Trusted Platform Module or TPM is an international standard for a secure cryptoprocessor. This standard is developed by Trusted Computing Group and standardized by International Organizational Standardization (ISO) and International Electrotechnical Commission (IEC) with number ISO/IEC 11889 in 2009.
TCG continues to revise the TPM specification. Latest version is released at October 2014 with number 2.0
TPM hardware is manufactured by different manufacturers. Important thing while buying and TPM is looking for its certificate. Trusted computing group certificates these manufactures. Certificated manufacturers and products can be found in the following link.
Some of know certified manufacturers are;
- Infineon Technologies
- Nuvoton Technologies
A TPM hardware generally consist of Cryptographic processor, Persisten memory and Versatile memory.
Cryptographic processor is used to;
- Generate random numbers
- Generate RSA keys
- Generate SHA-1 hash
- Encryption-Decryption signature operations
Persistent Memory is used to;
- Store Endorsement Key (EK)
- Root Key (SRK)
Versatile Memory is used to;
- Store platform configuration registers
- Store Attestation Identity Keys
- Store other keys
For standard version 1.2 SHA-1 and RSA are required. AES is optional. Triple DES is banned.
For version 2 SHA-1 and SHA-256 are required for hash operations. RSA and AES algorithms are required for encryption operations.
TPM can be used for various operating systems like Windows, Linux, etc . Windows operating systems starting from Windows server 2008 and Windows 7 provides TPM Management console and API called TPM Base Services (TBS).
Windows TPM Management
In order to manage TPM with Windows operating systems the TPM should be initialized which can be started from run with the following command.
In the actions pane click
Initialize TPM and complete steps like password etc.
Linux TPM Management
Linux TPM devices are managed with
tcsd tool. TPM device drivers are supported by Linux kernel natively so there is no need to install extra driver for standard TPM devices.
TPM service can be started an initialized with the following command as root.
$ tcsd -f