Preface

Motivation

When I started my journey with TPMs (Trusted Platform Modules), I experienced two conflicting emotions: enthusiasm and confusion. Indeed, the principle of TPM seemed brilliant to me, but I struggled to understand how I could actually put it into practice.

After several months of perseverance, and thanks to the valuable work of the community (i.e. tools, blog posts, etc.), I reached a level of understanding that could be considered acceptable. In hindsight, I can clearly say that my learning cost was too high, but it doesn't necessarily have to be for everyone.

That is why, I am taking on the challenge of producing a (relatively) comprehensive introduction to the subject. In short, the content I would have dreamed of having when I started this journey.

What's TPM Pills?

TPM Pills is a direct tribute to Nix Pills, who has helped many people discover the nix language!

A series of articles that gradually introduce the key concepts about a TPM. The goal is that by the end of reading TPM Pills, you will have a solid understanding of the functionalities offered by a TPM in order to reduce the need to read the TPM 2.0 specification1, unless you are dealing with an advanced use case. Additionally, each article will be accompanied by a reproductible example to make things more concrete.

Finally, it is important to emphasize that this content is free.

Who is this for?

To anyone who wants to understand TPM and its functionalities. Whether you are a developer, a security expert, or just curious, you will find something to satisfy your curiosity.

A developer background is recommended especially for the implementation part.

Other educational resources

If you want to explore the topic further or if the TPM Pills approach simply doesn't suit you, be aware that there are other alternatives:

ResourceDescriptionFormat
A Practical Guide to TPM 2.0At the time of writing, the most comprehensive book on the subject (my bedside book)!

Note: PDF format is free		Book
Trusted Platform Module (TPM) courses Note: courses are freeOnline course
TPM.dev tutorialsTo share developer-friendly resources about Trusted Platform Modules (TPM) and hardware security, including other Hardware Security Modules (HSM).

Note: description from the repo		Tutorials
TPM-JS by GoogleTPM-JS lets you experiment with a software TPM device in your browser. It's an educational tool that teaches you how to use a TPM device to secure your workflows.

Note: description from the repo

Warning: the repo is archived since 2022		Tutorials
TPMCourse by NokiaA short course on getting started with understanding how a TPM 2.0 works. In this course we explain a number of the features of the TPM 2.0 through the TPM2_Tools through examples and, optionally, exercises.

Note: description from the repo		Tutorials

Who Am I?

I'm LoΓ―c Sikidi a passionate software engineer from France. I love to learn and share my (little bit of) knowledge with others.

I'm far from being an expert on the subject, but I want to contribute to the democratization of this technology because I'm convinced that the TPM is a powerful tool that can help us to build more secure systems.

🚧 TPM Pills is in beta 🚧

  • if you encounter problems πŸ™ please report them on the tpm-pills issue tracker
  • if you think that TPM Pills should cover a specific topic which isn't in the roadmap, let's initiate a discussion πŸ’¬
1

The specification available here is a dense and relatively complex document.

Why TPM is super dope?

Introduction

What is a TPM (Trusted Platform Module)? It's a secure cryptoprocessor β€” a piece of hardware β€” capable of performing cryptographic operations. Like a HSM1, a Smart Card2, or a YubiKey, a TPM must be considered as a secure enclave β€” a device able to create keys without allowing them to be exported, which is highly beneficial from a security perspective.

Where a TPM shines is in its ubiquity! Indeed, it can be found almost everywhere: PCs, servers, network gear, an increasing number of embedded systems, and even in the cloud. Therefore, it's very likely that you can already take advantage of it without spending a dime.

For example, if you have developed the bad habit of storing your SSH key pairs in plaintext (i.e. ~/.ssh/), be aware that you can generate them with a TPM to protect yourself from data theft if your filesystem is compromised.

If you want to learn how: take a look at ssh-tpm-agent repo and its companion blog post.

This functionality (highly important as it is) is actually just the tip of the iceberg. The TPM standard aims to address a root of trust issue through the principle of Hardware Root of Trust (HRoT). This standard operates on the premise that it is safer to base certain low-level functions on hardware rather than software. For example, this concept can be applied during a machine's boot process, where measurements are transmitted to the TPM to verify its integrity3.

These measurements could be stored in memory or on the filesystem, but that would allow a malware to alter them. Conversely, the TPM is a standalone component 4 dedicated to this task and incapable of executing code from external sources (e.g. malware).

Similarly, a TPM solves the issue of storing a secret on disk. Historically, this problem was simply shifted, leading to the following situation: Β« I will encrypt my secret with a symmetric key πŸ’‘ but where should I store this key?! 🀯».

Fortunately for us, the TPM elegantly solves this problem by providing the encryption key (which is not exportable).

This type of principle is used, for example, by BitLocker or systemd (i.e. systemd-cryptenroll).

It is even possible to combine these two concepts and ensure that the unseal mechanism is only allowed if the machine is in a trusted state, thanks to integrity measurements. We will explore this in more depth in the upcoming pills, but this already gives you a glimpse of the vast capabilities provided by a TPM.

Different kinds of TPM

Note: this section quotes content from TPM 2.0: A Brief Introduction produced by TCG (Trusted Computing Group).

You need to have in mind that there are different kinds of TPMs, each with its own security level and cost. The choice of a TPM will depend on the security level required by the system and the budget allocated to it:

  • Discrete TPM: Β« provides the highest level of security[...]. The intent of this level is to ensure that the device it’s protecting does not get hacked via even sophisticated methods. To accomplish this, a discrete chip is designed, built and evaluated for the highest level of security that can resist tampering with the chip, including probing it and freezing it with all sorts of sophisticated attacks. Β»
  • Integrated TPM: Β« is the next level down in terms of security. This level still has a hardware TPM but it is integrated into a chip that provides functions other than security. The hardware implementation makes it resistant to software bugs, however, this level is not designed to be tamper-resistant. Β»
  • Firmware TPM: Β« Β is implemented in protected software. The code runs on the main CPU, so a separate chip is not required. While running like any other program, the code is in a protected execution environment called a trusted execution environment (TEE) that is separated from the rest of the programs that are running on the CPU. By doing this, secrets like private keys that might be needed by the TPM but should not be accessed by others can be kept in the TEE creating a more difficult path for hackers. In addition to the lack of tamper resistance, the downside to the TEE or firmware TPM is that now the TPM is dependent on many additional aspects to keep it secure, including the TEE operating system, bugs in the application code running in the TEE, etc. Β»
  • Software TPM: Β« Software TPM can be implemented as a software emulator of the TPM. However, a software TPM is open to many vulnerabilities, not only tampering but also the bugs in any operating system running it. It does have key applications: it is very good for testing or building a system prototype with a TPM in it. For testing purposes, a software TPM could provide the right solution/approach. Β»
  • Virtual TPM: Β« is part of the cloud-based environment and it provides the same commands that a physical TPM would but it provides those commands separately to each virtual machine. Β»
Trust ElementSecurity LevelSecurity FeaturesRelative costUse Case
Discrete TPMHighestTamper resistant hardwareπŸ’²πŸ’²πŸ’²Critical systems
Integrated TPMHigherHardwareπŸ’²πŸ’²e.g. Network gear
Firmware TPMHighTEEπŸ’²Non-critical systems
Software TPMN/AN/AFreeTesting and prototyping
Virtual TPMHighHypervisorCheapCloud environment

Conclusion

In this brief introduction, my goal was to present the key features that make the TPM an essential component for establishing a paradigm focused on security. It is also in this spirit that Microsoft requires a TPM 2.0 to install Windows 115 6 on a machine.

Up until now, this is the first time I mention TPM 2.0. TPM 2.0 is simply the version that follows TPM 1.2. Just consider that the second iteration was designed to address several issues and that it is now de facto the industry standard.

Important note: every time I use the term TPM, I always refer to TPM 2.0.

If you're interested in the differences between TPM 1.2 and TPM 2.0, I recommend you to read this documentation provided by Microsoft.

Please note that in this first pill, I haven't mentioned all the features offered by a TPM (e.g., authorization system, auditing, etc.). However, those I believe important will be covered in next pills.

For the sake of impartiality, I must highlight the drawbacks inherent in using a TPM:

  • Resources are limited (storage, memory)
  • Cryptographic operations (e.g., key generation, signatures, encryption) are much slower than on other devices (due to the previous point)
  • You have to be aware of many concepts to use or administrate TPMs properly - but don't worry, TPM pills will guide you through them!

What's about Apple devices?

Contrary to Microsoft and Linux, Apple made the decision to use a proprietary solution called Secure Enclave.

If you are a macOS user, you can still stay with us because most of the exemples will use a Software TPM which you will be able to run on your machine.

Next pill...

...we will setup a minimal environment to interact with a TPM. We will also explore the tools available to interact with it.

🚧 TPM Pills is in beta 🚧

  • if you encounter problems πŸ™ please report them on the tpm-pills issue tracker
  • if you think that TPM Pills should cover a specific topic which isn't in the roadmap, let's initiate a discussion πŸ’¬
1

Hardware Security Module (see more in Wikipedia)

2

see more in Wikipedia

3

via a Secure Boot or a Mesured Boot.

4

it has its own memory (RAM) and its own storage, although the resources are very limited.

6

This decision by a tech giant led to a drop in TPM prices.

Install tooling in Your Running System

The goal here is to prepare your environment to run the examples provided in TPM Pills, if (like me) you only trust what you see with your own eyes. It's not a requirement. Indeed, you can limit yourself to read the content and code snippets. However, I strongly recommend you to read and run the examples to better understand the concepts.

Disclaimer regarding Windows

So far, my experience with TPMs has been exclusively limited to a Linux context β€” this is why, I am open to feedback from Windows users, if they encounter any issues.

Unfortunately, according to this issue, TPM is not added to WSL (Windows Subsystem for Linux), so it will be necessary to run commands from the host machine.

Prerequisites

TPM Pills will require you to have the following tools (in addition to git):

ToolDescriptionLinux SupportWindows SupportMacOS Support
go >= v1.22A language that no longer needs an introductionβœ…βœ…βœ…
opensslCrypto Swiss Army Knife which here is a dependency for using the Software TPMβœ…βœ…βœ…
tpm2-toolsA CLI (Command-Line Interface) for interacting with a TPMβœ…βŒβŒ

tpm2-tools is a great tool to have in your toolbox! However, since it is not available everywhere, it will be used sparingly.

PowerShell provides some commands to interact with a TPM, but they will not be covered here.

Why go?

Most educational content on the subject is in C... but why follow the crowd, right?!

More seriously:

  • I am not an experienced C developer, but I am proficient in Go
  • go-tpm provides a rich interface for communicating with a TPM
  • In the upcoming pills, we will make the TPM interact with a server in gRPC, and Go allows me to do this easily
  • More and more projects in Golang ecosystem use TPMs (e.g., spire, sks, u-root, constellation, etc.)

Fundamentally, since the TPM 2.0 interface is a standard, all the concepts we will cover here are also applicable in other languages.

TPM 2.0 Clients

For those interested, here is a (probably non-exhaustive) list of TPM 2.0 clients.

My usage has been only limited to tpm-tss and go-tpm.

NameLanguageDescription
tpm2-tssCThe standard meter bar.
go-tpmgolang
tpm2-pytsspythonWrapper of tpm2-tss.
tpm-rsrust
rust-tss-fapirustWrapper of libtss2-fapi which is an upper API provided by tpm2-tss named FAPI1.

Warning: project's maintainers underline that the implementation is experimental and shouldn't be use in production.
TSS.MSRc#, c++, java, nodejs and python

Installation

OCI

🚧 TBD 🚧

Nix

If you are a Nix user, TPM Pills provides a Nix shell (i.e. shell.nix) at the root of the repository.

To install dependencies, simply run the following commands:

git clone https://github.com/loicsikidi/tpm-pills.git
cd ./tpm-pills
# launch the derministic shell
nix-shell

# inside the shell
go version
tpm2 --version

With this method tpm2-tools will only be installed on a Linux platform.

Devbox

For those who are unfamiliar, Devbox is a layer on top of Nix that allows you to obtain a deterministic shell without having to master Nix language.

If you are a Devbox user, TPM Pills also provides a configuration (i.e. devbox.json) at the root of the repository.

To install dependencies, simply run the following commands:

git clone https://github.com/loicsikidi/tpm-pills.git
cd ./tpm-pills
# launch the derministic shell
devbox shell

# inside the shell
go version
tpm2 --version

With this method tpm2-tools will only be installed on a Linux platform.

Manually

  • go: Use your preferred package manager or download the binary from the official website
  • openssl: Use your preferred package manager or get the sources from the official website
  • tpm2-tools: Use your preferred package manager or build the sources by following the official documentation

Example: Validate TPM's Version

Let’s finally get to the serious stuff! We will check the version of the TPM installed on your machine and ensure that it is a TPM 2.0. We will able to do this by interacting directly with the TPM using a command called TPM2_GetCapability.

On Linux, access to the Hardware TPM is secured by sudo rights. It is possible to have finer control using a udev policy to allow specific users or groups to access it (e.g., the policy available in NixOS).

tpm2-tools

Only works on Linux. 
# dependending on your config it might require 'sudo'
tpm2_getcap properties-fixed | grep -i pt_family_indicator -A 2

You should get the following output:

go

The script will works on all environments (on Darwin, the code relies on a Software TPM).

Run the following command:

# dependending on your config it might require 'sudo'
go run github.com/loicsikidi/tpm-pills/examples/02-pill

# output:
# TPM Version: 2.0

Depending on your local setup, you can also run the following command:

# nix command
nix-shell --run "go run github.com/loicsikidi/tpm-pills/examples/02-pill"
# devox command
devbox run -- go run github.com/loicsikidi/tpm-pills/examples/02-pill

Next pill...

...we will see in much more details how we can interact with a TPM.

🚧 TPM Pills is in beta 🚧

  • if you encounter problems πŸ™ please report them on the tpm-pills issue tracker
  • if you think that TPM Pills should cover a specific topic which isn't in the roadmap, let's initiate a discussion πŸ’¬
1

Feature API