Jump to content

RidgeRun Platform Security Manual/Platform Security/TPM: Difference between revisions

RidgeRun Platform Security Manual/Platform Security/TPM (view source)

Revision as of 16:37, 21 February 2025

332 bytes removed ,  21 February
no edit summary
Visual
No edit summary
No edit summary
Line 25: Line 25:
While discrete TPMs are the most common and often considered the most secure, there are other implementations that comply with the '''Trusted Computing Group (TCG)''' specification. The current types of TPM implementations are the following:
While discrete TPMs are the most common and often considered the most secure, there are other implementations that comply with the '''Trusted Computing Group (TCG)''' specification. The current types of TPM implementations are the following:


* Discrete TPMs are dedicated chips that implement TPM functionality in their own tamper resistant semiconductor package. They are the most secure, certified to FIPS-140 with level 3 physical security[41] resistance to attack versus routines implemented in software, and their packages are required to implement some tamper resistance. For example, the TPM for the brake controller in a car is protected from hacking by sophisticated methods.
* Discrete TPMs are dedicated chips that implement TPM functionality in their own tamper resistant semiconductor package. They are the most secure, certified to FIPS-140 with level 3 physical security resistance to attack versus routines implemented in software, and their packages are required to implement some tamper resistance.
* Integrated TPMs are part of another chip. While they use hardware that resists software bugs, they are not required to implement tamper resistance. Intel has integrated TPMs in some of its chipsets.
* Integrated TPMs are contained in another chip. While they use hardware that resists software bugs, they are not required to implement tamper resistance.
* Firmware TPMs (fTPMs) are firmware-based (e.g. UEFI) solutions that run in a CPU's trusted execution environment. Intel, AMD and Qualcomm have implemented firmware TPMs.
* Firmware TPMs (fTPMs) are firmware-based solutions that run in a CPU's trusted execution environment.  
* Virtual TPMs (vTPMs) are provided by and rely on hypervisors in isolated execution environments that are hidden from the software running inside virtual machines to secure their code from the software in the virtual machines. They can provide a security level comparable to a firmware TPM. Google Cloud Platform has implemented vTPM.
* Virtual TPMs (vTPMs) are provided by and rely on hypervisors in isolated execution environments that are hidden from the software running inside virtual machines. They can provide a security level comparable to a firmware TPM.  
* Software TPMs are software emulators of TPMs that run with no more protection than a regular program gets within an operating system. They depend entirely on the environment that they run in, so they provide no more security than what can be provided by the normal execution environment. They are useful for development purposes.
* Software TPMs are software emulators of TPMs that run with similar protection as a regular program gets within an operating system. They depend entirely on the environment that they run in, so they provide no more security than what can be provided by the normal execution environment. They are useful for development purposes.


Additionally, the TCG provides the following table to compare the different TPM implementations:
Additionally, the TCG provides the following table to compare the different TPM implementations:
Cjimenez
298

edits

Retrieved from "https://developer.ridgerun.com/wiki/index.php/Special:MobileDiff/64451"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.