This document provides an overview of trusted computing and the Trusted Platform Module (TPM). It describes the components and functions of the TPM chip, including the endorsement key (EK), storage root key (SRK), platform configuration registers (PCRs), and operational states. The TPM uses cryptographic functions like RSA and SHA-1 to securely store keys and platform measurements within the chip. It maintains a hash-based integrity measurement of the software/firmware components executed during boot to enable remote attestation of the platform's state.

1. The Trusted Computing
Architecture

2. Index
• Introduction to Trusted Computing
• TPM Provisioning
• Exact Mechanics of TPM

3. Introduction to Trusted Computing
• Trusted computing (TC) is the concept that technologies have built-in
processes to revolve basic security problems and user challenges [1].
• It is also a term used by a trade group called the Trusted Computing
Group (TCG) that helps to set standards for devices and technologies.

4. TPM Provisioning
• Components of TMP Chip are shown in Figure 1 [2].
• RSA: 1024, 2048 bit modulus
• SHA-1: Outputs 20 byte digest
Figure 1: TPM Components

5. Non-Volatile Storage
1. Endorsement Key (EK) – 2048-bit RSA
• Created at manufacturing time. Cannot be changed.
• Used for attestation
2. Storage Key (SRK) – 2048-bit RSA
• Used for implementing encrypted storage
• Created after running – TPM_TakeOwnership (OwnerPassword, …)
• Can be cleared later with TPM_ForceClear from BIOS
3. Storage Key (SRK) – 160 bits and persistent flags
Private EK, SRK and OwnerPwd never leave the TPM

6. PCR – Platform Configuration Registers
• Lots of PCR registers on chip (At least 16)
• PCRs are initialized to default value (e.g. 0) at boot time
• After boot, PCRs contain hash chain of booted software
• Collision resistance of SHA1 ensures commitment
• Embedding PCR values in blob ensures that only certain applications
can decrypt the data

7. Exact Mechanics of TPM
• TPM accepts a value from outside software and a hash of the protocols
that produced the value [3].
• This allows the platform to use whatever they want to set the value
from secure time to the local PC clock.
• TPM just keeps the audit digest and no other information.

8. Exact Mechanics of TPM
• Startup Mode – Startup transitions the TPM from the initialization
state to an operational state.
• The transition includes information from the platform to inform the
TPM of the platform operating state.
• TPM_Startup has three options: Clear, State and Deactivated.

9. Exact Mechanics of TPM
• Operational Mode – After the TPM completes both TPM_Startup and
self-tests, the TPM is ready for operation.
• There are three discrete states, enabled or disabled, active or inactive
and owned or un-owned.
• These three states when combined form eight operational modes.

10. Exact Mechanics of TPM
• Clearing the TPM – Clearing the TPM is the process of returning the
TPM to factory defaults.
• It is possible the platform owner will change when in this state.
• The commands to clear a TPM require either TPM Owner
authentication or the assertion of physical presence.

11. References
1. Maene, P., Götzfried, J., De Clercq, R., Müller, T., Freiling, F., & Verbauwhede,
I. (2018). Hardware-based trusted computing architectures for isolation and
attestation. IEEE Transactions on Computers, 67(3), 361-374.
2. https://crypto.stanford.edu/cs155old/cs155-spring11/lectures/08-TCG.pdf
3. https://trustedcomputinggroup.org/resource/tpm-main-specification/