8 hours 10 minutes
Hi, I'm Matthew Clark and this is lesson 4.8 trusted platform module, Part two.
In this lesson, we will review the TPM roots of trust, and we'll learn about the TPM keys, including the endorsement key.
Finally, we'll take a look at the trusted platform module entity
in less than 4.7. We discovered that the TPM has three roots of trust the root of trust for measurement, which is used during the measured boot process and is responsible for measuring the platforms integrity state and storing that data into shielded locations known as the PCR. The root of trust for storage,
which is used to securely store
both the storage root key and those platform configuration registers
and the root of trust for reporting, which is used during the added station of the measured boot and provides reports of entirety measurements from the PCR in the RTs.
In this lesson, we'll learn that there are three main keys used by the TPM Endorsement key, which is created by the manufacturer, the root storage key, which is created by the user,
and the added station Identity Key, which is created by a third party. So in this particular lesson will focus all of our efforts on the endorsement key.
The TPM uses to long term keys the endorsement key and the storage root key.
The endorsement key is a unique public private keep hair burned into the silicon ship during production. It's usually on our Saiki pair, certified by the manufacturer and used to encrypt data.
The private key is never visible or accessible outside of the TPM.
The story True Key is an ***, a key created by the TPM when configuring ownership. This key is used to protect other key material generated by the TPM
in a process called wrapping or binding, which will get into an upcoming lesson.
The storage rookie is the master wrapping key.
While the endorsement key cannot be deleted, the storage rupkey can be
let's discuss other key types. The TCG defined seven key types for a TPM six or asymmetric, and one is symmetric and we're gonna focus on two of these seven storage keys which are asymmetric are general purpose keys used to encrypt data or other keys.
Storage keys are used for wrapping both keys and data managed externally
identity keys such as the at a station identity are also asymmetric thes air, non migrate herbal meaning they cannot leave the TPM
and their keys that are used for signing very exclusively. Used to sign data originated by the TPM, such as the TPM s capabilities and the PCR registry values.
Let's talk about the endorsement key.
The endorsement keys, Servas cryptographic identities and are based on asymmetric encryption.
They're reserved for very limited uses. Unlike peaky I infrastructures, where broad dissemination of the public key is almost encouraged, the TPM endorsement key is rarely used, which limits the need to be widely disseminated.
This is because the endorsement key is tied closely to this concept of identity, which will talk more about some privacy concerns in a moment
for proper operation thing endorsement. He is embedded in the TPM during manufacturing, and this is something provided by the TPM manufacturer prior to shipping.
The TPM uses the endorsement key to establish trust.
Endorsement keys can be trusted because of the trusted platform module entities or TPM s.
The TPM e Acts is a certification authority and is a trusted party that can attest to a TPM s validity.
The TPM E provides a unique private endorsement key that is embedded in the TPM. This provides a certificate that binds the public endorsement key to the TPM s private endorsement key. So what's the process?
Endorsement keys can be created either outside of the TPM and injected into the TPM or inside of the TPM. Either way, the private key should never leave. The TPM once injected
the trusted platform module entity creates and science of certificate called an endorsement credential.
And this certificate contains the public key and other information about the TPM security.
The science certificate provides assurance that the public key is properly tied to the private key, that the private key is held securely within the TPM and that the TPM properly follows the TCG standards.
So in a third party receives an endorsement certificate containing the public key, they can verify the signature.
So can you change the endorsement key? It can be changed by the platform owner, However, then the key can no longer be attested to by the TPM. Me, the owner will have to certify the new key by creating a new endorsement certificate.
And this will really only makes sense that the platform will will be used within an enterprise or individual company
where external at the station is not required
because it will only be trusted by parties that trust that certification internal into the enterprise of the company itself.
So who could be a TPM A.
A TPM me can be a third party or the TPM manufacturer if authorized, and it's usually is the TPM manufacturer that certifies the TPM.
So what's the point toe all of this? The purpose behind this is to provide assurance that the TPM is genuine. Sure, you don't want to design an i o T. Device security around a knockoff chip, but also you want to make sure that the core security of the TPM is trustworthy
because the overall trustworthiness of the TPM
is based on the trustworthiness of that endorsement. Key,
A. T. PM's private endorsement key, is never used to create signatures. This limits the need for the public key to be widely accessible,
and it means that the endorsement credential, which is that certificate signed by the TPM, is only used to provide the public endorsement key to a few limited processes.
And the public endorsement key is only used for encrypting data sent to the TPM.
So we've established that the endorsement key is so limited. Uses. So what is it used for?
It's on Lee used for encrypting data sent to the TPM during the process of taking ownership, which is a process that impacts the rest of the security of the system
and creating at a station. Identity keys are ai que certificates,
which is the third type of key that we'll talk about later. But essentially an ai que serves. The purpose of an alias which hides the TPM is true identity.
So why does the endorsement key have such limited use? The endorsement key is protected because it uniquely identifies the device. Limiting the use reduces the risk thio user privacy. The TPM uses aliases called at a station identity keys, which were created by the TPM
and are used as a device identity for routine transactions,
which limits privacy concerns by obfuscating device activity behind an alias.
Well, that's it for this lesson. In this video, we continued our trip into the mysterious world of trusted platform modules. We talked about keys and keys and more keys, including endorsement keys, and we'll talk about two other types in their next lesson
in the endorsement key we talked about. Identity isn't used that very often, and finally we explored the TPM e.