dasharo / twpm-docs Goto Github PK
View Code? Open in Web Editor NEWTrustworthy Platform Module (TwPM) documentation
Home Page: https://twpm.dasharo.com
Trustworthy Platform Module (TwPM) documentation
Home Page: https://twpm.dasharo.com
All of the documentation produced during this project should be publicly available to users and developers.
Milestones:
Minimal parsing of commands and responses (limited to just their sizes) must be done on FPGA side in order to properly set status bits that host can use to check whether TPM expects more bytes of command or has more bytes of response. Full command parsing and execution takes place on MCU, so FPGA has to implement and expose buffer with command sent by host, along with any required metadata like type of message in the buffer or currently active locality.
Milestones:
Most of the hardware TPM registers must return result immediately or almost immediately. MCUs and their communication with FPGA are not fast enough to acknowledge, parse, prepare response and send it to host in time. Hardware implementation is required for registers that require fast response.
Milestones:
Nonvolatile storage is an integral part of TPM. It allows for saving user- or vendor-defined data inside TPM, potentially with protection based on state of TPM (PCR values, authorization sessions). With NVRAM implemented, additional tests can be performed.
Milestones:
Platforms other than the reference one may support different functionalities, or may have limited performance. To make transition to different hardware easier, some options should be made configurable. This may include available hash algorithms in TPM stack, physical interface used (LPC or SPI), presence of hardware RNG engine, amount of nonvolatile memory.
Milestones:
SPI implementation on MCU may not be feasible because some of the registers must return proper values immediately. This task consists of repeating all the tasks that were done on FPGA side for LPC, but this time SPI is used as physical interface.
Milestones:
While the newest computers use SPI for connecting TPM devices to the mainboard, slightly older, but still widely used hardware uses Low Pin Count (LPC) interface. Implementing this protocol at software level through bit-banging would require very high speed micro-controllers, which would make the cost and power consumption unreasonably high. To the best of our knowledge, there are no MCUs that have LPC controller included as a hardware part of SoC, due to the fact that LPC is specific to PC only. For these reasons hardware implementation is required.
Milestones:
For testing of the implementation done so far, a subset of tpm2-tools commands will be used. Only commands that do not depend on Protected Storage, RNG and Primary Keys Certificates will be tested at this point.
Milestone:
Each TPM has to be uniquely identifiable. This uniqueness is used e.g. to create primary seeds which are used to derive primary keys for various hierarchies. Random number generator is also included in this task - unique registers (with e.g. serial numbers) and RNG engines are usually specific to the given hardware. FPGA can also be used if any of those isn't available or doesn't have enough entropy on MCU.
Milestones:
Additionally, we want to explore whether we can meet the TPM specification requirements using simpler (and cheaper) microcontroller platform (with no FPGA involved). That may not be feasible due to the hardware limitations, but it is a great potential opportunity of increasing the adoption of the solution, so that is why believe it makes sense to try to purse that and publish the results.
Milestones:
TPMs are connected to the mainboard of PC. They have maximum allowed power consumption and boot time. Based on those requirements and additional factors like cost, availability and ease of use with open source tools we have to choose a board for reference implementation.
Milestones:
Each TPM must be individually manufactured. This consists of committing vendor certificate for TPM's primary Endorsement Key (EK) to its nonvolatile memory. As each EK is unique, so is its certificate, and it must be sign by key which chain of trust is rooted in publicly available vendor's root certificate.
Milestones:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.