ISO/IEC 11889-1:2015
(Main)Information technology — Trusted platform module library — Part 1: Architecture
Information technology — Trusted platform module library — Part 1: Architecture
ISO/IEC 11889-1:2015 defines the architectural elements of the Trusted Platform Module (TPM), a device which enables trust in computing platforms in general. Some TPM concepts are explained adequately in the context of the TPM itself. Other TPM concepts are explained in the context of how a TPM helps establish trust in a computing platform. When describing how a TPM helps establish trust in a computing platform, ISO/IEC 11889-1:2015 provides some guidance for platform requirements. However, the scope of ISO/IEC 11889 is limited to TPM requirements. ISO/IEC 11889-1:2015 illustrates TPM security and privacy techniques in the context of a platform through the use of cryptography. It includes definitions of how different cryptographic techniques are implemented by a TPM. The scope of ISO/IEC 11889 does not include cryptographic analysis or guidance about the applicability of different algorithms for specific uses cases. TPM requirements in ISO/IEC 11889-1:2015 are general, covering concepts like integrity protection, isolation and confidentially. Defining a specific strength of function or assurance level is out of scope for ISO/IEC 11889. This approach limits the guarantees provided by ISO/IEC 11889 itself, but it does allow the TPM architectural elements defined to be adapted to meet diverse implementation and platform specific needs.
Technologies de l'information — Bibliothèque de module de plate-forme de confiance — Partie 1: Architecture
General Information
Relations
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 11889-1
Second edition
2015-12-15
Corrected version
2016-04-01
Information technology — Trusted
Platform Module Library —
Part 1:
Architecture
Technologies de l’information — Bibliothèque de module
de plate-forme de confiance —
Partie 1: Architecture
Reference number
ISO/IEC 11889-1:2015(E)
©
ISO/IEC 2015
---------------------- Page: 1 ----------------------
ISO/IEC 11889-1:2015(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 11889-1:2015(E)
CONTENTS
Foreword . xiv
Introduction . xv
1 Scope . 1
2 Normative references . 2
3 Terms and definitions . 3
4 Symbols and Abbreviated Terms . 12
4.1 Symbols . 12
4.2 Abbreviations . 13
5 Conventions . 15
5.1 Bit and Octet Numbering and Order . 15
5.2 Sized Buffer References . 15
5.3 Numbers . 16
5.4 KDF Label Parameters . 16
6 ISO/IEC 11889 Organization . 17
7 Compliance . 19
8 Changes from Previous Versions . 20
9 Trusted Platforms . 21
9.1 Trust . 21
9.2 Trust Concepts . 21
9.2.1 Trusted Building Block . 21
9.2.2 Trusted Computing Base . 21
9.2.3 Trust Boundaries . 21
9.2.4 Transitive Trust . 22
9.2.5 Trust Authority . 22
9.3 Trusted Platform Module . 23
9.4 Roots of Trust . 23
9.4.1 Introduction . 23
9.4.2 Root of Trust for Measurement (RTM) . 24
9.4.3 Root of Trust for Storage (RTS) . 24
9.4.4 Root of Trust for Reporting (RTR) . 24
9.5 Basic Trusted Platform Features . 25
9.5.1 Introduction . 25
9.5.2 Certification . 26
9.5.3 Attestation and Authentication . 26
9.5.4 Protected Location . 29
9.5.5 Integrity Measurement and Reporting . 30
10 TPM Protections . 31
10.1 Introduction . 31
10.2 Protection of Protected Capabilities . 31
10.3 Protection of Shielded Locations . 31
10.4 Exceptions and Clarifications . 31
11 TPM Architecture . 33
11.1 Introduction . 33
11.2 TPM Command Processing Overview . 33
11.3 I/O Buffer . 37
11.4 Cryptography Subsystem . 37
© ISO/IEC 2015 – All rights reserved
ii
---------------------- Page: 3 ----------------------
ISO/IEC 11889-1:2015(E)
11.4.1 Introduction . 37
11.4.2 Hash Functions . 37
11.4.3 HMAC Algorithm . 38
11.4.4 Asymmetric Operations . 38
11.4.5 Signature Operations . 39
11.4.6 Symmetric Encryption . 41
11.4.7 Extend . 43
11.4.8 Key Generation . 43
11.4.9 Key Derivation Function . 43
11.4.10 Random Number Generator (RNG) Module . 47
11.4.11 Algorithms . 49
11.5 Authorization Subsystem . 50
11.6 Random Access Memory . 51
11.6.1 Introduction . 51
11.6.2 Platform Configuration Registers (PCR) . 51
11.6.3 Object Store . 52
11.6.4 Session Store. 52
11.6.5 Size Requirements . 52
11.7 Non-Volatile (NV) Memory . 53
11.8 Power Detection Module . 53
12 TPM Operational States . 54
12.1 Introduction . 54
12.2 Basic TPM Operational States . 54
12.2.1 Power-off State . 54
12.2.2 Initialization State . 54
12.2.3 Startup State . 55
12.2.4 Shutdown State . 58
12.2.5 Startup Alternatives . 58
12.3 Self-Test Modes . 59
12.4 Failure Mode . 60
12.5 Field Upgrade . 61
12.5.1 Introduction . 61
12.5.2 Field Upgrade Mode . 61
12.5.3 Preserved TPM State . 64
12.5.4 Field Upgrade Implementation Options . 65
13 TPM Control Domains . 66
13.1 Introduction . 66
13.2 Controls . 66
13.3 Platform Controls . 67
13.4 Owner Controls . 68
13.5 Privacy Administrator Controls . 68
13.6 Primary Seed Authorizations . 69
13.7 Lockout Control . 69
13.8 TPM Ownership . 70
13.8.1 Taking Ownership . 70
13.8.2 Releasing Ownership . 70
14 Primary Seeds . 72
© ISO/IEC 2015 – All rights reserved iii
---------------------- Page: 4 ----------------------
ISO/IEC 11889-1:2015(E)
14.1 Introduction . 72
14.2 Rationale . 72
14.3 Primary Seed Properties . 73
14.3.1 Introduction . 73
14.3.2 Endorsement Primary Seed (EPS) . 73
14.3.3 Platform Primary Seed (PPS) . 74
14.3.4 Storage Primary Seed (SPS) . 74
14.3.5 The Null Seed . 74
14.4 Hierarchy Proofs . 74
15 TPM Handles . 76
15.1 Introduction . 76
15.2 PCR Handles (MSO=00 ) . 76
16
15.3 NV Index Handles (MSO=01 ) . 76
16
15.4 Session Handles (MSO=02 and 03 ) . 76
16 16
15.5 Permanent Resource Handles (MSO=40 ) . 77
16
15.6 Transient Object Handles (MSO=80 ) . 77
16
15.7 Persistent Object Handles (MSO=81 ) . 77
16
16 Names . 78
17 PCR Operations . 80
17.1 Initializing PCR . 80
17.2 Extend of a PCR . 80
17.3 Using Extend with PCR Banks . 80
17.4 Recording Events . 81
17.5 Selecting Multiple PCR . 81
17.6 Reporting on PCR . 82
17.6.1 Reading PCR . 82
17.6.2 Attesting to PCR . 82
17.7 PCR Authorizations . 83
17.7.1 Introduction . 83
17.7.2 PCR Not in a Set . 83
17.7.3 Authorization Set . 83
17.7.4 Policy Set . 84
17.7.5 Order of Checking . 84
17.8 PCR Allocation . 84
17.9 PCR Change Tracking . 84
17.10 Other Uses for PCR . 85
18 TPM Command/Response Structure . 86
18.1 Introduction . 86
18.2 Command/Response Header Fields . 88
18.2.1 Introduction . 88
18.2.2 tag . 88
18.2.3 commandSize/responseSize . 88
18.2.4 commandCode. 88
18.2.5 responseCode. 88
18.3 Handles . 89
18.4 Parameters . 89
18.5 authorizationSize/parameterSize . 90
© ISO/IEC 2015 – All rights reserved
iv
---------------------- Page: 5 ----------------------
ISO/IEC 11889-1:2015(E)
18.6 Authorization Area . 90
18.6.1 Introduction . 90
18.6.2 Authorization Structure . 92
18.6.3 Session Handles . 93
18.6.4 Session Attributes (sessionAttributes) . 93
18.7 Command Parameter Hash (cpHash) . 95
18.8 Response Parameter Hash (rpHash) . 95
18.9 Command Example . 96
18.10 Response Example . 97
19 Authorizations and Acknowledgments . 99
19.1 Introduction . 99
19.2 Authorization Roles . 99
19.3 Physical Presence Authorization . 100
19.4 Password Authorizations . 101
19.5 Sessions . 102
19.6 Session-Based Authorizations . 102
19.6.1 Introduction . 102
19.6.2 Authorization Session Formats . 103
19.6.3 Session Nonces . 103
19.6.4 Authorization Values . 105
19.6.5 HMAC Computation . 106
19.6.6 Note on Use of Nonces in HMAC Computations . 107
19.6.7 Starting an Authorization Session . 107
19.6.8 sessionKey Creation . 108
19.6.9 Unbound and Unsalted Session Key Generation . 109
19.6.10 Bound Session Key Generation . 110
19.6.11 Salted Session Key Generation . 112
19.6.12 Salted and Bound Session Key Generation . 113
19.6.13 Encryption of salt . 114
19.6.14 Caution on use of Unsalted Authorization Sessions . 115
19.6.15 No HMAC Authorization . 115
19.6.16 Authorization Selection Logic for Objects . 116
19.6.17 Authorization Session Termination. 116
19.7 Enhanced Authorization . 117
19.7.1 Introduction . 117
19.7.2 Policy Assertion . 118
19.7.3 Policy AND . 118
19.7.4 Policy OR . 120
19.7.5 Order of Evaluation . 122
19.7.6 Policy Assertions (Policy Commands) . 122
19.7.7 Policy Session Context Values . 125
19.7.8 Policy Example . 126
19.7.9 Trial Policy . 127
19.7.10 Modification of Policies . 127
19.7.11 TPM2_PolicySigned(), TPM2_PolicySecret(), and TPM2_PolicyTicket() . 128
19.8 Policy Session Creation . 130
19.9 Use of TPM for authPolicy Computation . 131
© ISO/IEC 2015 – All rights reserved v
---------------------- Page: 6 ----------------------
ISO/IEC 11889-1:2015(E)
19.10 Trial Policy Session . 131
19.11 Dictionary Attack Protection .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.