With a TPM, private portions of key pairs are kept separate from the memory that is controlled by the operating system. With sealed key and software, such as BitLocker Drive Encryption, data can be locked until specific hardware or software conditions are met. The TPM can also seal and unseal data that is generated outside the TPM. This process is referred to as sealing the key to the TPM. This type of key can be unwrapped only when those platform measurements have the same values that they had when the key was created. If you specify that encryption keys can't be migrated, the private portion of the key is never exposed outside the TPM.ĭevices that incorporate a TPM can also create a key wrapped and tied to certain platform measurements. If you specify that they can be migrated, the public and private portions of the key can be exposed to other components, software, processes, or users. You can specify whether encryption keys that are created by the TPM can be migrated or not. The private portion of a storage root key, or endorsement key, that is created in a TPM is never exposed to any other component, software, process, or user. Each TPM has a master wrapping key, called the storage root key, which is stored within the TPM itself. This process, often called wrapping or binding a key, can help protect the key from disclosure. The TPM is installed on the motherboard of a computer, and it communicates with the rest of the system by using a hardware bus.ĭevices that incorporate a TPM can create cryptographic keys and encrypt them, so that the keys can only be decrypted by the TPM. This article provides a description of the Trusted Platform Module (TPM 1.2 and TPM 2.0) components, and explains how they're used to mitigate dictionary attacks.Ī TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |