Contents
Chapter 1 Introduction to Trusted Computing
Computer Security Attacks Are Staggeringly Expensive
The Changing Threats to Computer Security
Malicious Programs: Viruses and Spyware/Adware
Social Engineering: Phishing and Pharming
Can Software Be Made Completely Secure?
Privacy and Recovery—Special Considerations for Hardware
Chapter 2 Design Goals of the Trusted Platform Module
Securely Reporting the Environment: Platform Status
Storing a Record of the Boot Sequence
Reporting the Boot Sequence Record
Storing Data and Symmetric Keys
Isolation of Users in a Multiple User Environment
Internal Random Number Generation
Chapter 3 An Overview of the Trusted Platform Module Capabilities
Secure Storage: The Storage Root Key
Migratable Versus Non-Migratable Keys
Platform Configuration Registers
Privacy and Multiple Signatures
Part II: Programming Interfaces to TCG
Chapter 4 Writing a TPM Device Driver
TPM 1.1b Specification Device Interface
TPM 1.2 Specification Device Interface
Chapter 5 Low-Level Software: Using BIOS and TDDL Directly
Talking to the TPM Through BIOS
Talking to the TPM Through TDDL
Getting Started with Some Simple TPM Commands
Checking the TPM Configuration
Trusted Boot with Static Root of Trust
Dynamic Root of Trust Measurements
Chapter 7 The TCG Software Stack
The TCG Service Provider Interface (Tspi)
Non-Volatile Data Objects (TSS 1.2)
Migratable Data Objects (TSS 1.2)
Delegation Family Objects (TSS 1.2)
Direct Anonymous Attestation (DAA) Objects (TSS 1.2)
The TSS Validation Data Structure
Chapter 9 Using Symmetric Keys
Chapter 10 The TSS Core Service (TCS)
How the TCS Manages Finite Resources
Further Abstracting the TCS Abstraction
Why a TCS Is Exposed Locally and Remotely
Utilizing and Implementing a TCS
Brief Breakdown of the .wsdl File
InParms and OutParms in the Complex Types
Chapter 11 Public Key Cryptography Standard #11
Chapter 12 Trusted Computing and Secure Storage
Linking to Symmetric Algorithms
Encrypting Files to Send to Someone Else on the Net Without a Public Key
Encrypting Files to Send to Someone Else on the Net with a Known Public Key
Encrypting Files for Storage on Your Hard Disk
Encrypting Files for Storage on a Group Hard Disk for Group Access
Encrypting Files for Storage in a Backup Facility
Super Secure Migratable Storage
Chapter 13 Trusted Computing and Secure Identification
Delegation Without Allowing Further Migration
Multiple Users on a Single System
Creating a PKI with the Endorsement Key
Medical Solutions for HIPAA Compliance
COTS Security Solutions for the Military
Chapter 14 Administration of Trusted Devices
Assignment of Key Certificates
Chapter 16 Moving from TSS 1.1 to TSS 1.2
Tspi_TPM_Delegate_InvalidateFamily
Tspi_TPM_Delegate_CreateDelegation
Tspi_TPM_Delegate_CacheOwnerDelegation
Tspi_TPM_Delegate_UpdateVerificationCount
Tspi_TPM_Delegate_VerifyDelegation
Tspi_TPM_DAA_JoinCreateDaaPubKey
Tspi_TPM_DAA_JoinStoreCredential
Tspi_TPM_DAA_IssuerKeyVerification
Tspi_TPM_SetOrdinalAuditStatus
Tspi_Context_SetTransEncryptionKey
Tspi_Context_CloseSignTransport
Administrative and Convenience Functions
Tspi_TPM_CreateRevocableEndorsementKey
Tcsi_Admin_TSS_SessionPerLocality
Tcsi_Admin_TSS_MaxTimePerLocality
Tspi_TPM_CheckMaintenancePolicy
Tspi_Context_GetRegisteredKeyByPublicInfo
Tspi_Context_GetRegisteredKeysByUUID
Tspi_Context_GetRegisteredKeysByUUID2
Appendix A TPM Command Reference
Appendix B TSS Command Reference