Platform Security Technologies That Use TPM 2.0
Okay, we've written a whole book on TPMs, and you've apparently read the whole thing. Perhaps our attempts to keep the book interesting were successful. . .or you're extraordinarily persistent. . .or maybe you just cheated and skipped to the conclusion.
Either way, we've reached the end of the matter. TPMs are great and awesome, the security equivalent of sliced bread, no doubt about it. And TPMs by themselves offer a good level of security. For instance, an application like Microsoft's BitLocker can use a TPM to securely store a hard disk encryption key and control access to the key.
But there are also platform-level technologies that combine TPMs with other platformand vendor-specific security features to produce even stronger solutions. The goal of this chapter is to describe three of those technologies and how they integrate with TPMs.
The Three Technologies
Three major platform technologies use TPMs. This chapter describes these three technologies at a high level, how they make use of TPM 2.0 devices, and how they empower applications to use TPMs. This chapter aims to be non-partisan and, for that reason, steers clear of comparisons of these three technologies and avoids marketingoriented statements.  This is a TPM 2.0 book, so the focus is on how TPMs are used in each of these environments. In the interests of maintaining neutrality and accuracy, the sections on the technologies were written by experienced current and former representatives of the companies mentioned.
Before we go any further, we need to define some terms:
• Trusted computing base (TCB): Everything in a computer system that provides a secure environment. Basically, it's the set of hardware and software components that must trusted in order to provide security to the system.
• Measured boot: A boot method where each component is measured by its predecessor before being executed. Typically these measurements are accumulated in PCRs via extend operations.
• Chain of trust: A chain of operations that comprise a measured boot.
• Root of trust for measurement (RTM): The base component of a chain of trust that is implicitly trusted. As such, it must be small and immutable (in ROM or protected by hardware).
• Static root of trust (SRTM): The base component of the chain of trust that starts at power-on and extends to sometime before the OS boots. In the server version of Intel TXT, the SRTM is the CPU microcode. In other architectures, the SRTM is a ROM image.
• Dynamic root of trust (DRTM): The chain of trust that starts after the OS has booted in non-secure mode. This allows the dynamic establishment of a measured boot environment. In Intel TXT, the CPU microcode is also the DRTM. DRTM is sometimes calleddelayed launch.
• Authenticated code module (ACM): ACMs are Intel TXT digitally signed code modules that are invoked by the special Intel TXT GETSEC instruction. ACMs are the next components to execute after the SRTM and DRTM components execute. Which ACM is invoked and which sub-functionality is invoked is determined by a register setting when the GETSEC instruction is executed.
• Unified extensible firmware interface (UEFI): A standardized version of BIOS that is CPU independent and standardizes boot and runtime services.
• SEC phase: The security phase of the UEFI BIOS. This is the first code to execute after reset.
• PEI phase: The pre-EFI phase of UEFI BIOS. This is the next phase after the SEC phase. The SEC and PEI phases together comprise what used to be called the BIOS boot block.
-  It should be noted that Intel sponsored the publishing of this book, including the publishing costs. Intel seeks to advance the adoption of TPM 2.0 devices for the betterment of the computing security ecosystem.