docs/tpm_quick_ref.md - Issue 1309473002: WIP: Migrate Wiki content over to src/docs

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: docs/tpm_quick_ref.md

Issue 1309473002: WIP: Migrate Wiki content over to src/docs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 # Introduction

	2

	3 This page is meant to help keep track of [TPM](Glossary.md) use across the syste m. It may not be up-to-date at any given point, but it's a wiki so you know wha t to do.

	4

	5 # Details

	6

	7 * TPM ownership management:

	8 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob; f=README.tpm

	9

	10 * TPM\_Clear is done (as in vboot\_reference) but in the firmware code itself on switch between dev and verified modes and in recovery. (TODO: link code)

	11

	12 * TPM owner password clearing (triggered at sign-in by chrome):

	13 > > http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/brow ser/chromeos/login/login_utils.cc;h=9c4564e074c650bd91c27243c589d603740793bb;hb= HEAD#l861

	14

	15 * PCR extend (no active use elsewhere):

	16 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_reference.git;a= blob;f=firmware/lib/tpm_bootmode.c

	17

	18 * NVRAM use for OS rollback attack protection:

	19 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_reference.git;a= blob;f=firmware/lib/rollback_index.c

	20

	21 * Tamper evident storage:

	22 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob; f=README.lockbox

	23

	24 * Tamper-evident storage for avoiding runtime device management mode changes:

	25 > > http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/brow ser/chromeos/login/enrollment/enterprise_enrollment_screen.cc

	26

	27 * User key/passphrase and cached data protection:

	28 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob; f=README.homedirs

	29

	30 * A TPM in a Chrome device has an EK certificate that is signed by an intermed iate certificate authority that is dedicated to the specific TPMs allocated for use in Chrome devices. OS-level self-validation of the platform TPM should be vi able with this or chaining any other trust expectations.

	31

	32 * TPM is used for per-user certificate storage (NSS+PKCS#11) using opencryptok i but soon to be replaced by chaps. Update links here when chaps stabilizes (Eac h user's pkcs#11 key store is kept in their homedir to ensure it is tied to the local user account) This functionality includes VPN and 802.1x-related keypairs .

OLD	NEW

« no previous file with comments | « docs/theme_creation_guide.md ('k') | docs/updating_clang.md » ('j') | no next file with comments »