Safeguarding electronic information has become an important issue based on the growing variety of transactions that may now be conducted electronically. Various threats including, for example, hackers, malicious software (e.g., malware) such as viruses, rootkits, etc. may share at least one purpose: to circumvent existing protection measures to gain access to, or control over, another users' device. Users employing a device to perform daily transactions may be unaware that their device has been compromised, and may be unknowingly providing sensitive personal, financial and/or proprietary data to a third party. Technology is continually being developed to combat these types of attacks. However, as new virus protections strategies emerge, hackers are finding ways to attack at lower levels within a device, gaining access and/or control at a level in the device having higher priority that the protection software. As a result, device manufacturers are building security measures into the actual hardware of a device. For example, these security features may be enabled an early stage of device initialization, and may ensure that programs loaded later are safe by performing a security check as the programs are loaded into the device.
At least one example of a hardware-based security system is Trusted Platform Module (TPM). TPM is an international standard for a secure cryptoprocessor, which may be a discrete microprocessor dedicated to securing hardware by integrating cryptographic keys into a device. TPM's technical specification is maintained by a computer industry consortium called Trusted Computing Group (TCG). Consistent with the 2.0 version of the TPM standard, a manufacturer-provisioned endorsement key (EK) and EK certificate are required for attestation identification key (AIK) generation. Discrete TPM solutions typically comprise on-chip storage that may be able to accommodate the EK and EK certificate. However, new integrated solutions are being contemplated that do not have space available for the EK and EK certificate. Consistent with this requirement, devices using integrated TPM may require a serial peripheral interface (SPI) Flash specifically for the EK and EK certificate, which may need to be provisioned to the SPI Flash following assembly by the original equipment manufacturer (OEM). This change to the manufacturing process may result in substantial cost increases for devices using integrated TPM.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications and variations thereof will be apparent to those skilled in the art.