security/tpm/tpm-security.rst

1 .. SPDX-License-Identifier: GPL-2.0-only
12 ------------
16 PTT, which is a software TPM running inside a software environment
22 -----------------------------------------------
42 ---------------------------
68 ----------------
77 ---------------------------------------
104 name, which is what is exported via sysfs so user-space can run the
112 --------------
116 hands to user-space the name of the derived null seed key which can
117 then be verified by certification in user-space.  Therefore, this chain
129 ------------------
141 tpm_chip for every in-kernel use of the TPM.  Currently, because of a
142 lack of de-gapping in the in-kernel resource manager, the session must
144 session may also be reused for the in-kernel HMAC, encryption and
148 ----------------
150 For every in-kernel operation we use null primary salted HMAC to
165 of the generated primary key against the one in the certificate (the
167 requires the EK hierarchy password, but a pre-generated version of the
172 this is done, an attestation key (AK) is generated within the TPM and
176 and the AK is true. the generated AK may now be used to run a
180 generated private key is described below.
198 The null EC primary is now generated using the Storage profile
212 .. _TPM Genie: https://www.nccgroup.trust/globalassets/about-us/us/documents/tpm-genie.pdf
213 …ws Bitlocker TPM: https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-net…
214 …d Linux disk encryption: https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-ta…
215 …l Profile: https://trustedcomputinggroup.org/resource/tcg-ek-credential-profile-for-tpm-family-2-0/
216 …ovisioning Guidance: https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/