iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 11889-2:2015

(Main)

Information technology — Trusted Platform Module Library — Part 2: Structures

Information technology — Trusted Platform Module Library — Part 2: Structures

ISO/IEC 11889-2:2015 contains the definitions of the constants, flags, structure, and union definitions used to communicate with the TPM. Values defined in ISO/IEC 11889-2:2015 are used by the TPM commands defined in ISO/IEC 11899-3 and by the functions in ISO/IEC 11889-4.

Technologies de l'information — Bibliothèque de module de plate-forme de confiance — Partie 2: Structures

General Information

Status
Published
Publication Date
14-Dec-2015
ICS
35.030 - IT Security
35.040 - Information coding
Technical Committee
ISO/IEC JTC 1 - Information technology
Drafting Committee
ISO/IEC JTC 1 - Information technology
Current Stage
9093 - International Standard confirmed
Completion Date
06-May-2021
Ref Project

Relations

Revises
ISO/IEC 11889-2:2009 - Information technology — Trusted Platform Module — Part 2: Design principles
Effective Date
10-May-2014

Buy Standard

ISO/IEC 11889-2:2015 - Information technology -- Trusted Platform Module LibraryISO/IEC 11889-2:2015 - Information technology -- Trusted Platform Module Library
PreviousNext
Standard
ISO/IEC 11889-2:2015 - Information technology -- Trusted Platform Module Library
English language
159 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 11889-2
Second edition
2015-12-15
Information technology — Trusted
Platform Module Library —
Part 2:
Structures
Technologies de l’information — Bibliothèque de module
de plate-forme de confiance —
Partie 2: Structures
Reference number
ISO/IEC 11889-2:2015(E)
©
ISO/IEC 2015

---------------------- Page: 1 ----------------------
ISO/IEC 11889-2:2015(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 11889-2:2015(E)
CONTENTS
Foreword . xv
Introduction . xvi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 1
5 Notation . 1
5.1 Introduction . 1
5.2 Named Constants . 2
5.3 Data Type Aliases (typedefs) . 3
5.4 Enumerations . 3
5.5 Interface Type . 4
5.6 Arrays . 5
5.7 Structure Definitions . 6
5.8 Conditional Types . 7
5.9 Unions . 8
5.9.1 Introduction . 8
5.9.2 Union Definition . 8
5.9.3 Union Instance . 9
5.9.4 Union Selector Definition . 10
5.10 Bit Field Definitions . 11
5.11 Parameter Limits . 12
5.12 Enumeration Macro . 13
5.13 Size Checking . 13
5.14 Data Direction . 14
5.15 Structure Validations . 15
5.16 Name Prefix Convention . 15
5.17 Data Alignment . 16
5.18 Parameter Unmarshaling Errors . 16
6 Base Types . 18
6.1 Primitive Types . 18
6.2 Miscellaneous Types . 18
7 Constants . 19
7.1 TPM_SPEC (Specification Version Values) . 19
7.2 TPM_GENERATED . 19
7.3 TPM_ALG_ID . 20
7.4 TPM_ECC_CURVE . 24
7.5 TPM_CC (Command Codes) . 24
© ISO/IEC 2015 - All rights reserved i

---------------------- Page: 3 ----------------------
ISO/IEC 11889-2:2015(E)
7.5.1 Format . 24
7.5.2 Description . 25
7.5.3 TPM_CC Listing . 26
7.6 TPM_RC (Response Codes) . 29
7.6.1 Description . 29
7.6.2 Response Code Formats . 30
7.6.3 TPM_RC Values . 33
7.7 TPM_CLOCK_ADJUST . 38
7.8 TPM_EO (EA Arithmetic Operands) . 38
7.9 TPM_ST (Structure Tags) . 39
7.10 TPM_SU (Startup Type) . 41
7.11 TPM_SE (Session Type) . 41
7.12 TPM_CAP (Capabilities) . 42
7.13 TPM_PT (Property Tag) . 43
7.14 TPM_PT_PCR (PCR Property Tag) . 48
7.15 TPM_PS (Platform Specific) . 50
8 Handles . 51
8.1 Introduction . 51
8.2 TPM_HT (Handle Types) . 51
8.3 Persistent Handle Sub-ranges . 52
8.4 TPM_RH (Permanent Handles) . 53
8.5 TPM_HC (Handle Value Constants) . 54
9 Attribute Structures . 56
9.1 Description . 56
9.2 TPMA_ALGORITHM . 56
9.3 TPMA_OBJECT (Object Attributes) . 56
9.3.1 Introduction . 56
9.3.2 Structure Definition . 57
9.3.3 Attribute Descriptions . 58
9.4 TPMA_SESSION (Session Attributes) . 63
9.5 TPMA_LOCALITY (Locality Attribute) . 64
9.6 TPMA_PERMANENT . 65
9.7 TPMA_STARTUP_CLEAR. 66
9.8 TPMA_MEMORY . 67
9.9 TPMA_CC (Command Code Attributes) . 68
9.9.1 Introduction . 68
9.9.2 Structure Definition . 68
9.9.3 Field Descriptions . 68
10 Interface Types . 71
10.1 Introduction . 71
10.2 TPMI_YES_NO . 71
10.3 TPMI_DH_OBJECT . 71
ii © ISO/IEC 2015 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 11889-2:2015(E)
10.4 TPMI_DH_PERSISTENT . 72
10.5 TPMI_DH_ENTITY . 72
10.6 TPMI_DH_PCR . 73
10.7 TPMI_SH_AUTH_SESSION . 73
10.8 TPMI_SH_HMAC . 73
10.9 TPMI_SH_POLICY . 73
10.10 TPMI_DH_CONTEXT . 74
10.11 TPMI_RH_HIERARCHY . 74
10.12 TPMI_RH_ENABLES . 74
10.13 TPMI_RH_HIERARCHY_AUTH . 75
10.14 TPMI_RH_PLATFORM . 75
10.15 TPMI_RH_OWNER . 75
10.16 TPMI_RH_ENDORSEMENT . 76
10.17 TPMI_RH_PROVISION . 76
10.18 TPMI_RH_CLEAR . 76
10.19 TPMI_RH_NV_AUTH . 77
10.20 TPMI_RH_LOCKOUT . 77
10.21 TPMI_RH_NV_INDEX . 77
10.22 TPMI_ALG_HASH . 78
10.23 TPMI_ALG_ASYM (Asymmetric Algorithms) . 78
10.24 TPMI_ALG_SYM (Symmetric Algorithms) . 79
10.25 TPMI_ALG_SYM_OBJECT . 79
10.26 TPMI_ALG_SYM_MODE . 80
10.27 TPMI_ALG_KDF (Key and Mask Generation Functions) . 80
10.28 TPMI_ALG_SIG_SCHEME . 81
10.29 TPMI_ECC_KEY_EXCHANGE . 81
10.30 TPMI_ST_COMMAND_TAG . 81
11 Structure Definitions . 83
11.1 TPMS_EMPTY . 83
11.2 TPMS_ALGORITHM_DESCRIPTION . 83
11.3 Hash/Digest Structures . 84
11.3.1 TPMU_HA (Hash) . 84
11.3.2 TPMT_HA . 84
11.4 Sized Buffers . 85
11.4.1 Introduction . 85
11.4.2 TPM2B_DIGEST . 85
11.4.3 TPM2B_DATA . 86
11.4.4 TPM2B_NONCE . 86
11.4.5 TPM2B_AUTH . 86
11.4.6 TPM2B_OPERAND . 86
11.4.7 TPM2B_EVENT . 87
11.4.8 TPM2B_MAX_BUFFER . 87
11.4.9 TPM2B_MAX_NV_BUFFER . 87
11.4.10 TPM2B_TIMEOUT . 88
11.4.11 TPM2B_IV . 88
11.5 Names . 88
11.5.1 Introduction . 88
11.5.2 TPMU_NAME . 88
11.5.3 TPM2B_NAME . 89
11.6 PCR Structures . 89
11.6.1 TPMS_PCR_SELECT . 89
© ISO/IEC 2015 - All rights reserved iii

---------------------- Page: 5 ----------------------
ISO/IEC 11889-2:2015(E)
11.6.2 TPMS_PCR_SELECTION . 90
11.7 Tickets . 90
11.7.1 Introduction . 90
11.7.2 A NULL Ticket. 91
11.7.3 TPMT_TK_CREATION . 92
11.7.4 TPMT_TK_VERIFIED . 93
11.7.5 TPMT_TK_AUTH . 94
11.7.6 TPMT_TK_HASHCHECK . 95
11.8 Property Structures . 95
11.8.1 TPMS_ALG_PROPERTY . 95
11.8.2 TPMS_TAGGED_PROPERTY . 95
11.8.3 TPMS_TAGGED_PCR_SELECT . 96
11.9 Lists . 96
11.9.1 TPML_CC . 96
11.9.2 TPML_CCA . 97
11.9.3 TPML_ALG . 97
11.9.4 TPML_HANDLE . 97
11.9.5 TPML_DIGEST . 98
11.9.6 TPML_DIGEST_VALUES . 98
11.9.7 TPM2B_DIGEST_VALUES . 98
11.9.8 TPML_PCR_SELECTION . 99
11.9.9 TPML_ALG_PROPERTY . 99
11.9.10 TPML_TAGGED_TPM_PROPERTY . 99
11.9.11 TPML_TAGGED_PCR_PROPERTY . 100
11.9.12 TPML_ECC_CURVE . 100
11.10 Capabilities Structures . 100
11.10.1 TPMU_CAPABILITIES . 100
11.10.2 TPMS_CAPABILITY_DATA . 101
11.11 Clock/Counter Structures . 101
11.11.1 PMS_CLOCK_INFO . 101
11.11.2 Clock . 101
11.11.3 ResetCount . 101
11.11.4 RestartCount . 102
11.11.5 Safe . 102
11.11.6 TPMS_TIME_INFO . 102
11.12 TPM Attestation Structures . 103
11.12.1 Introduction . 103
11.12.2 TPMS_TIME_ATTEST_INFO . 103
11.12.3 TPMS_CERTIFY_INFO . 103
11.12.1 TPMS_QUOTE_INFO . 103
11.12.2 TPMS_COMMAND_AUDIT_INFO . 104
11.12.3 TPMS_SESSION_AUDIT_INFO . 104
11.12.4 TPMS_CREATION_INFO . 104
11.12.5 TPMS_NV_CERTIFY_INFO . 104
11.12.6 TPMI_ST_ATTEST . 105
11.12.7 TPMU_ATTEST . 105
11.12.8 TPMS_ATTEST . 105
11.12.9 TPM2B_ATTEST . 106
11.13 Authorization Structures . 106
11.13.1 Introduction . 106
11.13.2 TPMS_AUTH_COMMAND . 106
11.13.3 TPMS_AUTH_RESPONSE . 106
12 Algorithm Parameters and Structures . 107
iv © ISO/IEC 2015 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/IEC 11889-2:2015(E)
12.1 Symmetric . 107
12.1.1 Introduction . 107
12.1.2 TPMI_AES_KEY_BITS . 107
12.1.3 TPMI_SM4_KEY_BITS . 107
12.1.4 TPMI_CAMELLIA KEY_BITS . 108
12.1.5 TPMU_SYM_KEY_BITS . 108
12.1.6 TPMU_SYM_MODE . 108
12.1.7 TPMU_SYM_DETAILS . 109
12.1.8 TPMT_SYM_DEF . 109
12.1.9 TPMT_SYM_DEF_OBJECT . 110
12.1.10 TPM2B_SYM_KEY . 110
12.1.11 TPMS_SYMCIPHER_PARMS . 110
12.1.12 TPM2B_SENSITIVE_DATA .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 20648:2016(Main)
Information technology — TLS specification for storage systems

ISO/IEC 20648:2016 details the requirements for use of the Transport Layer Security (TLS) protocol in conjunction with data storage technologies. The requirements set out in this specification are intended to facilitate secure interoperability of storage clients and servers as well as non-storage technologies that may have similar interoperability needs. ISO/IEC 20648:2016 is relevant to anyone involved in owning, operating or using data storage devices. This includes senior managers, acquirers of storage product and service, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security and/or storage security, storage operation, or who are responsible for an organization's overall security program and security policy development. It is also relevant to anyone involved in the planning, design and implementation of the architectural aspects of storage security.

  • Standard
    11 pages
    English language
    sale 15% off
ISO
ISO/IEC 11889-3:2015(Main)
Information technology — Trusted Platform Module Library — Part 3: Commands

ISO/IEC 11889 contains the definitions of the Trusted Platform Module (TPM) commands. These commands make use of the constants, flags, structures, and union definitions defined in ISO/IEC 11889-2. The detailed description of the operation of the commands is written in the C language with extensive comments. The behavior of the C code in this ISO/IEC 11889-3:2015 is normative but does not fully describe the behavior of a TPM. The combination of this ISO/IEC 11889-3:2015 and ISO/IEC 11889-4 is sufficient to fully describe the required behavior of a TPM. ISO/IEC 11889-3:2015 and ISO/IEC 11889-4 is written to define the behavior of a compliant TPM. In some cases it is not possible to provide a compliant implementation. In those cases, any implementation provided by the vendor that meets the general description of the function provided in this part of ISO/IEC 11889 would be compliant.

  • Standard
    457 pages
    English language
    sale 15% off
ISO
ISO/IEC 11889-4:2015(Main)
Information technology — Trusted Platform Module Library — Part 4: Supporting Routines

ISO/IEC 11889-4:2015 contains C code that describes the algorithms and methods used by the command code in ISO/IEC 11889-3. The code in ISO/IEC 11889-4:2015 augments ISO/IEC 11889-2 and ISO/IEC 11889-3 to provide a complete description of a TPM, including the supporting framework for the code that performs the command actions. Any code in ISO/IEC 11889-4:2015 may be replaced by code that provides similar results when interfacing to the action code in ISO/IEC 11889-3. The behavior of code in this ISO/IEC 11889-4:2015 that is not included in an annex is normative, as observed at the interfaces with ISO/IEC 11889-3 code. Code in an annex is provided for completeness, that is, to allow a full implementation of ISO/IEC 11889 from the provided code. The code in ISO/IEC 11889-3 and this ISO/IEC 11889-4:2015 is written to define the behavior of a compliant TPM. In some cases (e.g., firmware update), it is not possible to provide a compliant implementation. In those cases, any implementation provided by the vendor that meets the general description of the function provided in ISO/IEC 11889-3 would be compliant. The code in ISO/IEC 11889-3 and this ISO/IEC 11889-4:2015 is not written to meet any particular level of conformance nor does ISO/IEC 11889 require that a TPM meet any particular level of conformance.

  • Standard
    556 pages
    English language
    sale 15% off
ISO
ISO/IEC 11889-1:2015(Main)
Information technology — Trusted platform module library — Part 1: Architecture

ISO/IEC 11889-1:2015 defines the architectural elements of the Trusted Platform Module (TPM), a device which enables trust in computing platforms in general. Some TPM concepts are explained adequately in the context of the TPM itself. Other TPM concepts are explained in the context of how a TPM helps establish trust in a computing platform. When describing how a TPM helps establish trust in a computing platform, ISO/IEC 11889-1:2015 provides some guidance for platform requirements. However, the scope of ISO/IEC 11889 is limited to TPM requirements. ISO/IEC 11889-1:2015 illustrates TPM security and privacy techniques in the context of a platform through the use of cryptography. It includes definitions of how different cryptographic techniques are implemented by a TPM. The scope of ISO/IEC 11889 does not include cryptographic analysis or guidance about the applicability of different algorithms for specific uses cases. TPM requirements in ISO/IEC 11889-1:2015 are general, covering concepts like integrity protection, isolation and confidentially. Defining a specific strength of function or assurance level is out of scope for ISO/IEC 11889. This approach limits the guarantees provided by ISO/IEC 11889 itself, but it does allow the TPM architectural elements defined to be adapted to meet diverse implementation and platform specific needs.

  • Standard
    257 pages
    English language
    sale 15% off
ISO
ISO/IEC 18180:2013(Main)
Information technology — Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2

ISO/IEC 18180:2013 specifies the data model and Extensible Markup Language (XML) representation for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2. An XCCDF document is a structured collection of security configuration rules for some set of target systems. The XCCDF specification is designed to support information interchange, document generation, organizational and situational tailoring, automated compliance testing, and scoring. ISO/IEC 18180:2013 also defines a data model and format for storing results of security guidance or checklist testing. The intent of XCCDF is to provide a uniform foundation for expression of security checklists and other configuration guidance, and thereby foster more widespread application of good security practices.

  • Standard
    73 pages
    English language
    sale 15% off
ISO
ISO/IEC 11889-1:2009(Main)
Information technology — Trusted Platform Module — Part 1: Overview

ISO/IEC 11889 defines the Trusted Platform Module (TPM), a device that enables trust in computing platforms in general. ISO/IEC 11889-1:2009 is an overview of the TPM. It describes the TPM and how it fits into the trusted platform. ISO/IEC 11889-1:2009 describes trusted platform concepts such as the trust boundary, transitive trust, integrity measurement, and integrity reporting.

  • Standard
    12 pages
    English language
    sale 15% off
ISO
ISO/IEC 11889-2:2009(Main)
Information technology — Trusted Platform Module — Part 2: Design principles

ISO/IEC 11889 defines the Trusted Platform Module (TPM), a device that enables trust in computing platforms in general. ISO/IEC 11889-2:2009 defines the principles of TPM operation. These include base operating modes, cryptographic algorithms and key sizes for the algorithms, basic interoperability requirements, basic protocols and the use of the protocols, and use of TPM resources.

  • Standard
    143 pages
    English language
    sale 15% off
ISO
ISO/IEC 11889-4:2009(Main)
Information technology — Trusted Platform Module — Part 4: Commands

ISO/IEC 11889 defines the Trusted Platform Module (TPM), a device that enables trust in computing platforms in general. ISO/IEC 11889-4:2009 defines the commands, actions of the commands, and the parameters to the commands that provide the TPM functionality.

  • Standard
    237 pages
    English language
    sale 15% off
ISO
ISO/IEC 11889-3:2009(Main)
Information technology — Trusted Platform Module — Part 3: Structures

ISO/IEC 11889 defines the Trusted Platform Module (TPM), a device that enables trust in computing platforms in general. ISO/IEC 11889-3:2009 defines the structures and constants that enable the interoperability between TPM implementations.

  • Standard
    188 pages
    English language
    sale 15% off
ISO
ISO/IEC 18032:2020(Main)
Information security — Prime number generation

This document specifies methods for generating and testing prime numbers as required in cryptographic protocols and algorithms. Firstly, this document specifies methods for testing whether a given number is prime. The testing methods included in this document are divided into two groups: — probabilistic primality tests, which have a small error probability. All probabilistic tests described here can declare a composite to be a prime; — deterministic methods, which are guaranteed to give the right verdict. These methods use so-called primality certificates. Secondly, this document specifies methods to generate prime numbers. Again, both probabilistic and deterministic methods are presented. NOTE It is possible that readers with a background in algorithm theory have already had previous encounters with probabilistic and deterministic algorithms. The deterministic methods in this document internally still make use of random bits (to be generated via methods described in ISO/IEC 18031), and "deterministic" only refers to the fact that the output is correct with probability one. Annex A provides error probabilities that are utilized by the Miller-Rabin primality test. Annex B describes variants of the methods for generating primes so that particular cryptographic requirements can be met. Annex C defines primitives utilized by the prime generation and verification methods.

  • Standard
    33 pages
    English language
    sale 15% off
  • Draft
    33 pages
    English language
    sale 15% off