Going Into System BIOS and Changing Boot sequence and Enabling TPM 1.2 to TPM 2.0 On a Old Dell PC

Trusted Platform Module TPM also known as ISOIEC 11889 is an international standard for a secure cryptoprocessor a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard. Trusted Platform Module. Abbreviation ____________________________________________ To utilize a TPM the user needs a software library that communicates with the TPM and provides a friendlier API than the raw TPM communication. Currently there are several such open-source TPM 2.0 libraries. Some of them also support TPM 1.2 but mostly TPM 1.2 chips are now deprecated and modern development is focused on TPM 2.0. Typically a TPM library provides an API with one-to-one mappings to TPM commands. The TCG specification calls this layer the System APISAPI. This way the user has more control over the TPM operations however the complexity is high. To hide some of the complexity most libraries also offer simpler ways to invoke complex TPM operations. The TCG specification call these two layers Enhanced System APIESAPI and Feature APIFAPI. There is currently only one stack that follows the TCG specification. All the other available open-source TPM libraries use their own form of richer API. ____________________________________________ There is a separate project called CHARRA by Fraunhofer143 that uses the tpm2-tss library for Remote Attestation. The other stacks have accompanying attestation servers or directly include examples for attestation. IBM offer their open-source Remote Attestation Server called IBM ACS on SourceForge and Google have Go-Attestation available on GitHub while wolfTPM offers time and local attestation examples directly in its open-source code also on GitHub. There is an application note144 about an example project for the AURIX 32-bit SoC using the tpm2-tss library. Requires additional libraries dotnet to run on Linux. These TPM libraries are sometimes also called TPM stacks because they provide the interface for the developer or user to interact with the TPM. As seen from the table the TPM stacks abstract the operating system and transport layer so the user could migrate one application between platforms. For example by using TPM stack API the user would interact the same way with a TPM regardless if the physical chip is connected over SPI I2C or LPC interface to the Host system. ____________________________________________ Algorithms SHA-1 and RSA are required.49 AES is optional.49 Triple DES was once an optional algorithm in earlier versions of TPM 1.250 but has been banned in TPM 1.2 version 94.51 The MGF1 hash-based mask generation function that is defined in PKCS1 is required.49 The PC Client Platform TPM Profile PTP Specification requires SHA-1 and SHA-256 for hashes RSA ECC using the BarretoNaehrig 256-bit curve and the NIST P-256 curve for public-key cryptography and asymmetric digital signature generation and verification HMAC for symmetric digital signature generation and verification 128-bit AES for symmetric-key algorithm and the MGF1 hash-based mask generation function that is defined in PKCS1 are required by the TCG PC Client Platform TPM Profile PTP Specification.52 Many other algorithms are also defined but are optional.53 Note that Triple DES was readded into TPM 2.0 but with restrictions some values in any 64-bit block.54 Crypto Primitives A random number generator a public-key cryptographic algorithm a cryptographic hash function a mask generation function digital signature generation and verification and Direct Anonymous Attestation are required.49 Symmetric-key algorithms and exclusive or are optional.49 Key generation is also required.55 A random number generator public-key cryptographic algorithms cryptographic hash functions symmetric-key algorithms digital signature generation and verification mask generation functions exclusive or and ECC-based Direct Anonymous Attestation using the BarretoNaehrig 256-bit curve are required by the TCG PC Client Platform TPM Profile PTP Specification.52 The TPM 2.0 common library specification also requires key generation and key derivation functions.56 Hierarchy One storage Three platform storage and endorsement Root keys One SRK RSA-2048 Multiple keys and algorithms per hierarchy Authorization HMAC PCR locality physical presence Password HMAC and policy which covers HMAC PCR locality and physical presence. NVRAM Unstructured data Unstructured data counter bitmap extend PIN pass and fail The TPM 2.0 ____________________________________________,

#1