Use cases
Host identification
To authorize its participation in protected environments.
Host data encryption
Files, file systems, and highly sensitive data (passwords).
Key storage
Encrypted with the TPM public key.
Encrypted keys can be stored anywhere.
Random number generation
Fundamental to generate their keys and nonces.
NVRAM for storing critical data.
Root keys of certification chains.
Endorsement keys (EKs).
State to be achieved during a controlled bootstrap.
Used by Intel Trusted Execution Technology.
PCRs (Platform Configuration Registers)
They keep hash extends.
That hash extends can report sequences of measurements.
They can be used as authentication signals.
Secrets can be unlocked only when they have a given value.
In 2.0 they can be unlocked if matching a value signed by a trusted party (to avoid PCR fragility).
Non-Brittle PCRs
Privacy enhancement
Storage of password-protected secrets with delay mechanisms to prevent guessing attacks.
Attestation Identity Keys (AIKs), or simply AKs.
It can identify the host (or owner) in different scenarios.
Direct anonymous attestation (DAA).
Last updated