As you may already know, TPM is the acronym for Trusted Platform Module (also known as ISO / IEC 11889), an international security standard for a secure cryptoprocessor, which is nothing more than a dedicated microcontroller designed to protect hardware through cryptographic keys integrated. At this point we already know what it is and what it is for, as well as surely what devices carry it, but do you know the differences between its different versions?
The different types of TPM 2.0 deployment
In order to understand the differences between the different versions of the standard and how they affect Intel and AMD processors, we must first explain the different types of implementation that we can find. TPM is not something new, since since 2006 thousands of laptops have been sold that already integrated a TPM chip. From there, different forms of integration were developed, making it a concept that could be integrated into any other device including mobile phones. In a PC, the LPC or SPI bus is used so that the CPU can connect to the TPM chip.
The Trusted Computing Group (TCG) has certified TPM chips manufactured by different manufacturers such as Infineon, Novoton or STMicroelectronics, but has also assigned vendor IDs to others such as AMD, Atmel, Broadcom, IBM, Intel, Lenovo, National Semiconductor, Nationz, Qualcomm , Rockchip, SMC, Samsung, Sinosun, Texas Instruments or Winbond, so if you find a supposed TPM module manufactured by someone that is not in this list, it is definitely false.
There are five different types of implementations for TPM 2.0, and we are going to list them in order from highest to lowest security:
- Dedicated TPM 2.0: They are dedicated chips that implement TPM functionality in their own tamper-proof semiconductor package. In theory they are the most secure type because routines implemented in hardware should be more resistant to errors compared to those implemented in software, and their packages should implement some resistance to tampering.
- Integrated TPM 2.0: they are part of another chip, and while they use hardware that resists software bugs, they do not need to implement physical tampering resistance. Intel has integrated TPM in this way in some of its chipsets, for example.
- Firmware TPM (fTPMs): they are solutions passed in firmware (eg UEFI) running on the CPU’s trusted execution ring. Intel, AMD, and Qualcomm have implemented firmware TPM in this way.
- TPM by Hypervisor (vTPMs): they are virtual TPMs provided by hypervisors and therefore dependent on them. They run in isolation and hidden from software inside virtual machines to protect your code, and can provide a level of security comparable to fTPMs.
- TPM 2.0 by software: they are emulators that run without more protection than that obtained by a normal program within the operating system. They are completely dependent on the environment in which they run, so they provide no greater security than the normal running environment can provide, and are therefore vulnerable to their own software bugs and attacks. They are useful for development purposes only.
Microsoft has developed the official reference implementation of TPM 2.0, is BSD licensed and the source code is available openly. Microsoft provides a Visual Studio solution and build scripts for Linux automated tools. Intel For its part, in 2018 it already opened its TPM 2.0 code with support for Windows and Linux, also with a BSD license.
What makes TPM 2.0 different from the previous version (1.2)?
Although version TPM 2.0 addresses many of the same use cases as version 1.2 and has essentially similar characteristics, the details are different, and in fact TPM 2.0 is not compatible with versions prior to TPM 1.2 (that’s why it is these two versions that we compare).
TPM 1.2 consists of a three-part architecture, or with three different libraries. Version 2.0 for its part consists of a platform-specific specification that references a common four-part TPM 2.0 library. These platform specifications define which parts of the library are required, optional, or prohibited for the library. These specifications include client PCs, mobiles and automotive.
For version 1.2 the SHA-1 and RSA encryption algorithms are required, while AES is optional. Triple DES was also an optional algorithm at the time in previous versions, but it was prohibited in version 94 of TPM 1.2 for security reasons. The MGF1 hash-based mask generation function which is defined in PKCS # 1 is required.
For version 2.0, SHA-1 and SHA-256 are required for the client PC architecture, as well as RSA and ECC using the 256-bit Barreto-Naehrig curve and NIST P-256 for public key cryptography and generation and verification asymmetric digital signature. HMAC is also required for symmetric generation and verification of digital signatures, 128-bit AES for the symmetric key algorithm, and the MGF1 hash-based mask generation function. A myriad of additional algorithms are also defined, but they are optional. Keep in mind that Triple DES was incorporated into TPM 2.0 but with restrictions.
Cryptographic primitives and additional considerations
For version 1.2, a Random Number Generator (RNG), a public key cryptographic algorithm, a cryptographic hash function, a mask generation function, digital signature generation and verification, and anonymous direct attestation are used. Unique symmetric key algorithms are optional.
In TPM 2.0, a random number generator, public key cryptographic algorithms, cryptographic hash functions, symmetric key algorithms, digital signature generation and verification, mask generation functions, anonymous direct or exclusive attestation, or also based on ECC using the Barreto-Naehrig curve of 256 bits. The specification also requires key generation and derivation functions.
On the other hand, it should also be noted that version 1.2 has a single hierarchy (storage) while version 2.0 uses three (platform, storage and trust), using only a root key (SRK RSA-2048) in the case of version above and multiple keys and algorithms for each hierarchy in the latest version of TPM.
Likewise, in terms of authorization, version 1.2 supports HMAC, PCR, locality and physical presence, while TPM 2.0 supports password, HMAC and different configurable policies (which covers HMAC, PCR, locality and physical presence). Finally, it should be noted that in terms of NVRAM version 1.2 only uses unstructured data, while version 2.0 makes use of unstructured data but also a counter, bitmap, extension and PIN.