Going Into System BIOS and Changing Boot sequence and Enabling TPM 1.2 to TPM 2.0 On a Old Dell PC.

Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard. Trusted Platform Module. Abbreviation ____________________________________________ To utilize a TPM, the user needs a software library that communicates with the TPM and provides a friendlier API than the raw TPM communication. Currently, there are several such open-source TPM 2.0 libraries. Some of them also support TPM 1.2, but mostly TPM 1.2 chips are now deprecated and modern development is focused on TPM 2.0. Typically, a TPM library provides an API with one-to-one mappings to TPM commands. The TCG specification calls this layer the System API(SAPI). This way the user has more control over the TPM operations, however the complexity is high. To hide some of the complexity most libraries also offer simpler ways to invoke complex TPM operations. The TCG specification call these two layers Enhanced System API(ESAPI) and Feature API(FAPI). There is currently only one stack that follows the TCG specification. All the other available open-source TPM libraries use their own form of richer API. ____________________________________________(*) There is a separate project called "CHARRA" by Fraunhofer[143] that uses the tpm2-tss library for Remote Attestation. The other stacks have accompanying attestation servers or directly include examples for attestation. IBM offer their open-source Remote Attestation Server called "IBM ACS" on SourceForge and Google have "Go-Attestation" available on GitHub, while "wolfTPM" offers time and local attestation examples directly in its open-source code, also on GitHub. (**) There is an application note[144] about an example project for the AURIX 32-bit SoC using the tpm2-tss library. (***) Requires additional libraries (dotnet) to run on Linux. These TPM libraries are sometimes also called TPM stacks, because they provide the interface for the developer or user to interact with the TPM. As seen from the table, the TPM stacks abstract the operating system and transport layer, so the user could migrate one application between platforms. For example, by using TPM stack API the user would interact the same way with a TPM, regardless if the physical chip is connected over SPI, I2C or LPC interface to the Host system. ____________________________________________ Algorithms SHA-1 and RSA are required.[49] AES is optional.[49] Triple DES was once an optional algorithm in earlier versions of TPM 1.2,[50] but has been banned in TPM 1.2 version 94.[51] The MGF1 hash-based mask generation function that is defined in PKCS#1 is required.[49] The PC Client Platform TPM Profile (PTP) Specification requires SHA-1 and SHA-256 for hashes; RSA, ECC using the Barreto–Naehrig 256-bit curve and the NIST P-256 curve for public-key cryptography and asymmetric digital signature generation and verification; HMAC for symmetric digital signature generation and verification; 128-bit AES for symmetric-key algorithm; and the MGF1 hash-based mask generation function that is defined in PKCS#1 are required by the TCG PC Client Platform TPM Profile (PTP) Specification.[52] Many other algorithms are also defined but are optional.[53] Note that Triple DES was readded into TPM 2.0, but with restrictions some values in any 64-bit block.[54] Crypto Primitives A random number generator, a public-key cryptographic algorithm, a cryptographic hash function, a mask generation function, digital signature generation and verification, and Direct Anonymous Attestation are required.[49] Symmetric-key algorithms and exclusive or are optional.[49] Key generation is also required.[55] A random number generator, public-key cryptographic algorithms, cryptographic hash functions, symmetric-key algorithms, digital signature generation and verification, mask generation functions, exclusive or, and ECC-based Direct Anonymous Attestation using the Barreto–Naehrig 256-bit curve are required by the TCG PC Client Platform TPM Profile (PTP) Specification.[52] The TPM 2.0 common library specification also requires key generation and key derivation functions.[56] Hierarchy One (storage) Three (platform, storage and endorsement) Root keys One (SRK RSA-2048) Multiple keys and algorithms per hierarchy Authorization HMAC, PCR, locality, physical presence Password, HMAC, and policy (which covers HMAC, PCR, locality, and physical presence). NVRAM Unstructured data Unstructured data, counter, bitmap, extend, PIN pass and fail The TPM 2.0 ____________________________________________