Explore the world of TPM-based system security features in this informative 40-minute conference talk from the Linux Plumbers Conference. Dive into the architectural overview of hardware and software components involved in typical use cases, focusing on TPM2.0 security chips found in consumer devices, servers, and embedded systems. Learn about the multitude of security functions provided by TPMs, including secure key storage, secret storage, and access control. Discover how these capabilities can be applied to various scenarios such as disk encryption, device authentication, and network authentication across different platforms. Gain insights into the software layers required for TPM utilization, from kernel drivers to applications. Examine concrete use cases related to device and user authentication, with emphasis on PKCS11 and OpenSSL implementations. Explore ongoing projects and potential opportunities for extending TPM functionality in core applications. Engage in a discussion about missing software components and potential contributions to enhance TPM utilization in core software.
Overview
Syllabus
Who am I?
The hardware stack
The TPM Software Stack 2.0
The TSS APIS
The tpm2-software core projects
People and community
UC: Shielded key storage and usage
UC: (General) user authentication
UC: (VPN) user authentication
UC: Disk encryption
What's missing?
So what do I want from you?
What do you need to do?
What would this code look like?
What would this look like?
Taught by
Linux Plumbers Conference
