Home Computer Science A Practical Guide to TPM 2.0
How TPM 2.0 Devices Are Used
So, how do TPMs fit in this picture? Intel TXT uses PCRs and NV indices, primarily. Other TPM 2.0 features figure into how PCRs and NV indices are accessed and used: special hardware-triggered TPM commands, policy commands, and localities. These are described at a high level here. 
NV Indices play an important role in Intel TXT. They are used to do the following:
• Securely pass information and states between ACMs
• Securely maintain state between platform resets and power cycles
• Allow OEM and platform owner to provide hashes of two policy lists, platform supplier and platform owner, of known good platform configurations
• Protect OEM and user policies from malicious alteration
Access to these indices is controlled by index attributes and a combination of password and index policy authorizations as described in Chapters 13 and 14 of this book. The ACM verifies that the attributes are correct before trusting their content.
PCRs are used by both ACMs. Because TPM 2.0 supports algorithm agility, Intel TXT supports this agility at all levels from ACMs through Intel TXT launch-measured policies and BIOS trust policies. The details of this agility support are described in detail in the Measured Launched Environment Developer's Guide, which you can download from Intel's web site, and the Intel TXT BIOS Writer's Guide, which is available to OEMs.
The BIOS ACM extends the BIOS measurements and other early initialization values into PCR0. BIOS extends measurements of other platform configuration components into PCR0-7.
When doing a measured launch, the GETSEC(SENTER) instruction microcode performs the special hardware-triggered _TPM_Hash_Start, _TPM_Hash_Data, and _TPM_Hash_End commands. These commands are triggered by writing to special TPM interface registers that can only be written from Locality 4. Chipset hardware restricts access to these Locality 4 registers to hardware or, in this case, microcode. The special hash commands extend PCR17 with measured launch measurements during the microcode's execution of the GETSEC(SENTER) instruction.
After entering the SINIT ACM, this ACM extends other dynamic launch measurements into PCR17 and PCR18. If the Intel TXT measured launch policies are satisfied, then the OS is trusted and has access to PCRs 17-22; the OS uses these to measure additional OS code and OS configuration. Later, when higher-level software makes decisions about levels of trust, these measurements are used.
Conclusion: Intel TXT
This completes a high-level view of how Intel TXT uses TPM 2.0 devices. If you're interested, you can dive into the details by accessing the Intel documents referenced earlier.
|< Prev||CONTENTS||Next >|