1TPM架构 ⌒录 3大子 Smn nOrtheastern University O Random Number Generator(RNG) RNG is the source of randomness in the TPM % The TPM uses these random values for nonce sy key generation and randomness in signatures allows implementation of a Pseudo random Number Generator( PRNG)algorithm .o the rnG output may or may not be shielded data (by the TPM or by external caller
6.1 TPM 架构 ⚫ Random Number Generator (RNG) ❖ RNG is the source of randomness in the TPM ❖ The TPM uses these random values for nonces, key generation and randomness in signatures. ❖ allows implementation of a Pseudo Random Number Generator (PRNG) algorithm ❖ The RNG output may or may not be shielded data (by the TPM or by external caller)
1TPM架构 ⌒录 3大子 Smn nOrtheastern University ●SHA-1 Engine A SHa-1 message digest engine is used for com puting signatures, creating key blobs and for general purpose use. ● HMAC engine i Computes the HMac digest auth Digest resulting from a secret and arbitrary data auth Digeste-HMAC(secret, data) Mainly used in TPMs authentication protocols provides two pieces of information to the TPM: proof of knowledge of the authorization data and proof that the request arriving is authorized and has no modifications made to the command in transit See OSAP/OlAP protocols
6.1 TPM 架构 ⚫ SHA-1 Engine ❖ A SHA-1 message digest engine is used for computing signatures, creating key Blobs and for general purpose use. ⚫ HMAC engine ❖ Computes the HMAC digest authDigest resulting from a secret and arbitrary data ➢authDigest←HMAC( secret, data) ❖ Mainly used in TPM’s authentication protocols ➢provides two pieces of information to the TPM: proof of knowledge of the authorization data and proof that the request arriving is authorized and has no modifications made to the command in transit. ➢See OSAP/OIAP protocols
1TPM架构 ⌒录 3大子 Smn nOrtheastern University ● RSA Key Generation tcG standardizes the rsa algorithm for use in TPM modules. Its recent release into the public domain makes it a good candidate for TCG. the RSa key generation engine is use to create signing keys and storage keys ● RSA Engine the rsa engine is used for signing with signing keys, encryption/decryption with storage keys, and decryption with the EK
6.1 TPM 架构 ⚫ RSA Key Generation ❖ TCG standardizes the RSA algorithm for use in TPM modules. Its recent release into the public domain makes it a good candidate for TCG. The RSA key generation engine is use to create signing keys and storage keys. ⚫ RSA Engine ❖ The RSA engine is used for signing with signing keys, encryption/decryption with storage keys, and decryption with the EK
1TPM架构 ⌒录 3大子 Smn nOrtheastern University ● Execution Engine the execution engine runs program code. It performs TPM initialization and measurement taking. o Platform Configuration Registers (PCR) .a Pcr is a 160-bit/20-byte storage location which is used to store integrity measurements Whether a PCR must be used to store a specific measurement(e.g. the CrTM, BlOS.Option ROM code., or, whether it is available for general use, is specified in platform specific specifications
6.1 TPM 架构 ⚫ Execution Engine ❖ The execution engine runs program code. It performs TPM initialization and measurement taking. ⚫ Platform Configuration Registers (PCR) ❖ A PCR is a 160-bit/20-byte storage location which is used to store integrity measurements. ❖ Whether a PCR must be used to store a specific measurement (e.g. the CRTM, BIOS…Option ROM code…), or, whether it is available for general use, is specified in platform specific specifications
1TPM架构 ⌒录 3大子 Smn nOrtheastern University Central Processing Unit (CPU) raphi Graphics and Memory Controller Controller HUB(GMCH System Memory Chipset(Northbridge Hard Disks Interface Controller USB Devices HUB (ICH Expansion Cards Chipset(Southbridge Network Interface Low Pin Count(LPC)Bus System BIOS TPM Floppy Drive Parallel 1/o Super 1/0 PS/2 (Legacy Devices) Serial l/o TPM Integration into Pc - Hardware
6.1 TPM 架构