docs/tpm_quick_ref.md - Issue 1309473002: WIP: Migrate Wiki content over to src/docs

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: docs/tpm_quick_ref.md

Issue 1309473002: WIP: Migrate Wiki content over to src/docs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: docs/tpm_quick_ref.md

diff --git a/docs/tpm_quick_ref.md b/docs/tpm_quick_ref.md

new file mode 100644

index 0000000000000000000000000000000000000000..4aa0bbf9816ed7261f340ece2a409bbda3a4e081

--- /dev/null

+++ b/docs/tpm_quick_ref.md

@@ -0,0 +1,32 @@

+# Introduction

+This page is meant to help keep track of [TPM](Glossary.md) use across the system. It may not be up-to-date at any given point, but it's a wiki so you know what to do.

+# Details

+ * TPM ownership management:

+> > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob;f=README.tpm

+ * TPM\_Clear is done (as in vboot\_reference) but in the firmware code itself on switch between dev and verified modes and in recovery. (TODO: link code)

+ * TPM owner password clearing (triggered at sign-in by chrome):

+> > http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/browser/chromeos/login/login_utils.cc;h=9c4564e074c650bd91c27243c589d603740793bb;hb=HEAD#l861

+ * PCR extend (no active use elsewhere):

+> > http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_reference.git;a=blob;f=firmware/lib/tpm_bootmode.c

+ * NVRAM use for OS rollback attack protection:

+> > http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_reference.git;a=blob;f=firmware/lib/rollback_index.c

+ * Tamper evident storage:

+> > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob;f=README.lockbox

+ * Tamper-evident storage for avoiding runtime device management mode changes:

+> > http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen.cc

+ * User key/passphrase and cached data protection:

+> > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob;f=README.homedirs

+ * A TPM in a Chrome device has an EK certificate that is signed by an intermediate certificate authority that is dedicated to the specific TPMs allocated for use in Chrome devices. OS-level self-validation of the platform TPM should be viable with this or chaining any other trust expectations.

+ * TPM is used for per-user certificate storage (NSS+PKCS#11) using opencryptoki but soon to be replaced by chaps. Update links here when chaps stabilizes (Each user's pkcs#11 key store is kept in their homedir to ensure it is tied to the local user account) This functionality includes VPN and 802.1x-related keypairs.

« docs/startup.md ('K') | « docs/theme_creation_guide.md ('k') | docs/updating_clang.md » ('j') | docs/user_scripts.md » ('J')