298
edits
RidgeRun Platform Security Manual/Platform Security/TPM: Difference between revisions
RidgeRun Platform Security Manual/Platform Security/TPM (view source)
Revision as of 16:30, 21 February 2025
, 21 Februaryno edit summary
No edit summary |
No edit summary |
||
| Line 25: | Line 25: | ||
While discrete TPMs are the most common and often considered the most secure, there are other implementations that comply with the '''Trusted Computing Group (TCG)''' specification. The current types of TPM implementations are the following: | While discrete TPMs are the most common and often considered the most secure, there are other implementations that comply with the '''Trusted Computing Group (TCG)''' specification. The current types of TPM implementations are the following: | ||
* Discrete TPMs | * Discrete TPMs are dedicated chips that implement TPM functionality in their own tamper resistant semiconductor package. They are the most secure, certified to FIPS-140 with level 3 physical security[41] resistance to attack versus routines implemented in software, and their packages are required to implement some tamper resistance. For example, the TPM for the brake controller in a car is protected from hacking by sophisticated methods. | ||
* Integrated TPMs | * Integrated TPMs are part of another chip. While they use hardware that resists software bugs, they are not required to implement tamper resistance. Intel has integrated TPMs in some of its chipsets. | ||
* Firmware TPMs | * Firmware TPMs (fTPMs) are firmware-based (e.g. UEFI) solutions that run in a CPU's trusted execution environment. Intel, AMD and Qualcomm have implemented firmware TPMs. | ||
* Virtual TPMs | * Virtual TPMs (vTPMs) are provided by and rely on hypervisors in isolated execution environments that are hidden from the software running inside virtual machines to secure their code from the software in the virtual machines. They can provide a security level comparable to a firmware TPM. Google Cloud Platform has implemented vTPM. | ||
* Software TPMs | * Software TPMs are software emulators of TPMs that run with no more protection than a regular program gets within an operating system. They depend entirely on the environment that they run in, so they provide no more security than what can be provided by the normal execution environment. They are useful for development purposes. | ||
Additionally, the TCG provides the following table to compare the different TPM implementations: | Additionally, the TCG provides the following table to compare the different TPM implementations: | ||