search

Use cases

hashtag
Host identification

To authorize its participation in protected environments.

hashtag
Host data encryption

Files, file systems, and highly sensitive data (passwords).

hashtag
Key storage

Encrypted with the TPM public key.

Encrypted keys can be stored anywhere.

hashtag
Random number generation

Fundamental to generate their keys and nonces.

hashtag
NVRAM for storing critical data.

Root keys of certification chains.

Endorsement keys (EKs).

State to be achieved during a controlled bootstrap.

  • Used by Intel Trusted Execution Technology.

hashtag
PCRs (Platform Configuration Registers)

They keep hash extends.

That hash extends can report sequences of measurements.

They can be used as authentication signals.

  • Secrets can be unlocked only when they have a given value.

  • In 2.0 they can be unlocked if matching a value signed by a trusted party (to avoid PCR fragility).

    • Non-Brittle PCRs

hashtag
Privacy enhancement

Storage of password-protected secrets with delay mechanisms to prevent guessing attacks.

Attestation Identity Keys (AIKs), or simply AKs.

  • It can identify the host (or owner) in different scenarios.

Direct anonymous attestation (DAA).

Last updated