TPM 和 Linux 内核：开启通往硬件安全的更佳途径.pdf

1、TPMs and the Linux KernelUnlocking a better path to hardware securityIgnat Korchaginignatknignatkn$whoami Linux team at Cloudflare Systems security and performance Low-level programmingignatknWhat is a TPM?ignatknWhat is a TPM?ignatknWhat is a TPM?ignatknWhat is a TPM?ignatknWhat is a TPM?A discrete

2、 security chip on modern laptops and serversPassive,non-intrusive:only responds to commands and performscryptographic operationsFoundation for platform integrity,authentication and remote attestationCan handle cryptographic keysignatknCan I store my keys in the TPM?8And use them without exposing the

3、 key material to the main memory?This talk is not about system integrity or attestationignatknApplication keys in the TPMTPMApplicationignatknApplication keys in the TPMTPMApplicationignatknApplication keys in the TPMTPMApplicationOS/dev/tpm0ignatknApplication keys in the TPMTPMApplicationOS/dev/tpm

4、0Resource managerignatknApplication keys in the TPMTPMApplicationOS/dev/tpm0Resource managerTPM libraryignatknApplication keys in the TPMTPMApplicationOS/dev/tpm0Resource managerTPM libraryignatknApplication keys in the TPMTPMApplicationOS/dev/tpm0Resource manager(daemon)TPM libraryignatknApplicatio

5、n keys in the TPMTPMApplicationOS/dev/tpm0Resource manager(daemon)TPM libraryOS/dev/tpmrm0ignatknApplication keys in the TPMTPMApplicationOS/dev/tpm0Resource manager(daemon)TPM libraryOS/dev/tpmrm0ignatknApplication keys in the TPMTPMApplicationOS/dev/tpm0Resource manager(daemon)TPM libraryOS/dev/tp

6、mrm0Intel TSSignatknApplication keys in the TPMTPMApplicationOS/dev/tpm0Resource manager(daemon)TPM libraryOS/dev/tpmrm0Intel TSSIBMTSSignatknApplication keys in the TPMTPMApplicationOS/dev/tpm0Resource manager(daemon)TPM libraryOS/dev/tpmrm0Intel TSSIBMTSSgotpmignatknTPM2 software stackhttps:/tpm2-