Trusted Platform Module
XAPP1309 (v1.0) March 7, 2017 10
www.xilinx.com
Trusted Platform Module
Documentation on TPM functionality is provided by the Trusted Computing Group (TCG),
beginning with the TPM Main Specification [Ref 4]. TPM 1.2 was the most commonly used TPM
in 2016. The Infineon OPTIGA SLB9670 TPM supports TPM 1.2 and 2.0. TPMs are very small,
cost-efficient devices that provide root of trust for reporting (RTR) and root of trust for storage
(RTS) security. This application note focuses on the RTR in which the measurement log file held
in the TPM’s PCRs is reported to the server.
In addition to support for RTR, TPMs provide capability that might be useful in Zynq-7000 SoC
applications. TPMs provide re-programmable non-volatile memory. The TPM hardened
cryptographic functions allow a key to be securely transmitted to the Zynq-7000 device on
demand. TPMs provide a random number generator (RNG). RNGs can be used to generate keys.
The TPM RTR support operates within the IMA framework, providing significant security
enhancements. When a TPM is added, the server’s remote attestation of a client is based on a
quote. A quote is measurement or evidence on the partitions booted. In TPM 1.2, an SHA-1
digest is used as the measurement for partitions loaded. In TPM 2.0, an SHA-2 digest is used as
the measurement log for partitions loaded. The SHA digests are stored in the PCRs. Figure 8
shows the server-client communication for remote attestation.
The flow in Figure 8 is outlined below.
1. The strongSwan attestation server requests a quote from the client. When requesting the
quote, the server sends a nonce, which is a random number used to protect against
playback attacks.
2. The client or Zynq-7000 SoC/TPM generates the evidence for the partitions loaded. The
SHA-1 hashes are stored in the TPM PCRs. The SHA-1 of the BootROM code is stored in
PCR[0], and the SHA-1 digest of the FSBL is stored in PCR[4].
3. The Zynq-7000 SoC/TPM client sends the quote to the server. This includes signed evidence
and includes the original nonce.
4. The strongSwan server appraises the quote and, based on the results, follows a policy setup
by the system administrator.
X-Ref Target - Figure 8
Figure 8: Remote Attestation Using a TPM
Attestation
Server
Client
Quote Request, Including Nonce
Quote – Signed Evidence, with Nonce
TPM
Zynq-7000 AP
SoC
X18729-020317
To Next Page
Loading...
Need help?
General
