Is it possible to program Intel's Trusted Platform Module

Question

I am wondering if it's possible to program TPM ( http://en.wikipedia.org/wiki/Trusted_Platform_Module ) present in most of Intel chips, in such a way to:

- decide what to store in the persistent memory
- decide which cryptographic algorithms to implement.

Obviously it should not be reprogrammable once that it starts working (are you aware if this statement is correct?).

Answer 1

The behaviour of a TPM is defined by the specifications issued by the Trusted Computing Group. A TPM must exactly behave as specified, so you cannot change the functionality of a proper implemented TPM. The manufacturers of TPMs have limited abilities to update their products after shipping. For example Infineon provides firmware updates for their devices.

Intel TPMs however may be different. Some chipsets included an emulated/software TPM instead of an actual hardware TPM. Those TPMs can be updated with a BIOS update. But also in this case the update has to be provided by Intel. Recent boards like the DQ67SW have stand alone hardware TPMs not manufactured by Intel.

So the answer to your second question is: No, you cannot program/define the cryptographic algorithms a TPM uses.

---

Regarding your first question: Yes, you can define what to store in the persistent storage to some extend. This memory region is called Non-volatile Storage or NV. You have to define some space first using the TPM_NV_DefineSpace command. Afterwards you can read and write from/to the location using TPM_NV_ReadValue and TPM_NV_WriteValue. Defining reserves a given amount of memory in NV and also sets up the security attributes of this location. Those commands are low-level TPM commands, it is highly recommended to use a Trusted Software Stack (TSS) to interface the TPM. You can use either jTSS with jTpmTools or TrouSerS.

Some notes regarding NV:

• There is very limited space in the NV, but the exact amount is vendor specific (usually less than 5kb). The minimum amount for the PC platform is 2048 bytes.
• The TPM is a passive device, it cannot do anything without a command issued to it. If you want to store something in the TPM, you have to have some active piece (BIOS, Software, Chipset, CPU) that issues those commands.
• Even most cryptographic keys are not stored within the TPM. There is a key hierarchy and only the root key (Storage Root Key - SRK) is stored in the TPM. All other keys are stored outside in an encrypted way.

Answer 2

The TPM is not intended to be programmable. It has a fixed set of supported algorithms. The code is stored in ROM (or if it isn't, it is stored in an EEPROM that is inside a somewhat tamper-proof package and you don't get to overwrite it).

The TPM defines various administrative roles. When you first use it, you'll set up administrative passwords (or your software will do it for you, in which case you should carefully back up these passwords). If you are unsure about the state of the TPM when you receive it, you can reset it to “factory defaults” (clearing all existing keys and credentials); this is called clearing the TPM and is normally done from the BIOS.

You'll find an overview of the various credentials stored and used by the TPM in the credential profiles. In addition to the keys that are part of the normal lifecycle, you can import your own keys and create non-exportable keys with the TPM's RNG.

There is a standard TPM protection profile. I don't know if Intel's TPM has been evaluated with respect to it. Figure 1 is a diagram of the TPM lifecycle, which shows when keys can be generated.

In practice, you'll probably interact with the TPM through TrouSerS (a fully open source TPM API), or in a limited fashion through Bitlocker on Windows.

Answer 3

Yes, you can use the TPM chip for exactly these sorts of operations, and many more.

The TrouSerS stack is an open source implementation of the trusted computing software stack necessary for using the TPM chip reliably.