Trusted Platform Modules (TPMs) are small, inexpensive chips which
provide a limited set of security functions. They are most commonly
found as a motherboard component on laptops and desktops aimed at the
corporate or government markets, but can also be found on many
consumer-grade machines and servers, or purchased as independent
components. Their role is to serve as a Root of Trust - a highly trusted
component from which we can bootstrap trust in other parts of a system.
TPMs are most useful for three kinds of tasks: remotely identifying a
machine, or machine authentication; providing hardware protection of
secrets, or data protection; and providing verifiable evidence about a
machine's state, or attestation.
This book describes the primary uses for TPMs, and practical
considerations such as when TPMs can and should be used, when they
shouldn't be, what advantages they provide, and how to actually make use
of them, with use cases and worked examples of how to implement these
use cases on a real system. Topics covered include when to use a TPM;
TPM concepts and functionality; programming introduction; provisioning:
getting the TPM ready to use; first steps: TPM keys; machine
authentication; data protection; attestation; other TPM features;
software and specifications; and troubleshooting. Appendices contain
basic cryptographic concepts; command equivalence and requirements
charts; and complete code samples.
