TPM 2.0: The new standard for secure firmware
Connected devices are better protected from cyberattacks and less likely to be compromised by errors thanks to the new TPM 2.0 specification from the Trusted Computing Group (TCG).
Manufacturers attach a Trusted Platform Module (TPM) to a device to help users and administrators authenticate its identity, to generate and store encryption keys, and to ensure platform integrity. Before the TPM specification was updated, users and administrators could only assume the TPM was working correctly because there was no way to cryptographically prove whether it was running an expected version of firmware. Now, users and administrators have the means to cryptographically verify whether the firmware is as expected and ensure data can be protected in any instances where it is not.
“Most vendors providing TPMs get things right when it comes to device security, but it’s important to be able to recover trust if a serious firmware flaw is discovered,” said Co-Chair of the TCG’s TPM Work Group, Chris Fenner. “If a bug is found, then it needs to be rectified right away. TPM 2.0 gives users the means to do that, ensuring the TPM is working exactly as it should be.”
If a bug is found in a TPM implementation, the TPM may need to be patched. To do this, system administrators need to deploy the updated TPM firmware to all the affected endpoints. In some environments, system administrators would like cryptographic evidence that the update was actually received and installed successfully by the TPM.
The new specification strengthens the TPM’s ability to report such cryptographic evidence, by introducing a new feature: Firmware-Limited Objects. These objects allow TPM keys (such as the Endorsement Key, or EK) to be cryptographically (and certifiably) bound to a particular version of the TPM’s firmware. A firmware-limited TPM key is not accessible to the same TPM running a different version of the firmware. Therefore, a system administrator can use a certified firmware-limited EK to remotely check that their TPM is running the firmware version they expect.
“TPM 2.0 provides assurance that TPM updates have been applied appropriately,” said Co-Chair of the TCG’s TPM Work Group, Brad Litterell. “The TPM can now prove it’s the latest version available, while remote servers can attest whether the latest updates have been applied.”
The updated specification also gives users further capabilities relating to device security while providing support for implementations that wish to expand the non-volatile storage capabilities of the TPM using external flash.
Through the new command ‘TPM2_PolicyCapability’, users gain the ability to gate access to a TPM object on the current reported properties of the TPM, while ‘TPM2_PolicyParameters’ makes it easier for users to craft policies that restrict the usage of TPM objects to particular commands running particular parameters.