Questions tagged [tpm]
A Trusted Platform Module (TPM) is a secure coprocessor found in some x86-based computers that provides cryptographic operations and system integrity measurements.
268
questions
4
votes
2
answers
212
views
How safe are my app's keys inside the TPM against other apps trying to impersonate mine?
This is a follow-up of these two questions about using the TPM to store application's keys. While both have great answers, there is a specific aspect I am missing:
How safe are the keys inside the TPM ...
- 113
6
votes
2
answers
152
views
Use of TPM to encrypt data of my application in practice
I am not very familiar with TPMs, but from what I can tell their main benefit for the user is to make the system as a whole more secure, if you take the appropriate measures, e.g. by checking the boot ...
- 113
1
vote
0
answers
42
views
TPM PCR values change after the first reboot
My setup consists of a QEMU image with u-boot 2024.01 and 6.6 Linux kernel. As a TPM I'm using swtpm. For some reason, if I reboot the device the PCR register values are different in the initial boot ...
1
vote
0
answers
38
views
Is PUF Challenge-Response Authentication applied on every power-up event? [closed]
Are PUFs used, EVERY time we power on the computer to verify that nothing has been tampered with (by using CRP authentication)?
Which element performs this authentication? (bios, secureboot, I don't ...
- 129
1
vote
1
answer
44
views
Advantages of using IAK over EK for attesting purposes on a TPM
I want to use an IoT device's TPM as a new Intermediate CA. I can prepare the device during manufacturing, and would like to then create new CAs during operation.
Traditionally, one would create an ...
- 185
3
votes
0
answers
103
views
Is it possible to know when my TPM was last used to decrypt my disk?
I use Linux on my laptop and I do Full Disk Encryption with the LUKS keys enrolled into TPM2 against proper PCRs to make sure firmware, UEFI and Secure Boot setup are in a known-good state. ...
1
vote
0
answers
95
views
How and why can a TPM be used for disk encryption or DRM?
I don't know much about TPMs, and I admittedly don't know as much about cryptography as I'd like to, though I am quite familiar with basic concepts. For the past two hours I've been attempting to ...
- 121
0
votes
0
answers
57
views
How to securely store signature file
I am using TPM to to encrypt and sign my data. But since I am not security expert, I need to come to you guys :D
I am developing this app to verify file content. I already has this part sorted out ...
- 1
0
votes
1
answer
205
views
How and who calculate the PCR values?
Who is responsible for calculating the Platform Configuration Register (PCR) value? Is the operation system or the TPM?
What if the operating system is hacked? Can the hacked system always calculate ...
- 1
1
vote
1
answer
321
views
PCR 7 in TPM 2.0 has always the same value
First of all, I must say that I'm using a VM with an emulated TPM 2.0.
I've created an LUKS2 encrypted partition and configured the TPM 2.0 to unseal the key only if the PCR 7 has a certain value.
For ...
- 11
0
votes
1
answer
151
views
TPM - How the integrity of the system configuration is guaranteed if the PCR hash is overwritten on each "Measurement"?
In the TPM architecture, we know that after a "Measurement" procedure is performed, it is followed by a "PCR Extend" procedure, in which the resulting system configuration metrics ...
- 752
4
votes
1
answer
331
views
How does measured boot work using TPM
Within the measured boot process, consider a scenario where I aim to create a measurement for a specific piece of code, perhaps, for illustrative purposes, a potentially malicious operating system. so ...
- 141
1
vote
3
answers
310
views
How to bind TPM2.0 AK to the "AK name" used in tpm2_makecredential, and how is trust established in AIK?
During remote attestation, a device sends the server the EK certificate, AK public, AK name. By using tpm2_makecredential/tpm2_activatecredential, the attestation sever can confirm that:
the EK is ...
- 11
0
votes
0
answers
152
views
How to prevent public key tampering
I have to store a document (e.g. a JSON file) on a remote PC (that my App is running on) alongside a signature to be able to verify that this file was signed by me. I have no access to this PC nor ...
- 1
2
votes
0
answers
139
views
Did Android remove Fingerprint/Passcode for WebAuthN and lower security to push Passkeys?
So, before this year, when you were using WebAuthN to create security keys on an up to date Android phone (Pixel 6 in my case), you had these options (iirc):
When creating a platform authenticator, ...
- 178