Hi, I'm Matthew Clark and this is less than 4.9 trusted platform module. Part three.
In this lesson, we'll continue our discussion of TPM Keys, including the added station, identity key and storage root key, and we'll take a look a TPM ownership
in less than 4.7. We discovered that the TPM has three roots of trust, a root of trust from measurement, which is used during the measured brute process and is responsible for measuring the platforms. Integrity state in storing that data into shielded locations known as the PCR, the root of trust for storage, which is
used to securely store the
storage root key and platform configuration registered data and the root of trust for reporting, which is used for at a station of the measured boot.
In less than 4.8, we learned that there are three main keys used by the TPM three Endorsement Key, which is created by the manufacturer, which is a long term, non migrate, herbal asymmetric key which is certified by a trusted platform module entity or TPM. Me and this is usually the manufacturer,
and it serves as the device identity. However, it has limited use. It's only used to take ownership
and to create at a station identity key certificates.
We also learned about the storage root key, which is created by the user and is also a long term, non migrate able asymmetric key.
And we learned about the added station Identity Key, which is requested by the TPM and created by a third party. And this lesson, we're gonna focus on these last two keys the root storage key and the added station identity key
in less than 4.8. We mentioned that at a station identity key certificates. So what are they?
Endorsement keys and roots storage keys, air long term keys used by the TPM thes two private keys. The endorsement key and storage rupkey are kept securely and non volatile memory, so the keys remain intact even when power is removed from the device
and at a station. Identity Key or a I K is the third type of key used in the TPM.
The A I K. Is an alias for the endorsement key.
The purpose of the A. I. K is to provide user privacy when communicating with different sources.
Ai K's are not related to one another. They allow the TPM owner to maintain anonymity between different service providers.
The TPM is capable of storing multiple AI case. This is a many toe one relationship, many alias keys to one endorsement key.
The A. I K can be stored in non balta memory and are loaded into memory When in use. However, the TPM standard recommends that they be stored and secure external storage when not in use. Remember that last part when we start talking about storage keys? Later,
let's introduce privacy. SIA's
The ai que credential is your certificate containing the ai que public key, which proves that the corresponding private key is bound to a genuine TPM.
This proof is guaranteed by a signature on the credential created by a trusted third party known as the Privacy C. A.
Remember that we use certificate so that a third party can provide at a station at some point.
So let's talk about that distinction.
One of the main purposes of a TPM is it's measurement process, which we introduced at the end of less than 4.7 and will go into detail in less than 4.10 and all of its wonder and glory. But basically the TPM measures the state of a system
and records that state in a process Configuration register, or PCR.
The K is used to sign the contents of the PCR registers.
This is how the TPM could be used toe attest to the platform configuration
at a station occurs when a relying party and possession of a public ai que challenges the trusted platform and the at a station mechanism can be used to provide an integrity report describing the platform state
and then the privacy. See A can attest to the authenticity of the A i. K. And tie it back to a specific TPM.
So how do you get an A I. K if the manufacturer doesn't provide it and the TPM doesn't create it?
Well, the TPM sends a request to the privacy. See a together with the endorsement credential. So now the public key in that endorsement credential is now exposed.
The endorsement credential proves to the privacy. See a that the request came from a genuine TPM and is backed by the TPM e
the privacy. See A then creates the ai que and signs the ai que with their private key
the privacy, See A then encrypts the ai que using the T. P. M's public endorsement key in the exposed endorsement credential.
Ai Que is now cryptographic Lee bound to the TPM that contains the private key.
And this process ensures that Onley the TPM can open it with its own private endorsement key
the privacy See A then sends a I K credential to the TPM, and the TPM can now sign the PCR entries with the ai Que
I've added a link in the resource is section that describes this at a station process. If you want to learn more,
we've mentioned the storage rupkey. So what is that?
It's the second long term key used in the TPM is used to wrap TPM keys so they could be stored outside of the TPM.
Unlike the Endorsement Key, which is known by the TPM manufacturer and injected during the manufacturing process, the storage root key is generated after the platform is sold
so and it's created during the take ownership process.
If you clear the TPM and a new user takes ownership than a new storage root key will be created
during the take ownership process the user creates an S R K password.
This password is not related to the key. It's just an access password.
The storage rupkey is part of the root of trust for storage the RTs that we learned about in 4.7.
The RTs protects data and keys and trusted to the TPM.
The RTs manages a small amount of volatile storage inside of the TPM device that is used to cold. Currently used keys.
Unused keys may be encrypted with a storage key and moved off the TPM
The TPM can store multiple storage keys, although the TCG standard recommends that they're stored and secure external storage when not in use.
Remember the key hierarchy, which we learned about earlier.
A storage key might be encrypted by another storage key, which leads to a hierarchy of keys.
Well, how does storage keys work?
Well, storage keys were used to encrypt data.
The storage key that is, then that storage key is then encrypted so that Onley the TPM can decrypt it using the route storage key
to decrypt the roots storage key, decrypt the storage key and then that storage key decrypt the data
the TPM also provides two mechanisms for secure storage, rapping and ceiling. I mentioned this in less than 4.7 that we'd cover it.
Wrapping encrypts the data using a key that's managed by a particular TPM, just like the process we just discussed.
Ceiling adds to this wrapping by allowing the decrypting process to proceed on Lee if the platform is in a specific configuration. This configuration is determined by the data held in the PCR registers.
So when establishing ownership, the TPM process requires the owner to create a shared secret.
The shared secret is not only known to the owner, and this is known as an owner. Authorization data. Think of this is the owner's password.
It provides owner authentication and is required when the owner wants to turn off disabled or clear the TPM.
The owner authorization data is important, so creating it requires to secure process.
What is that process? You may ask?
Well, a TPM in in an unknown state only has one key. The endorsement key. That key was injected into it by the TPM manufacturer
when establishing ownership. The ownership process requested for that endorsement credential
Remember, the endorsement credentials is the certificate that has the public endorsement key.
The ownership process then encrypts the shared secret with this public key.
Now on Lee, the private endorsement key can be used to decrypt the owner authorization data. This owner secret
this process protects against he's dropping.
Remember that the private endorsement he never leaves the TPM.
And remember that Onley that that that specific TPM can use that shared secret.
The ownership process then directs the TPM to create the storage root key,
which is stored securely. A non volatile memory.
The storage room. He never leaves the TPM
In this lesson, we continued our trip into the mysterious world of trusted platform modules. We talked about keys and keys and more keys and finally moved on to TPM ownership.