A few weeks ago I asked for information on using the increasingly
prevalent built-in TPM chips in computers (especially laptops) as a
random number source. I got some good advice and want to summarize the
information for the benefit of others.
The TPM chip as spec'd by the Trusted Computing Group
(www.trustedcomputinggroup.org) is a complex and controversial device.
Despite (or perhaps because of) all the fuss over it when the technology
was introduced, nothing much has happened with it and they are mostly
used to add a bit of security to encrypted files and such. TPMs do have
hardware RNGs and I wanted to find out how to access this capability.
On Windows, there are several APIs available which can work.
The native API for the TPM is the Trusted Software Stack (TSS).
https://www.trustedcomputinggroup.org/groups/software/ This provides a
wide range of TPM-specific functions, including ones to access the RNG.
Another alternative is Microsoft's Crypto API (MS-CAPI). CAPI uses a
plug-in architecture where Crypto Service Providers (CSPs) provide the
required functionality. TPM-based CSPs allow access to TPM functions
via CAPI. Third, the PKCS-11 (Cryptoki) API is designed for access
to smart cards, but TPM manufacturers often deliver PKCS-11 compatible
libraries for access to the chips. Both CAPI and PKCS-11 have random
number functionality which can be used to access the TPM RNG.
The main problem in practice with using this functionality on Windows is
that there is as yet no standard for naming or locating the DLL's which
supply the necessary functions. I am testing on an IBM Thinkpad with
an Atmel TPM, and it comes with DLL's that provide TSS, CAPI and PKCS-11
interfaces. But all are supplied with non-standard names and located in
non-standard places. Software to use these functions has to know where
the DLLs are and what they are called in order to load them explicitly.
The exception is MS-CAPI. CAPI provides an interface to enumerate all
the CSPs, so if you can figure out which one is the TPM CSP you can then
use that one to generate random numbers. One of the CAPI functions lets
you query to see if the CSP has hardware RNG support. On my system,
this returns TRUE for the TPM CSP. However, a colleague has a Dell
system with a different TPM and different software, and that TPM's CSP
does not set this bit. So I don't have a foolproof method of figuring
out which CSP to use in order to access the TPM. It might be possible
to hard-code the names of all known TPM CSPs but that would not be very
flexible going forward.
At this point MS-CAPI still looks like the best choice for
machine-independent access to the TPM RNG on Windows. The ability to
reliably enumerate all the CSPs is much easier than hunting through the
disk to try to find a DLL to implement the TSS or PKCS-11 APIs. OTOH if
you are building the software for a particular system and can build in
the location of the necessary DLL, one of the other APIs could work too.
On Linux systems, as I mentioned earlier, the standard appears
to be an open-source TSS implementation called Trousers, at
http://trousers.sourceforge.net . This requires the Linux kernel to
have a TPM device driver built-in or as a loadable module. This has
been available in the kernel since 2.6.12, but many distributions do
not enable it, even as a module, so some work is needed to make a kernel
with TPM support. Then the Trousers software builds a daemon process,
tcsd, which opens /dev/tpm exclusively, and a library, libtspi, for
remote access to tcsd and the TPM.
If you want a cross-platform solution, TSS is probably the best approach
going forward. As noted, at present the software support is a little
immature and some local configuration will be necessary - locating the
TSS DLL on Windows, and installing the TPM kernel support and Trousers
software on Linux. Once this is done, the TSS API should provide for
cross-platform capability. And of course it has additional functionality
if you want to use the TPM for more than just random number generation.
Intel Macs have TPM chips as well but I don't know of any software yet
that can access them. Eventually I would expect a TSS solution to be
available on that platform as well.
Thanks again to the people who provided me information about these
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]