1<!-- HTML header for doxygen 1.8.10--> 2<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3<html xmlns="http://www.w3.org/1999/xhtml"> 4<head> 5<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/> 6<meta http-equiv="X-UA-Compatible" content="IE=9"/> 7<meta name="generator" content="Doxygen 1.8.14"/> 8<title>Intel® Enhanced Privacy ID SDK: Considerations for TPM</title> 9<link href="tabs.css" rel="stylesheet" type="text/css"/> 10<script type="text/javascript" src="jquery.js"></script> 11<script type="text/javascript" src="dynsections.js"></script> 12<link href="navtree.css" rel="stylesheet" type="text/css"/> 13<script type="text/javascript" src="resize.js"></script> 14<script type="text/javascript" src="navtreedata.js"></script> 15<script type="text/javascript" src="navtree.js"></script> 16<script type="text/javascript"> 17/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */ 18 $(document).ready(initResizable); 19/* @license-end */</script> 20<link href="doxygen.css" rel="stylesheet" type="text/css" /> 21<link href="epidstyle.css" rel="stylesheet" type="text/css"/> 22</head> 23<body> 24<div id="top"><!-- do not remove this div, it is closed by doxygen! --> 25<div id="titlearea"> 26<table cellspacing="0" cellpadding="0"> 27 <tbody> 28 <tr style="height: 56px;"> 29 <td id="projectalign" style="padding-left: 0.5em;"> 30 <div id="projectname"><a 31 onclick="storeLink('index.html')" 32 id="projectlink" 33 class="index.html" 34 href="index.html">Intel® Enhanced Privacy ID SDK</a> 35 <span id="projectnumber">6.0.1</span> 36</div> 37 </td> 38 </tr> 39 </tbody> 40</table> 41</div> 42<!-- end header part --> 43<!-- Generated by Doxygen 1.8.14 --> 44</div><!-- top --> 45<div id="side-nav" class="ui-resizable side-nav-resizable"> 46 <div id="nav-tree"> 47 <div id="nav-tree-contents"> 48 <div id="nav-sync" class="sync"></div> 49 </div> 50 </div> 51 <div id="splitbar" style="-moz-user-select:none;" 52 class="ui-resizable-handle"> 53 </div> 54</div> 55<script type="text/javascript"> 56/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */ 57$(document).ready(function(){initNavTree('_tpm_considerations.html','');}); 58/* @license-end */ 59</script> 60<div id="doc-content"> 61<div class="header"> 62 <div class="headertitle"> 63<div class="title">Considerations for TPM </div> </div> 64</div><!--header--> 65<div class="contents"> 66<div class="toc"><h3>Table of Contents</h3> 67<ul><li class="level1"><a href="#TPM_compatibility">Compatibility</a></li> 68<li class="level1"><a href="#TpmConsiderations_Manufacturers">Considerations for TPM Manufacturers</a><ul><li class="level2"><a href="#TPM_provisioning">Provisioning TPM with Intel® EPID Key Material</a></li> 69<li class="level2"><a href="#TpmConsiderations_Mapping">Mapping TPM Commands to Intel® EPID</a></li> 70</ul> 71</li> 72<li class="level1"><a href="#TpmConsiderations_Applications">Considerations for TPM Applications</a></li> 73<li class="level1"><a href="#TpmConsiderations_Architecture">SDK Member Architecture</a></li> 74<li class="level1"><a href="#TpmConsiderations_Building">Building the SDK to Take Advantage of TPM</a><ul><li class="level2"><a href="#TpmConsiderations_Prereqs">Prerequisites to Build the SDK in TPM Mode</a></li> 75<li class="level2"><a href="#TpmConsiderations_BuildingTpmMode">Building the SDK in TPM Mode</a></li> 76<li class="level2"><a href="#TpmConsiderations_Signing">Intel® EPID Signing and Verification with a TPM</a></li> 77</ul> 78</li> 79</ul> 80</div> 81<div class="textblock"><p>Intel® EPID is compatible with TPM (Trusted Platform Modules) and is designed to take advantage of the security features of TPM. This section describes integrating a TPM device and Intel® EPID functionality.</p> 82<p>Intel® EPID is a technology for securely and anonymously identifying a device, and TPM is a technology for protecting secrets on a device. Therefore it is desirable to protect the most secret part of the member private key on an Intel® EPID TPM device.</p> 83<h1><a class="anchor" id="TPM_compatibility"></a> 84Compatibility</h1> 85<p>The SDK is compatible with the Trusted Computing Group's TPM 2.0 spec. The most recent version of the TPM 2.0 specification (Level 00, Revision 01.38) includes the use of a nonce, which is incompatible with the current version of the Intel® EPID scheme. Therefore, this implementation of Intel® EPID APIs is compatible with an earlier version, which is the TPM 2.0 specification Level 00, Revision 1.16.</p> 86<h1><a class="anchor" id="TpmConsiderations_Manufacturers"></a> 87Considerations for TPM Manufacturers</h1> 88<p>This section explains what manufacturers have to do with the SDK in order to have their TPMs recognized to a service provider:</p> 89<ul> 90<li>Provisioning TPM devices with crypto secrets</li> 91<li>Adapting SDK code to specific TSS functionality</li> 92</ul> 93<p>This SDK was tested on the IBM TPM and TSS (Trusted Computing Group Software Stack). Device manufacturers should replace specific items with their own TPM functionality.</p> 94<h2><a class="anchor" id="TPM_provisioning"></a> 95Provisioning TPM with Intel® EPID Key Material</h2> 96<p>For TPM use with Intel® EPID, members and verifiers need to be provisioned with crypto material to enable security function.</p> 97<p>In order to ensure that the <code>f</code> value only exists in the volatile memory of the TPM, TPM manufacturers need to provision the TPM with an EPS (Endorsement Primary Seed), from which the <code>f</code> value of the member private key is derived.</p> 98<p>Typically, bulk provisioning is more efficient than dynamic provisioning in a manufacturing environment. However, bulk provisioning is not viable for TPM devices for the following reasons:</p> 99<ul> 100<li>In bulk provisioning, the issuer provides <code>f</code> as part of each member private key, but it is intentionally difficult to derive EPS from <code>f</code>.</li> 101<li>The issuer cannot provide EPS to manufacturers because the translation from EPS to <code>f</code> is dependent upon an implementation specific, deterministic random number generator.</li> 102</ul> 103<p>Therefore, in order to provision the TPM with EPS, Intel supports a variation on typical <a class="el" href="_provisioning.html#Provisioning_JoinProvisioning">dynamic provisioning</a> in which manufacturers provide their own EPS.</p> 104<p>In this variation on dynamic provisioning, which we call <b>bulk-join</b>, some steps are performed in bulk and credentials for many devices can be generated at the same time. This process allows TPM devices to be provisioned during manufacturing.</p> 105<p>For bulk-join, TPM device manufacturers need to do the following:</p> 106<ol type="1"> 107<li><b>Generate a set of EPS</b>, because EPS are the seeds from which the <code>f</code> values of the member private keys are generated.</li> 108<li><b>Derive a set of <code>f</code> values</b> from the EPS values.</li> 109<li><b>Request a set of nonces from the issuer</b> which will be used to generate join requests.</li> 110<li><b>Generate a set of join requests</b> using the <code>f</code> values and nonces and send them to the issuer. The issuer will respond to the bulk join requests by sending membership credentials to the manufacturer in bulk.</li> 111<li><b>Provision the membership credentials in silicon,</b> mapping each membership credential to the corresponding EPS value.</li> 112</ol> 113<p>The following graphic shows how the issuer, manufacturer, TPM, and member interact during the time of key generation, device manufacturing, and signing:</p> 114<div class="image"> 115<img src="uml_sequence.png" alt="uml_sequence.png"/> 116</div> 117<h2><a class="anchor" id="TpmConsiderations_Mapping"></a> 118Mapping TPM Commands to Intel® EPID</h2> 119<p>APIs</p> 120<p>The <code>tpm2</code> module in the <code>member</code> section of the API reference contains internal functions that map to TPM commands. This code is provided as sample code for manufacturers who will use it to write their own implementation of Intel® EPID APIs for TPM.</p> 121<table class="markdownTable"> 122<tr class="markdownTableHead"> 123<th class="markdownTableHeadNone">Intel® EPID Function </th><th class="markdownTableHeadNone">Corresponding TPM 2.0 Command </th></tr> 124<tr class="markdownTableBody" class="markdownTableRowOdd"> 125<td class="markdownTableBodyNone">Tpm2Commit </td><td class="markdownTableBodyNone">TPM2_Commit </td></tr> 126<tr class="markdownTableBody" class="markdownTableRowEven"> 127<td class="markdownTableBodyNone">Tpm2CreateContext </td><td class="markdownTableBodyNone">N/A </td></tr> 128<tr class="markdownTableBody" class="markdownTableRowOdd"> 129<td class="markdownTableBodyNone">Tpm2DeleteContext </td><td class="markdownTableBodyNone">N/A </td></tr> 130<tr class="markdownTableBody" class="markdownTableRowEven"> 131<td class="markdownTableBodyNone">Tpm2GetRandom </td><td class="markdownTableBodyNone">TPM2_GetRandom </td></tr> 132<tr class="markdownTableBody" class="markdownTableRowOdd"> 133<td class="markdownTableBodyNone">Tpm2LoadExternal </td><td class="markdownTableBodyNone">TPM2_LoadExternal </td></tr> 134<tr class="markdownTableBody" class="markdownTableRowEven"> 135<td class="markdownTableBodyNone">Tpm2NvDefineSpace </td><td class="markdownTableBodyNone">TPM2_NV_DefineSpace </td></tr> 136<tr class="markdownTableBody" class="markdownTableRowOdd"> 137<td class="markdownTableBodyNone">Tpm2NvUndefineSpace </td><td class="markdownTableBodyNone">TPM2_NV_UndefineSpace </td></tr> 138<tr class="markdownTableBody" class="markdownTableRowEven"> 139<td class="markdownTableBodyNone">Tpm2NvWrite </td><td class="markdownTableBodyNone">TPM2_NV_Write </td></tr> 140<tr class="markdownTableBody" class="markdownTableRowOdd"> 141<td class="markdownTableBodyNone">Tpm2NvRead </td><td class="markdownTableBodyNone">TPM2_NV_Read </td></tr> 142<tr class="markdownTableBody" class="markdownTableRowEven"> 143<td class="markdownTableBodyNone">Tpm2Sign </td><td class="markdownTableBodyNone">TPM2_Sign </td></tr> 144</table> 145<h1><a class="anchor" id="TpmConsiderations_Applications"></a> 146Considerations for TPM Applications</h1> 147<p>Unlike non-TPM device manufacturers, TPM manufacturers cannot use <a class="el" href="group___epid_member_module.html#ga07094399c1e040b95ae3e58a74e7c302" title="Provisions a member context from a private key. ">EpidProvisionKey</a>. TPMs are designed to protect secret values from access even by the programs that use them. Dynamic provisioning is specifically designed to allow this use case.</p> 148<p>To get a TPM device running, TPM applications can use the following steps to join a group using a TPM protected secret:</p> 149<ol type="1"> 150<li>Use <a class="el" href="group___epid_member_module.html#ga2b3c0cc1d8d4e50190ca94656fa36e24" title="Computes the size in bytes required for a member context. ">EpidMemberGetSize</a> and <a class="el" href="group___epid_member_module.html#ga35273b8e75d51e312f0d2fd3aa094efb" title="Initializes a new member context. ">EpidMemberInit</a> to create a new member context. Those functions take the parameter <a class="el" href="struct_member_params.html" title="Software only specific member parameters. ">MemberParams</a>. You will pass NULL to this struct instead of the <code>f</code> value, which indicates that <code>f</code> needs to be derived from the EPS within the TPM.</li> 151<li>Use <a class="el" href="group___epid_member_module.html#gac10008d8c9ba7bc5e5be899ed03c61c3" title="Creates a request to join a group. ">EpidCreateJoinRequest</a> to generate join requests using the <code>f</code> derived from EPS within the TPM. Then send the join request to the issuer to request a membership credential.</li> 152<li>After receiving the membership credential (A, x), use <a class="el" href="group___epid_member_module.html#ga788ebc9d1ba6153c637b762484ca1140" title="Provisions a member context from a membership credential. ">EpidProvisionCredential</a> to provision it into the non-volatile memory of the TPM device.</li> 153</ol> 154<p>After the TPM device is provisioned with <a class="el" href="group___epid_member_module.html#ga788ebc9d1ba6153c637b762484ca1140" title="Provisions a member context from a membership credential. ">EpidProvisionCredential</a>, the simplest way to get the device running is:</p> 155<ol type="1"> 156<li><a class="el" href="group___epid_member_module.html#ga2b3c0cc1d8d4e50190ca94656fa36e24" title="Computes the size in bytes required for a member context. ">EpidMemberGetSize</a>,</li> 157<li><a class="el" href="group___epid_member_module.html#ga35273b8e75d51e312f0d2fd3aa094efb" title="Initializes a new member context. ">EpidMemberInit</a>,</li> 158<li><a class="el" href="group___epid_member_module.html#gaa2c85b1f0ea17a11ac5d297b21aa30f6" title="Change member from setup state to normal operation. ">EpidMemberStartup</a>, and</li> 159<li><a class="el" href="group___epid_member_module.html#ga74d1409a816cb52633564b793072da5f" title="Writes an Intel(R) EPID signature. ">EpidSign</a>.</li> 160</ol> 161<h1><a class="anchor" id="TpmConsiderations_Architecture"></a> 162SDK Member Architecture</h1> 163<p>In the SDK, the Tpm2 module exposes commands that can be mapped to real TSS commands.</p> 164<div class="image"> 165<img src="member_host.png" alt="member_host.png"/> 166</div> 167<p>The <b>Member Host</b> (<code>member/src</code>) implements Intel® EPID signing in terms of TPM2 commands.</p> 168<p>The <b>TPM module</b> (<code>member/tpm2</code>) implements TPM2 commands.</p> 169<p>There are two implementations of TPM functionality:</p> 170<ul> 171<li><b>BM TSS dispatcher implementation</b> (<code>member/tpm2/ibm_tss</code>), which calls the IBM TSS, which calls the IBM TPM simulator (in this implementation). It is invoked when building in TPM mode.</li> 172<li><b>TPM SDK software implementation</b> (<code>member/tpm2/src</code>) implements sufficient TPM functionality for Intel® EPID. It is invoked when building in non-TPM mode.</li> 173</ul> 174<h1><a class="anchor" id="TpmConsiderations_Building"></a> 175Building the SDK to Take Advantage of TPM</h1> 176<p>This section describes:</p> 177<ul> 178<li>Prerequisites to building the SDK to take advantage of TPM</li> 179<li>Building the SDK in TPM mode</li> 180<li>Running signing and verification operations with TPM</li> 181</ul> 182<h2><a class="anchor" id="TpmConsiderations_Prereqs"></a> 183Prerequisites to Build the SDK in TPM Mode</h2> 184<ol type="1"> 185<li>Download <a href="https://sourceforge.net/projects/ibmtpm20tss/files/?source=navbar">IBM TSS</a> version <a href="https://sourceforge.net/projects/ibmtpm20tss/files/ibmtss996.tar.gz/download">966</a>. (The SDK was tested on version 966. Newer versions may also work, but we do not guarantee it.)</li> 186<li>Download <a href="https://sourceforge.net/projects/ibmswtpm2/files/?source=navbar">IBM TPM</a> version <a href="https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm532.tar/download">532</a>. (The SDK was tested on version 532 and does not work on newer versions.)</li> 187<li>Build the IBM TSS in accordance with the build steps from the package. Copy <code>tss.lib</code> and <code>tss.dll</code> from <code>ibmtss\tpmutils\Release</code> to <code>ibmtss\utils</code>.</li> 188</ol> 189<h2><a class="anchor" id="TpmConsiderations_BuildingTpmMode"></a> 190Building the SDK in TPM Mode</h2> 191<p>Set the TSSROOT environment variable to the <code>..\ibmtss\utils\</code> folder. Make sure this folder contains the <code>\tss2</code> folder, <code>tss.lib</code> and <code>tss.dll</code>. Example of the command for Windows: </p><pre class="fragment">> set TSSROOT=C:\ibmtss\utils\ 192</pre><p>To build the SDK in TPM mode, go to the SDK folder and build the SDK with the following command: </p><pre class="fragment">> scons --target=x86 --use-tss 193</pre><p><br /> 194</p> 195<p>To build the SDK in TPM mode using <code>make</code> command, go to the SDK folder and build the SDK with the following commands: </p><pre class="fragment">> ./configure CFLAGS=-m32 --with-tss 196> make all 197> make utest 198> make install 199</pre><p>Because the IBM TSS only supports x86 targets, you must build in x86.</p> 200<h2><a class="anchor" id="TpmConsiderations_Signing"></a> 201Intel® EPID Signing and Verification with a TPM</h2> 202<ol type="1"> 203<li>Build the IBM TSS (see above).</li> 204<li>Build the IBM TPM (see above).</li> 205<li>Build the Intel® EPID SDK with <code>--target=86 --use-tss</code> (see above).</li> 206<li>Copy <code>tss.dll</code> from <code>_install/epid-sdk/test</code> to <code>_install/epid-sdk/example</code>.</li> 207<li>Go to the <code>ibmtpm</code> folder and run the <code>tpm_server</code> executable. Note: if you built the TPM server with the MS Visual Studio debug mode, go to the <code>..\ibmtpm\tpmvstudio\tpm_server\Debug\</code> folder.</li> 208<li>You need to run both the TPM server and the <code>powerup</code> and <code>startup</code> executables on IBM TSS. Go to <code>..\ibmtss\tpmutils\Debug\</code> or <code>..\ibmtss\tpmutils\Release\</code> and run <code>powerup</code> and <code>startup</code> executables.</li> 209</ol> 210<p>Then you can run:</p> 211<pre class="fragment">> signmsg --hashalg=SHA-256 --msg="test" 212</pre><dl class="section note"><dt>Note</dt><dd>In TPM mode samples have to be used with <code>--hashalg=SHA-256</code>.</dd></dl> 213<p>If signing succeeds, nothing is returned.</p> 214<p>Then run:</p> 215<pre class="fragment">> verifysig --hashalg=SHA-256 --msg="test" 216-signature verified successfully 217</pre><dl class="section warning"><dt>Warning</dt><dd>The samples use <code>LoadExternal</code> to load keys into the TPM. In a real TPM use case, <code>CreatePrimary</code> should be used, and the SDK implementation provides functions for this use case. </dd></dl> 218</div></div><!-- contents --> 219</div><!-- doc-content --> 220<!-- HTML footer for doxygen 1.8.10--> 221<!-- start footer part --> 222<div id="nav-path" class="navpath"><!-- id is needed for treeview function! --> 223 <ul> 224 <li class="footer"> 225 © 2016-2017 Intel Corporation 226 </li> 227 </ul> 228</div> 229</body> 230</html> 231