Menu
I am wondering if it's possible to program TPM ( http://en.wikipedia.org/wiki/Trusted_Platform_Module ) present in most of Intel chips, in such a way to:
- decide what to store in the persistent memory
- decide which cryptographic algorithms to implement.
Obviously it should not be reprogrammable once that it starts working (are you aware if this statement is correct?).
524
The behaviour of a TPM is defined by the specifications issued by the Trusted Computing Group. A TPM must exactly behave as specified, so you cannot change the functionality of a proper implemented TPM. The manufacturers of TPMs have limited abilities to update their products after shipping. For example Infineon provides firmware updates for their devices.
Intel TPMs however may be different. Some chipsets included an emulated/software TPM instead of an actual hardware TPM. Those TPMs can be updated with a BIOS update. But also in this case the update has to be provided by Intel. Recent boards like the DQ67SW have stand alone hardware TPMs not manufactured by Intel.
So the answer to your second question is: No, you cannot program/define the cryptographic algorithms a TPM uses.
Regarding your first question: Yes, you can define what to store in the persistent storage to some extend. This memory region is called Non-volatile Storage or NV. You have to define some space first using the TPM_NV_DefineSpace command. Afterwards you can read and write from/to the location using TPM_NV_ReadValue and TPM_NV_WriteValue. Defining reserves a given amount of memory in NV and also sets up the security attributes of this location. Those commands are low-level TPM commands, it is highly recommended to use a Trusted Software Stack (TSS) to interface the TPM. You can use either jTSS with jTpmTools or TrouSerS.
Some notes regarding NV:
183
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
