https://buyzero.de/products/letstrust-hardware-tpm-trusted-platform-module?variant=33890452626
Would we be able to use this as root of trust?
AFAIK, TPM in itself can't act as a root of trust. It is rather a
passive device which can provide you with trusted/secure services. In
general a root of trust is the first piece of *non-modifiable* code
that runs on a platform which is BootROM that establishes the chain of
trust via verifying the first stage boot-loader which in turn
continues the chain of trust to next boot stages and so on.
You do need to take care with "root of trust" terminology.
A root of trust is something that is inherently trusted, and in which
a compromise can't be detected. There are various terminology schemes
proposed from GlobalPlatform, TCG, NIST-- e.g. roots of trust for: update,
verification, measurement, storage, reporting, etc.
So a boot ROM is _a_ root of trust-- for example a root of trust for
verification.
A TPM is a root of trust for storage (i.e. securely storing measurements)
and for reporting (i.e. providing cryptographically signed attestation
reports).
So, it depends what you mean.
Thanks,
Stuart
_______________________________________________
boot-architecture mailing list
[email protected]
https://lists.linaro.org/mailman/listinfo/boot-architecture
