ISO_IEC_11889-2_2009.pdf

Reference numberISO/IEC 11889-2:2009(E)ISO/IEC 2009 INTERNATIONAL STANDARD ISO/IEC11889-2First edition2009-05-15Information technology Trusted Platform Module Part 2:Design principles Technologies de linformation Module de plate-forme de confiance Partie 2:Principes de conception ISO/IEC 11889-2:2009(E)PDF disclaimer This PDF file may contain embedded typefaces.In accordance with Adobes licensing policy,this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing.In downloading this file,parties accept therein the responsibility of not infringing Adobes licensing policy.The ISO Central Secretariat accepts no liability in this area.Adobe is a trademark of Adobe Systems Incorporated.Details of the software products used to create this PDF file can be found in the General Info relative to the file;the PDF-creation parameters were optimized for printing.Every care has been taken to ensure that the file is suitable for use by ISO member bodies.In the unlikely event that a problem relating to it is found,please inform the Central Secretariat at the address given below.COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2009 All rights reserved.Unless otherwise specified,no part of this publication may be reproduced or utilized in any form or by any means,electronic or mechanical,including photocopying and microfilm,without permission in writing from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel.+41 22 749 01 11 Fax +41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2009 All rights reserved ISO/IEC 11889-2:2009(E)ISO/IEC 2009 All rights reserved iii Table of Contents 1.Scope 1 1.1 Key words 1 1.2 Statement Type 1 2.Normative references 2 3.Abbreviated Terms 3 4.Conformance 5 4.1 Introduction 5 4.2 Threat 6 4.3 Protection of functions 6 4.4 Protection of information 6 4.5 Side effects 7 4.6 Exceptions and clarifications 7 5.TPM Architecture 8 5.1 Interoperability 8 5.2 Components 8 5.2.1 Input and Output 9 5.2.2 Cryptographic Co-Processor 9 5.2.3 Key Generation 11 5.2.4 HMAC Engine 12 5.2.5 Random Number Generator 13 5.2.6 SHA-1 Engine 15 5.2.7 Power Detection 16 5.2.8 Opt-In 16 5.2.9 Execution Engine 17 5.2.10 Non-Volatile Memory 17 5.3 Data Integrity Register(DIR)18 5.4 Platform Configuration Register(PCR)18 6.Endorsement Key Creation 20 6.1 Controlling Access to PRIVEK 21 6.2 Controlling Access to PUBEK 21 7.Attestation Identity Keys 22 8.TPM Ownership 23 8.1 Platform Ownership and Root of Trust for Storage 23 9.Authentication and Authorization Data 24 9.1 Dictionary Attack Considerations 25 10.TPM Operation 26 10.1 TPM Initialization&Operation State Flow 27 10.1.1 Initialization 27 ISO/IEC 11889-2:2009(E)iv ISO/IEC 2009 All rights reserved 10.2 Self-Test Modes 28 10.2.1 Operational Self-Test 29 10.3 Startup 32 10.4 Operational Mode 33 10.4.1 Enabling a TPM 34 10.4.2 Activating a TPM 35 10.4.3 Taking TPM Ownership 36 10.4.4 Transitioning Between Operational States 38 10.5 Clearing the TPM 38 11.Physical Presence 40 12.Root of Trust for Reporting(RTR)42 12.1 Platform Identity 42 12.2 RTR to Platform Binding 43 12.3 Platform Identity and Privacy Considerations 43 12.4 Attestation Identity Keys 43 12.4.1 AIK Creation 44 12.4.2 AIK Storage 45 13.Root of Trust for Storage(RTS)46 13.1 Loading and Unloading Blobs 46 14.Transport Sessions and Authorization Protocols 47 14.1 Authorization Session Setup 48 14.2 Parameter Declarations for OIAP and OSAP Examples 50 14.2.1 Object-Independent Authorization Protocol(OIAP)52 14.2.2 Object-Specific Authorization Protocol(OSAP)56 14.3 Authorization Session Handles 59 14.4 Authorization-Data Insertion Protocol(ADIP)60 14.5 AuthData Change Protocol(ADCP)64 14.6 Asymmetric Authorization Change Protocol(AACP)65 15.ISO/IEC 19790 Evaluations 66 15.1 TPM Profile for successful ISO/IEC 19790 evaluation 66 16.Maintenance 67 16.1 Field Upgrade 69 17.Proof of Locality 70 18.Monotonic Counter 71 19.Transport Protection 74 19.1 Transport encryption and authorization 75 19.1.1 MGF1 parameters 77 19.1.2 HMAC calculation 78 19.1.3 Transport log creation 78 19.1.4 Additional Encryption Mechanisms 78 ISO/IEC 11889-2:2009(E)ISO/IEC 2009 All rights reserved v 19.2 Transport Error Handling 79 19.3 Exclusive Transport Sessions 79 19.4 Transport Audit Handling 80 19.4.1 Auditing of wrapped commands 80 20.Audit Commands 81 20.1 Audit Monotonic Counter 83 21.Design Section on Time Stamping 84 21.1 Tick Components 84 21.2 Basic Tick Stamp 85 21.3 Associating a TCV with UTC 85 21.4 Additional Comments and Questions 87 22.Context Management 89 23.Eviction 91 24.Session pool 92 25.Initialization Operations 93 26.HMAC digest rules 94 27.Generic authorization session termination rules 95 28.PCR Grand Unification Theory 96 28.1 Validate Key for use 98 29.Non Volatile Storage 100 29.1