OLD | NEW |
---|---|
1 # Introduction | 1 # TPM Quick ref |
2 | 2 |
3 This page is meant to help keep track of [TPM](Glossary.md) use across the syste m. It may not be up-to-date at any given point, but it's a wiki so you know wha t to do. | 3 TODO: this page looks very outdated. glossary.md does not exist, |
4 git.chromium.org does not exist. Delete it? | |
4 | 5 |
5 # Details | 6 This page is meant to help keep track of TPM use across the system. It may not |
7 be up-to-date at any given point, but it's a wiki so you know what to do. | |
6 | 8 |
7 * TPM ownership management: | 9 ## Details |
8 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob; f=README.tpm | |
9 | 10 |
10 * TPM\_Clear is done (as in vboot\_reference) but in the firmware code itself on switch between dev and verified modes and in recovery. (TODO: link code) | 11 * [TPM ownership management(http://git.chromium.org/gitweb/?p=chromiumos/platf orm/cryptohome.git;a=blob;f=README.tpm) |
Bons
2015/08/25 16:51:01
missing ]
nodir
2015/08/25 17:05:04
Done.
| |
11 | 12 * TPM_Clear is done (as in vboot_reference) but in the firmware code itself on |
12 * TPM owner password clearing (triggered at sign-in by chrome): | 13 switch between dev and verified modes and in recovery. (TODO: link code) |
13 > > http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/brow ser/chromeos/login/login_utils.cc;h=9c4564e074c650bd91c27243c589d603740793bb;hb= HEAD#l861 | 14 * [TPM owner password clearing](http://git.chromium.org/gitweb/?p=chromium/chr omium.git;a=blob;f=chrome/browser/chromeos/login/login_utils.cc;h=9c4564e074c650 bd91c27243c589d603740793bb;hb=HEAD#l861) |
14 | 15 (triggered at sign-in by chrome): |
15 * PCR extend (no active use elsewhere): | 16 * [PCR extend](http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_ref erence.git;a=blob;f=firmware/lib/tpm_bootmode.c) |
16 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_reference.git;a= blob;f=firmware/lib/tpm_bootmode.c | 17 (no active use elsewhere): |
17 | 18 * [NVRAM use for OS rollback attack protection](http://git.chromium.org/gitweb /?p=chromiumos/platform/vboot_reference.git;a=blob;f=firmware/lib/rollback_index .c) |
18 * NVRAM use for OS rollback attack protection: | 19 * [Tamper evident storage](http://git.chromium.org/gitweb/?p=chromiumos/platfo rm/cryptohome.git;a=blob;f=README.lockbox) |
19 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_reference.git;a= blob;f=firmware/lib/rollback_index.c | 20 * [Tamper-evident storage for avoiding runtime device management mode changes] (http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/browser /chromeos/login/enrollment/enterprise_enrollment_screen.cc) |
20 | 21 * [User key/passphrase and cached data protection](http://git.chromium.org/git web/?p=chromiumos/platform/cryptohome.git;a=blob;f=README.homedirs) |
21 * Tamper evident storage: | 22 * A TPM in a Chrome device has an EK certificate that is signed by an |
22 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob; f=README.lockbox | 23 intermediate certificate authority that is dedicated to the specific TPMs |
23 | 24 allocated for use in Chrome devices. OS-level self-validation of the |
24 * Tamper-evident storage for avoiding runtime device management mode changes: | 25 platform TPM should be viable with this or chaining any other trust |
25 > > http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/brow ser/chromeos/login/enrollment/enterprise_enrollment_screen.cc | 26 expectations. |
26 | 27 * TPM is used for per-user certificate storage (NSS+PKCS#11) using |
27 * User key/passphrase and cached data protection: | 28 opencryptoki but soon to be replaced by chaps. Update links here when chaps |
28 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob; f=README.homedirs | 29 stabilizes (Each user's pkcs#11 key store is kept in their homedir to ensure |
29 | 30 it is tied to the local user account) This functionality includes VPN and |
Bons
2015/08/25 16:51:01
lose the extra space between ) and T
nodir
2015/08/25 17:05:04
Done.
| |
30 * A TPM in a Chrome device has an EK certificate that is signed by an intermed iate certificate authority that is dedicated to the specific TPMs allocated for use in Chrome devices. OS-level self-validation of the platform TPM should be vi able with this or chaining any other trust expectations. | 31 802.1x-related keypairs. |
31 | |
32 * TPM is used for per-user certificate storage (NSS+PKCS#11) using opencryptok i but soon to be replaced by chaps. Update links here when chaps stabilizes (Eac h user's pkcs#11 key store is kept in their homedir to ensure it is tied to the local user account) This functionality includes VPN and 802.1x-related keypairs . | |
OLD | NEW |