Using TPMs to Cryptographically Verify Devices at Scale

Explore how Google leverages Trusted Platform Modules (TPMs) to cryptographically verify devices at scale in this 40-minute conference talk by Matthew Garrett and Tom D'Netto. Delve into the challenges of maintaining device security once it leaves IT control and learn about TPMs' unique cryptographic identities. Discover how firmware and bootloaders utilize TPMs to generate verifiable logs of the entire boot process. Gain insights into Google's methods for building trust in a geographically diverse fleet of machines, establishing strong hardware-backed identities, and using remote attestation to prove sanctioned boot chains. Learn about newly-released cross-platform open-source libraries that enable others to build similar infrastructure. The talk covers topics such as the trust problem, TPM functionality, endorsement keys, association keys, and concludes with a Q&A session.