Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(37)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: docs/tpm_quick_ref.md

Issue 1319543002: A batch of docs style fixes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src@master
Patch Set: addressed comments Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | docs/updating_clang.md » ('j') | docs/updating_clang_format_binaries.md » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Introduction 1 # TPM Quick ref
2 2
3 This page is meant to help keep track of [TPM](Glossary.md) use across the syste m. It may not be up-to-date at any given point, but it's a wiki so you know wha t to do. 3 TODO: this page looks very outdated. glossary.md does not exist,
4 git.chromium.org does not exist. Delete it?
4 5
5 # Details 6 This page is meant to help keep track of TPM use across the system. It may not
7 be up-to-date at any given point, but it's a wiki so you know what to do.
6 8
7 * TPM ownership management: 9 ## Details
8 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob; f=README.tpm
9 10
10 * TPM\_Clear is done (as in vboot\_reference) but in the firmware code itself on switch between dev and verified modes and in recovery. (TODO: link code) 11 * [TPM ownership management](http://git.chromium.org/gitweb/?p=chromiumos/plat form/cryptohome.git;a=blob;f=README.tpm)
11 12 * TPM_Clear is done (as in vboot_reference) but in the firmware code itself on
12 * TPM owner password clearing (triggered at sign-in by chrome): 13 switch between dev and verified modes and in recovery. (TODO: link code)
13 > > http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/brow ser/chromeos/login/login_utils.cc;h=9c4564e074c650bd91c27243c589d603740793bb;hb= HEAD#l861 14 * [TPM owner password clearing](http://git.chromium.org/gitweb/?p=chromium/chr omium.git;a=blob;f=chrome/browser/chromeos/login/login_utils.cc;h=9c4564e074c650 bd91c27243c589d603740793bb;hb=HEAD#l861)
14 15 (triggered at sign-in by chrome):
15 * PCR extend (no active use elsewhere): 16 * [PCR extend](http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_ref erence.git;a=blob;f=firmware/lib/tpm_bootmode.c)
16 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_reference.git;a= blob;f=firmware/lib/tpm_bootmode.c 17 (no active use elsewhere):
17 18 * [NVRAM use for OS rollback attack protection](http://git.chromium.org/gitweb /?p=chromiumos/platform/vboot_reference.git;a=blob;f=firmware/lib/rollback_index .c)
18 * NVRAM use for OS rollback attack protection: 19 * [Tamper evident storage](http://git.chromium.org/gitweb/?p=chromiumos/platfo rm/cryptohome.git;a=blob;f=README.lockbox)
19 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_reference.git;a= blob;f=firmware/lib/rollback_index.c 20 * [Tamper-evident storage for avoiding runtime device management mode changes] (http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/browser /chromeos/login/enrollment/enterprise_enrollment_screen.cc)
20 21 * [User key/passphrase and cached data protection](http://git.chromium.org/git web/?p=chromiumos/platform/cryptohome.git;a=blob;f=README.homedirs)
21 * Tamper evident storage: 22 * A TPM in a Chrome device has an EK certificate that is signed by an
22 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob; f=README.lockbox 23 intermediate certificate authority that is dedicated to the specific TPMs
23 24 allocated for use in Chrome devices. OS-level self-validation of the
24 * Tamper-evident storage for avoiding runtime device management mode changes: 25 platform TPM should be viable with this or chaining any other trust
25 > > http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/brow ser/chromeos/login/enrollment/enterprise_enrollment_screen.cc 26 expectations.
26 27 * TPM is used for per-user certificate storage (NSS+PKCS#11) using
27 * User key/passphrase and cached data protection: 28 opencryptoki but soon to be replaced by chaps. Update links here when chaps
28 > > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob; f=README.homedirs 29 stabilizes (Each user's pkcs#11 key store is kept in their homedir to ensure
29 30 it is tied to the local user account). This functionality includes VPN and
30 * A TPM in a Chrome device has an EK certificate that is signed by an intermed iate certificate authority that is dedicated to the specific TPMs allocated for use in Chrome devices. OS-level self-validation of the platform TPM should be vi able with this or chaining any other trust expectations. 31 802.1x-related keypairs.
31
32 * TPM is used for per-user certificate storage (NSS+PKCS#11) using opencryptok i but soon to be replaced by chaps. Update links here when chaps stabilizes (Eac h user's pkcs#11 key store is kept in their homedir to ensure it is tied to the local user account) This functionality includes VPN and 802.1x-related keypairs .
OLDNEW
« no previous file with comments | « no previous file | docs/updating_clang.md » ('j') | docs/updating_clang_format_binaries.md » ('J')

Powered by Google App Engine
This is Rietveld 408576698