Desktop version

Home arrow Computer Science arrow A Practical Guide to TPM 2.0

NV Written

Each NV index, when first created, has an implied value: not written. In TPM 1.2, an index was always created with all-zero data. A read could not distinguish between all-zero data and a not-yet-written index. In TPM 2.0, not written is a separate state. A policy can specify that the index must or must not be written.

the creator wants an index that can be written exactly once, perhaps during provisioning. Once written, it can be read by anyone with the correct password.

to implement this, create an Or policy with two terms. the first term permits the NV Write command code only if the index has not been written. the second term permits a read if the index has been written and the password is supplied.

here are the steps:

1. Create a policy with two terms:

• TPM2_PolicyCommandCode (TPM2_NV_Write) AND

TPM2_PolicyNvWritten (writtenSet clear)

• TPM2_PolicyCommandCode (TPM2_NV_Read) AND


2. TPM2_NV_DefineSpace create an ordinary index, policy to write and read.

NV Index Handle Values

When the user creates an NV index, the user assigns an index value. [1] In TPM 1.2, certain bits had special properties, such as the D bit used for locking. In the TPM 2.0 library specification, there is no index assignment other than an overall handle range, and no bits of the index value have any special meaning. The TPM doesn't enforce any index properties based on the index value. However, platform-specific specifications or a global TCG registry can assign index values.

For example, the TCG registry assigns handle ranges to the TPM manufacturer (specifically, 0 to 0x3fffff), to the platform manufacturer, and for endorsement and platform certificates. It further reserves ranges for platform-specific specifications, such as the PC Client, server, mobile, and embedded platforms. All these assignments are by convention and aren't enforced in any way by (current) TPMs.

We expect that the tCG Infrastructure work group will define standard NV indexes for endorsement key certificates. Whereas tpM 1.2 has two such certificates, for the tpM vendor and for the platform OeM, tpM 2.0 can have certificates for multiple key algorithms and even different creation templates.

Although the previous assignments are solely by convention, a TCG work group can also assign NV index values with implicit hardware properties. For example, the TPM may contain special hardware-package pins for general-purpose IO, called GPIO pins in the library and platform specifications. The platform specification determines the properties of the GPIO pins, including the following:

• The number of pins

• The assignment of a pin to an NV index value

• Whether a pin is mandatory or optional

• Whether the pin is fixed as an input or output, or is programmable

• Whether an output is volatile or persistent

• Whether the assignment is fixed by the TPM vendor firmware during manufacturing, or the index must be defined programmatically by the end user using the TPM_NV_DefineSpace command

The NV data is a hardware pin, but the NV metadata is identical to that of other indexes. Thus the GPIO comes with the full range of NV index controls, including an authorization value or policy, read and write controls, and locking features.

  • [1] This is different from starting a session or loading an object, where the TPM assigns the handle.
< Prev   CONTENTS   Next >

Related topics