –  Can be cleared later with TPM_ForceClear from BIOS 3. OwnerPassword (160 bits) and persistent flags Private: EK, SRK, and OwnerPwd never leave the TPM Dan Boneh PCR: the heart of the matter PCR: PlaSorm Configura2on Registers •  Many PCR registers on chip (at least 16) •  Contents: 20- byte SHA1 digest (+junk) Upda2ng PCR #n : •  TPM_Extend(n,D): PCR[n] ← SHA1 ( PCR[n] ll D ) •  TPM_PcrRead(n): returns value(PCR(n)) PCRs ini2alized to default value (e.g. 0) at boot 2me Dan Boneh Using PCRs: the TCG boot process (SRTM) On power- up: TPM receives a TPM_Init signal from LPC bus. BIOS boot block executes: •  Calls TPM_Startup (ST_CLEAR) to ini2alize PCRs to 0 [can only be called once aHer TPM_Init] •  Calls PCR_Extend( n, <BIOS code> ) •  Then loads and runs BIOS post boot code BIOS executes: Calls PCR_Extend( n, <MBR code&gt...
View Full Document

This note was uploaded on 12/27/2013 for the course CS 159 taught by Professor Peterschmidt during the Fall '13 term at Stanford.

Ask a homework question - tutors are online