298
edits
RidgeRun Platform Security Manual/Platform Security/TPM: Difference between revisions
RidgeRun Platform Security Manual/Platform Security/TPM (view source)
Revision as of 16:16, 21 February 2025
, 21 Februaryno edit summary
No edit summary |
No edit summary |
||
| Line 20: | Line 20: | ||
[[File:Measure boot process.png|650px|thumb|center|Fig 1. Measured Boot process. Extracted from [https://learn.microsoft.com/en-us/azure/security/fundamentals/measured-boot-host-attestation link]]] | [[File:Measure boot process.png|650px|thumb|center|Fig 1. Measured Boot process. Extracted from [https://learn.microsoft.com/en-us/azure/security/fundamentals/measured-boot-host-attestation link]]] | ||
Here the concept of '''attestation''' comes into play. You can define attestation as proving that something exists or happened by providing valid evidence, in the context of embedded system security attestation would refer to boot logs that prove the configuration state of a system. | |||
While discrete TPMs are the most common and often considered the most secure, there are other implementations that comply with the '''Trusted Computing Group (TCG)''' specification. The current types of TPM implementations are the following: | |||
* Discrete TPMs | |||
* Integrated TPMs | |||
* Firmware TPMs | |||
* Virtual TPMs | |||
* Software TPMs | |||
Additionally, the TCG provides the following table to compare the different TPM implementations: | |||
<center> | |||
{| class="wikitable" | |||
|+ TPM Implementations | |||
|- | |||
! Trust Element !! Security Levels !! Security Features !! Relative Cost !! Typical Application | |||
|- | |||
| Discrete TPM || || || || | |||
|- | |||
| Integrated TPM || || || || | |||
|- | |||
| Firmware TPM || || || || | |||
|- | |||
| Software TPM || || || || | |||
|- | |||
| Virtual TPM || || || || | |||
|} | |||
</center> | |||
<noinclude> | <noinclude> | ||