Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Computing David Grawrock TPM.

Similar presentations


Presentation on theme: "Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Computing David Grawrock TPM."— Presentation transcript:

1 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Computing David Grawrock TPM Workgroup Chair

2 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1012 Trusted Computing Brief History TCPA forms in January 1999 –HP, IBM, Intel, Microsoft and others…. –Trusted platforms are those containing a h/w based subsystem devoted to maintaining trust and security between machines. Trusted Platform Design Features –Includes most cryptographic primitives (not bulk crypto) –Privacy enabled (fully opt-in) –No global secrets (crack one, get just one) –Low cost (not a crypto-coprocessor) –Ubiquity (low cost and exportable) February 2001 release of first Trusted Platform Module specifications –Protected non-volatile storage, protected execution, RNG and crypto services, tamper resistance

3 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1013 Trusted Computing Brief History 2003-2004 TCPA formally becomes TCG In 2004 TCG defines trust: –An entity can be trusted if it always behaves in the expected manner for the intended operation. Today: –~100 companies are members of TCG –Multiple TPM providers Infineon, Natl Semi, and others –Multiple platform vendors Dell, HP, Lenovo, and others –Usage models coming to market Trusted Network Connect Verified boot / Trusted boot

4 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1014 Local Computing Environment Printer Subordinat e LAN Vulnerability Scanner Local Area Network Certificate Service Shared Application Servers Virus Protection Directory Services Protected Application Servers Intrusion Detection LAN Management Workstation Inside & Outside Source: IATF Release 3.0 The outside box is the enclave

5 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1015 Chain of Trust Goal is to gain trust in Entity C Operational standpoint is that A launches B and B launches C –To trust C one must trust B –To trust B one must trust A A to B to C creates a Chain of Trust Another term in use for this is Transitive Trust –Trust is transitive from A to B to C –It does not invert, trusting A does NOT imply that I must trust C –Trusting C REQUIRES me to trust A and B Entity AEntity BEntity C

6 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1016 Chain Measurement What does one need to trust the chain –The identity of each item in the chain –From definitions identity = measurement –Therefore A measures B before passing control to B –B measures C before passing control to C Generic flow is –Receive control –Measure next entity –Pass control to entity That works for the chain but who measured A? Entity AEntity BEntity C

7 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1017 Root of Trust A Root of Trust is an entity that must be trusted as there is no mechanism available to measure the entity When creating a chain of measurements the first entity in the chain MUST be the Root of Trust for Measurement (RTM) –Becomes the anchor of the chain A platform may have more than one RTM available –The Static RTM (SRTM) gains control on each boot of the platform –The Dynamic RTM (DRTM) gains control upon invocation of a specific platform operation If more than one RTM is available it means that more than one trust chain is possible RTMEntity BEntity C

8 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1018 Recap of the Basics Recap –Trusting C requires trust in B and the RTM (formerly A) –Links in the chain come from measurement (digital hash) of the entity –First link in the chain is the Root of Trust for Measurement RTMEntity BEntity C

9 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1019 Static RTM On A PC The RTM gains control after platform reset The chain of trust starts then starts with reset and measures all of the components to the OS Blue lines indicate measurements Brown lines indicate extend operations The CRTM measures the BIOS and stores the measurement in the Trusted Platform Module (TPM) –Measurement storage uses the special TPM operation of Extend The other components measure the next link in the chain and also extend those measurements into the TPM RTM BIOS TPM Platform Reset MBR OS Loader Option ROM

10 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 10110 Dynamic RTM On A PC The RTM gains control upon execution of specific CPU instruction The Measured Launch Environment (MLE) gains control after the CPU RTM instruction completes the measurement of the MLE Typical MLE environments would be a Virtual Machine Monitor (VMM) or other specific security environments Blue lines indicate measurements Brown lines indicate extend operations The MLE can establish additional environments and also provide measurements of the those additional environments Note that the dynamic RTM provides a simpler trust chain then the static RTM RTM MLE TPM CPU Instruction

11 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 10111 Trusting The Enclave Now how does one trust the entities in the secure enclave? The answer comes from knowing how each entity is executing Knowing how each entity is executing comes from the measurement process (static, dynamic, or both) Each device may have a different RTM and there needs to be information as to what represents a trustable platform Printer Subordinat e LAN Vulnerability Scanner Local Area Network Certificate Service Shared Application Servers Virus Protection Directory Services Protected Application Servers Intrusion Detection LAN Management Workstation Inside & Outside

12 Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 10112 Items Not Covered Today RTM definitions –Covered by platform type Already understood for PC and cell phones more coming Dynamic RTM processes –One example is Intel ® Trusted Execution Technology (formerly LaGrande Technology) All of the measurement values necessary to understand a platform state –Work ongoing with the TCG Infrastructure Workgroup


Download ppt "Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Computing David Grawrock TPM."

Similar presentations


Ads by Google