Product Description (Source: NBD):
Use Trusted Computing to Make PCs Safer, More Secure, and More Reliable Every year, computer security threats become more severe. Software alone can no longer adequately defend against them: what's needed is secure hardware. The Trusted Platform Module (TPM) makes that possible by providing a complete, open industry standard for implementing trusted computing hardware subsystems in PCs. Already available from virtually every leading PC manufacturer, TPM gives software professionals powerful new ways to protect their customers. Now, there's a start-to-finish guide for every software professional and security specialist who wants to utilize this breakthrough security technology. Authored by innovators who helped create TPM and implement its leading-edge products, this practical book covers all facets of TPM technology: what it can achieve, how it works, and how to write applications for it. The authors offer deep, real-world insights into both TPM and the Trusted Computing Group (TCG) Software Stack. Then, to demonstrate how TPM can solve many of today's most challenging security problems, they present four start-to-finish case studies, each with extensive C-based code examples. Coverage includes * What services and capabilities are provided by TPMs * TPM device drivers: solutions for code running in BIOS, TSS stacks for new operating systems, and memory-constrained environments * Using TPM to enhance the security of a PC's boot sequence * Key management, in depth: key creation, storage, loading, migration, use, symmetric keys, and much more * Linking PKCS#11 and TSS stacks to support applications with middleware services * What you need to know about TPM and privacy--including how to avoid privacy problems * Moving from TSS 1.1 to the new TSS 1.2 standard * TPM and TSS command references and a complete function library
Table of Contents(NBD):
Preface xvii About the Authors xxvii Part I Background Material Chapter 1 Introduction to Trusted Computing 3 Chapter 2 Design Goals of the Trusted Platform Module 13 Chapter 3 An Overview of the Trusted Platform Module Capabilities 29 Part II Programming Interfaces to TCG Chapter 4 Writing a TPM Device Driver 45 Chapter 5 Low-Level Software: Using BIOS and TDDL Directly 59 Chapter 6 Trusted Boot 69 Chapter 7 The TCG Software Stack 77 Chapter 8 Using TPM Keys 103 Chapter 9 Using Symmetric Keys 127 Chapter 10 The TSS Core Service (TCS) 141 Chapter 11 Public Key Cryptography Standard #11 157 Part III Architectures Chapter 12 Trusted Computing and Secure Storage 181 Chapter 13 Trusted Computing and Secure Identification 207 Chapter 14 Administration of Trusted Devices 231 Chapter 15 Ancillary Hardware 243 Chapter 16 Moving from TSS 1.1 to TSS 1.2 249 Part IV Appendixes Appendix A TPM Command Reference 293 Appendix B TSS Command Reference 303 Appendix C Function Library 321 Appendix D TSS Functions Grouped by Object and API Level 323 Index 333
About Author (NBD):
David Challener went to work for IBM in East Fishkill after graduating with his Ph.D. in Applied Mathematics from the University of Illinois, (Urbana-Champaign). After helping design the first TPM (representing IBM), he became chair of the TCG TSS committee. When the IBM PC division was sold to Lenovo, he became a Lenovo employee, where he has represented the company on the TCG Technical Committee, TPM workgroup, and many other groups, while continuing to chair the TSS committee. Currently he is the Lenovo Board Member for TCG. Kent Yoder has been working for the IBM Linux(R) Technology Center since graduating from Purdue University with a degree in Computer Science in 2001. He has represented IBM on the TCG TSS committee and has helped write and maintain TrouSerS, an open-source TSS library that implements the TSS software specification for the TCG TPM hardware. Ryan Catherman was a member of the Trusted Computing Group, including active memberships in the TSS and TPM working groups while employed at IBM. He was also coauthor of the IBM implementation of Trusted Computing software at its inception and originator of Unix versions of this software. Currently, he works for Opsware Incorporated, a recent HP acquisition, and holds a masters degree in Computer Engineering. David Safford is a researcher at IBM's T. J. Watson Research Center in Hawthorne, New York. There he has led security research in numerous areas, including ethical hacking, threat analysis, security engineering, intrusion detection sensors, vulnerability scanning, cryptography, and operating system security. Prior to coming to IBM in 1996, he was Director of Supercomputing and Networking at Texas A&M University, and an A-7 pilot in the United States Navy. Leendert van Doorn is a Senior Fellow at AMD where he runs the software technology office. Before joining AMD he was a senior manager at IBM's T.J. Watson Research Center, where he managed the secure systems and security analysis departments. He received his Ph.D. from the Vrije Universiteit in Amsterdam where he worked on the design and implementation of microkernels. Nowadays his interests are in managed runtime systems, accelerated computing (AMD's name for heterogenous and homogenous manycore computing), security, and virtualization. In his former job at IBM he worked on FIPS 140-2 level 4 physically secure coprocessors, trusted systems, and virtualization. He was also actively involved in IBM's virtualization strategy, created and lead IBM's secure hypervisor and trusted virtual data center initiatives, and was on the board of directors for the Trusted Computing Group. Despite all these distractions, he continued to contribute code to the Xen open-source hypervisor, such as the integrated support code for AMD-V and Intel(R)VT-x. When conference calls and meetings are getting too much for him, he is known to find refuge at CMU.
Promotional Info (NBD):
The TPM was developed by members of the Trusted Computing Group in order to establish an industry standard for a trusted computing subsystem to be added to PCs. The TPM is an open, freely downloadable specification that is now being embedded in hardware from major industry players including Dell, IBM and HP. This book is designed to provide developers with a practical understanding of how to use the Trusted Platform Module. (TPM) Through multiple examples, it provides the reader with an understanding of what problems the TPM can be used to solve, and the motivation behind the design decisions made in the specifications. After reading this book, the reader should better understand the security problems facing PC clients today and how to use the capabilities of a TPM, via the standard APIs to solve many of those problems. The TPM is a technology that assists with encryption at the hardware level instead of the software level. This makes it more difficult for hackers to break into the system. While major industry players are embedding the technology, it is still controversial particularly the features remote attestation, binding, and sealing which are viewed as potential threats to privacy and restrictiveness, in the same manner as Digital Rights Management.