TPM 1.2 Main Part 3 Commands (v1.2_rev116) - Technical Specification, March 2011

标准规范

需积分: 1 4 浏览量更新于2024-06-22 收藏 1.88MB PDF 举报

身份认证购VIP最低享 7 折!

30元优惠券

资源详情

资源推荐

TPM Main Part 3 Commands TCG © Copyright

Specification Version 1.2

2. Description and TODO

This document is to show the changes necessary to create the 1.2 version of the TCG

specification. Some of the sections are brand new text; some are rewritten sections of the

1.1 version. Upon approval of the 1.2 changes, there will be a merging of the 1.1 and 1.2

versions to create a single 1.2 document.

Level 2 Revision 116 28 February 2011 5

TCG Published

276

277

278

279

280

Specification Version 1.2

3. Admin Startup and State

Start of informative comment:

This section is the commands that start a TPM.

End of informative comment.

3.1 TPM_Init

Start of informative comment:

TPM_Init is a physical method of initializing a TPM. There is no TPM_Init ordinal as this is a

platform message sent on the platform internals to the TPM. On a PC this command arrives

at the TPM via the LPC bus and informs the TPM that the platform is performing a boot

process.

TPM_Init puts the TPM into a state where it waits for the command TPM_Startup (which

specifies the type of initialization that is required.

End of informative comment.

Definition

TPM_Init();

Operation of the TPM. This is not a command that any software can execute. It is inherent

in the design of the TPM and the platform that the TPM resides on.

Parameters

None

Description

1. The TPM_Init signal indicates to the TPM that platform initialization is taking place. The

TPM SHALL set the TPM into a state such that the only legal command to receive after

the TPM_Init is the TPM_Startup command. The TPM_Startup will further indicate to the

TPM how to handle and initialize the TPM resources.

2. The platform design MUST be that the TPM is not the only component undergoing

initialization. If the TPM_Init signal forces the TPM to perform initialization then the

platform MUST ensure that ALL components of the platform receive an initialization

signal. This is to prevent an attacker from causing the TPM to initialize to a state where

various masquerades are allowable. For instance, on a PC causing the TPM to initialize

and expect measurements in PCR0 but the remainder of the platform does not initialize.

3. The design of the TPM MUST be such that the ONLY mechanism that signals TPM_Init

also signals initialization to the other platform components.

Actions

1. The TPM sets TPM_STANY_FLAGS -> postInitialise to TRUE.

6 Level 2 Revision 116 28 February 2011

TCG Published

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

TPM Main Part 3 Commands TCG © Copyright

Specification Version 1.2

3.2 TPM_Startup

Start of informative comment:

TPM_Startup is always preceded by TPM_Init, which is the physical indication (a system-

wide reset) that TPM initialization is necessary.

There are many events on a platform that can cause a reset and the response to these

events can require different operations to occur on the TPM. The mere reset indication does

not contain sufficient information to inform the TPM as to what type of reset is occurring.

Additional information known by the platform initialization code needs transmitting to the

TPM. The TPM_Startup command provides the mechanism to transmit the information.

The TPM can startup in three different modes:

A “clear” start where all variables go back to their default or non-volatile set state

A “save” start where the TPM recovers appropriate information and restores various values

based on a prior TPM_SaveState. This recovery requires an invocation of TPM_Init to be

successful.

A failing "save" start must shut down the TPM. The CRTM cannot leave the TPM in a state

where an untrusted upper software layer could issue a "clear" and then extend PCR's and

thus mimic the CRTM.

A “deactivated” start where the TPM turns itself off and requires another TPM_Init before

the TPM will execute in a fully operational state.

End of informative comment.

Incoming Parameters and Sizes

PARAM HMAC

Type Name Description

# SZ # SZ

1 2 TPM_TAG tag TPM_TAG_RQU_COMMAND

2 4 UINT32 paramSize Total number of input bytes including paramSize and tag

3 4 1S 4 TPM_COMMAND_CODE ordinal Command ordinal TPM_ORD_Startup

4 2 2S 2 TPM_STARTUP_TYPE startupType Type of startup that is occurring

Outgoing Parameters and Sizes

PARAM HMAC

Type Name Description

# SZ # SZ

1 2 TPM_TAG tag TPM_TAG_RSP_COMMAND

2 4 UINT32 paramSize Total number of output bytes including paramSize and tag

3 4 1S 4 TPM_RESULT returnCode The return code of the operation.

2S 4 TPM_COMMAND_CODE ordinal Command ordinal: TPM_ORD_Startup

Description

TPM_Startup MUST be generated by a trusted entity (the RTM or the TPM, for example).

1. If the TPM is in failure mode

Level 2 Revision 116 28 February 2011 7

TCG Published

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

TPM Main Part 3 Commands TCG © Copyright

Specification Version 1.2

(1) if parentPCRStatus is TRUE then call TPM_FlushSpecific(keyHandle)

(2) if isVolatile is TRUE then call TPM_FlushSpecific(keyHandle)

ii. Keys under control of the OwnerEvict flag MUST stay resident in the TPM

3. If stType = TPM_ST_STATE

a. If the TPM has no state to restore, the TPM MUST set the internal state such that it

returns TPM_FAILEDSELFTEST to all subsequent commands.

b. The TPM MAY determine for each session type (authorization, transport, DAA, …) to

release or maintain the session information. The TPM reports how it manages sessions

in the TPM_GetCapability command.

c. The TPM SHALL take all necessary actions to ensure that all PCRs contain valid

preserved values. If the TPM is unable to successfully complete these actions, it SHALL

enter the TPM failure mode.

i. For resettable PCR the TPM MUST set the value of TPM_STCLEAR_DATA ->

PCR[]to the resettable PCR default value. The TPM MUST NOT restore a resettable

PCR to a preserved value

d. The TPM MAY initialize auditDigest to all zeros.

i. Otherwise, the TPM SHALL take all actions necessary to ensure that

auditDigest contains a valid value. If the TPM is unable to successfully complete

these actions, the TPM SHALL initialize auditDigest to all zeros and SHALL set the

internal state such that the TPM returns TPM_FAILEDSELFTEST to all

subsequent commands.

e. The TPM MUST restore the following flags to their preserved states:

i. All values in TPM_STCLEAR_FLAGS

ii. All values in TPM_STCLEAR_DATA

f. The TPM MUST restore all keys that have a valid preserved value.

g. The TPM resumes normal operation. If the TPM is unable to resume normal

operation, it SHALL enter the TPM failure mode.

4. If stType = TPM_ST_DEACTIVATED

a. Invalidate sessions

i. Ensure that all resources associated with saved and active sessions are

invalidated

b. Set the TPM_STCLEAR_FLAGS to their default state.

c. Set TPM_STCLEAR_FLAGS -> deactivated to TRUE

5. The TPM MUST ensure that state associated with TPM_SaveState is invalidated

6. The TPM MUST set TPM_STANY_FLAGS -> postInitialise to FALSE

Level 2 Revision 116 28 February 2011 9

TCG Published

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

剩余338页未读，继续阅读

书香度年华

粉丝: 1w+
资源: 383

TPM 1.2 Main Part 3 Commands (v1.2_rev116) - Technical Specifica...

最新资源

TPM 1.2 Main Part 3 Commands (v1.2_rev116) - Technical Specifica...

TPM Main Specification V1.2 vol 03

tpm-rev-2.0-part-3-commands-01.38.pdf

systemctl start tpm-server.service

Linux下载tpm2-abrmd

对源码tpm2-tss-3.2.x\test\integration目录下的main-fapi.c进行调试分析，熟悉TSS FAPI层的基本开发流程

TPM2-tools

在tpm-tss中fapi功能

对源码tpm2-tss-3.2.x\test\integration目录下的main-fapi.c进行调试分析

tpm2-totp怎么安装

tpm2-tools安装步骤

tpm2-tss ,tpm2-tools之间关系

5116-微信小程序电影院订票选座系统设计及实现+ssm（源码+数据库+lun文）.zip

JavaScript 中的 `Array.prototype.filter` 方法全解析

最新资源