\documentclass{beamer}
\usepackage{graphicx}
\usetheme{Madrid}

\title[Other TPM Features]{Using the TPM:\\ Other TPM Features}
\author{Ariel Segall \\ ariels@alum.mit.edu}
%\institute{\copyright MITRE Corporation 2012}
\date{Day 2\\ \bigskip Approved for Public Release: 12-2749. \\Distribution unlimited}
%\date{May 31, 2012}

\begin{document}

\begin{frame}
\maketitle
\end{frame}

\begin{frame}{License}

All materials are licensed under a Creative Commons ``Share Alike'' license.
\begin{itemize}
\item http://creativecommons.org/licenses/by-sa/3.0
\end{itemize}
\includegraphics[width=4in]{creativecommons.png}
\end{frame}

\begin{frame}{The Smorgasbord}

The TPM has a number of minor features worth discussing
\begin{itemize}
\item Not significant enough for 101
\item Too small for own talks
\end{itemize}

We'll briefly touch on several, so you'll be familiar with the concepts

\end{frame}

\begin{frame}{Topics We'll Cover}

\begin{itemize}
\item TPM Flags
\item Key Migration
\item Monotonic Counters
\item Tick Counters
\item Random Number Generation
\item OwnerEvict Keys
\item Clearing the TPM
\end{itemize}

\end{frame}

\begin{frame}{TPM Flags}

\begin{itemize}
\item The TPM has a number of internal settings: ``flags'' 
\item Values (mostly) changeable by owner or set by TPM
\item Most are not very relevant to enterprise, e.g.:
\begin{itemize}
\item Ownership: determines whether an owner exists
\item ReadPubEK: determines if EK pubkey can be read; for privacy
\end{itemize}
\item Some are potentially very important:
\begin{itemize}
\item \textbf{FIPS: Many TPM commands will require minimum good security practices}
\item \textbf{nvLocked: Enables or disables all authorization checks on NVRAM}
\end{itemize}
\item Others are useful in unusal corner cases, e.g:
\begin{itemize}
\item CEKPUsed: Indicates if EK created by mfr process or TPM command
\item disableOwnerClear: Determines whether owner can clear TPM
\end{itemize}
\item Full list in TPM Structures spec
\end{itemize}

\end{frame}

\begin{frame}{Getting and Setting TPM Flags}

\begin{itemize}
\item \texttt{TPM\_GetCapability}: Retrieves current value of a TPM
  flag or other internal information, such as number of key slots
  available, size of NVRAM, etc.
\item \texttt{TPM\_SetCapability}: Owner-authorized command to change
  flag values.
\item Full list of capabilities and subcapabilities (i.e., indexes to flags and other information) in Structures spec, under \texttt{TPM\_CAPABILITY\_AREA}.
\begin{itemize}
\item What does that mean? We'll cover that this afternoon.
\end{itemize}
\item Note: When programming using TSS, there are actually more
  commands that can be used to retrieve and set flags. We won't cover
  those today.
\end{itemize}

\begin{center}
\textbf{Some flags, including FIPS mode, are permanently set by the manufacturer.}
\end{center}

\end{frame}

\begin{frame}{Topics We'll Cover}

\begin{itemize}
\item TPM Flags
\item {\color{red}Key Migration}
\item Monotonic Counters
\item Tick Counters
\item Random Number Generation
\item OwnerEvict Keys
\item Clearing the TPM
\end{itemize}

\end{frame}

\begin{frame}{Key Migration}

\begin{itemize}
\item In TPM keys talk, mentioned that keys could be migratable
\item All other talks: use non-migratable keys!
\item Key migration is a criticial feature for enterprise
\begin{itemize}
\item Backup
\item System replacement
\end{itemize}
\end{itemize}

\end{frame}

\begin{frame}{Migration in a Nutshell}

\begin{itemize}
\item Create migratable key K on TPM A
\item Create migration blob, reencrypting K to key on TPM B
\begin{itemize}
\item Requires authorization of owner, or delegated auth
\item Note: B doesn't actually have to be a TPM, though designed to be
\end{itemize}
\item B decrypts blob; K now available to B.
\end{itemize}

Note: K still usable on A! This is backup approach.
\end{frame}

\begin{frame}{Migration: Starting State}
\includegraphics[width=4in]{migration-illustration-1}
\end{frame}

\begin{frame}{Migration: Creating Migration Blob}
\includegraphics[width=4in]{migration-illustration-2}
\end{frame}

\begin{frame}{Migration: Transferring Migration Blob}
\includegraphics[width=4in]{migration-illustration-3}
\end{frame}

\begin{frame}{Migration: Decrypting Migration Blob}
\includegraphics[width=4in]{migration-illustration-4}
\end{frame}

\begin{frame}{Certified Migration Keys (CMKs)}

\begin{itemize}
\item Normal migratable keys cannot be certified: could be migrated to non-TPM
\item CMKs always migrate to migration authority, which verifies final destination
\item Owner approves migration authorities for system
\item Can be certified; cert includes authority info
\item More complex than normal migration, but more assurance
\end{itemize}


\end{frame}
\begin{frame}{Topics We'll Cover}

\begin{itemize}
\item TPM Flags
\item Key Migration
\item {\color{red}Monotonic Counters}
\item Tick Counters
\item Random Number Generation
\item OwnerEvict Keys
\item Clearing the TPM
\end{itemize}

\end{frame}

\begin{frame}{Monotonic Counters}

\begin{itemize}
\item TPMs provide monotonic counters
\item Guaranteed to always increase over time
\begin{itemize}
\item When deliberately incremented-- not clocks
\end{itemize} 
\item Good for internal freshness checking!
\begin{itemize}
\item Counter values cannot be signed for external verification
\item Can use to invalidate old saved data: include value, increment counter
\end{itemize}
\item Unlike NVRAM, burnout due to too many updates extremely unlikely
\end{itemize}

\end{frame}

\begin{frame}{Topics We'll Cover}

\begin{itemize}
\item TPM Flags
\item Key Migration
\item Monotonic Counters
\item {\color{red}Tick Counters}
\item Random Number Generation
\item OwnerEvict Keys
\item Clearing the TPM
\end{itemize}

\end{frame}

\begin{frame}{Tick Counters}

\begin{itemize}
\item TPM has no internal clock
\item Closest equivalent: tick counters
\item Count from start of last tick session
\begin{itemize}
\item Usually last startup, but not guaranteed
\end{itemize}
\item Combines counter with tick session nonce, allowing comparisons
\begin{itemize}
\item TPM will sign tick stamps-- use Identity!
\item Approximate clock per boot
\end{itemize}
\item Surprisingly accurate!
\begin{itemize}
\item Intended primarily for short-term, relative comparisons
\item Usable for timing-based attestation
\end{itemize}
\end{itemize}

\end{frame}

\begin{frame}{Topics We'll Cover}

\begin{itemize}
\item TPM Flags
\item Key Migration
\item Monotonic Counters
\item Tick Counters
\item {\color{red}Random Number Generation}
\item OwnerEvict Keys
\item Clearing the TPM
\end{itemize}

\end{frame}

\begin{frame}{Random Number Generation}

\begin{itemize}
\item TPM can act as random number generator
\begin{itemize}
\item Frequent question: how good?
\item Answer: Don't know, manufacturer dependent
\item Hardware entropy recommended, not required
\end{itemize}
\item Bytes retrievable with \texttt{TPM\_GetRandom} command
\item Entropy can be added from outside with \texttt{TPM\_StirRandom} command
\begin{itemize}
\item RNG used to create TPM keys
\item Allows high-quality entropy to be imported for better key generation
\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{Topics We'll Cover}

\begin{itemize}
\item TPM Flags
\item Key Migration
\item Monotonic Counters
\item Tick Counters
\item Random Number Generation
\item {\color{red} OwnerEvict Keys}
\item Clearing the TPM
\end{itemize}

\end{frame}
\begin{frame}{OwnerEvict Keys}
 
\begin{itemize}
\item We've previously said that loaded keys are unloaded on reboot,
  or when the TPM runs out of key storage space.
\item There is an exception: OwnerEvict Keys
\begin{itemize}
\item Currently loaded key; owner sets OwnerEvict flag on it.
\item Key must not have any parent PCR constraints. (Constraints on key itself fine.)
\item Key will never be unloaded until flag is changed by owner.
\end{itemize}
\item Very useful; no need to track key on disk or load!
\item \textit{Very} limited; some TPMs have as few as 3 key slots.
\item Use \texttt{TPM\_KeyControlOwner} command to set.
\end{itemize}

\end{frame}

\begin{frame}{Topics We'll Cover}

\begin{itemize}
\item TPM Flags
\item Key Migration
\item Monotonic Counters
\item Tick Counters
\item Random Number Generation
\item OwnerEvict Keys
\item {\color{red}Clearing the TPM}
\end{itemize}

\end{frame}

\begin{frame}{Clearing the TPM}

\begin{itemize}
\item What does an enterprise do with TPM when disposing of machine?
\item \textit{Clear} the TPM
\item Two approaches:
\begin{itemize}
\item Through BIOS (ForceClear must be enabled; can be disabled temporarily)
\item \texttt{TPM\_OwnerClear} command (must be enabled; once
  disabled, stays until TPM cleared)
\end{itemize}
\item Erases all non-permanent data from TPM
\begin{itemize}
\item Owner erased, along with SRK
\item Key storage cleared (in FIPS mode, overwritten with 0)
\item Flags returned to default value
\item Non-manufacturer NVRAM deallocated
\item etc
\end{itemize}
\item Some things remain: EK, monotonic counter
\begin{itemize}
\item Also PCRs-- cannot clear TPM to fake boot state
\end{itemize}
\end{itemize}

\end{frame}

\begin{frame}{Questions?}

\end{frame}

\end{document}