A Trusted Platform Module (TPM), as described by the Trusted Computing Platform Alliance (TCPA), now known as the Trusted Computing Group (TCG), is a hardware component that facilitates hardening security in a platform. An example TPM provides, among other things, four major functionalities. These functionalities may include, for example, asymmetric key functions for on-chip key pair generation, secure storage of hash values representing platform configuration information that facilitates verifiable attestation, endorsement key functions, and true random number generation.
Example functionalities, the TCG, and example TPMs are more fully described in documents like those available at www.trustedcomputinggroup.org and in TCG specifications (e.g., version 1.1b). Hardened security embedded in trusted computing platforms produces issues related to balancing security, openness, and usability. Similarly, issues concerning maintenance and/or migration arise due to tradeoffs between security and platform failure recovery processing associated with TPMs. While it is desirable to be able perform TCG migration (e.g., attach TPM migratable key data structures to other protected storage trees) and/or TCG maintenance (e.g., cloning a broken trusted platform with the cooperation of the platform manufacturer and platform owner), migration and maintenance may conventionally compromise security.
One primary TPM function is to provide a theoretically unlimited amount of protected storage by protecting encryption keys via an RSA 2048 bit storage key generated within the TPM. This key is not to be exposed outside the TPM. Protecting external keys by an internally held key may be referred to as “wrapping”. A TPM may wrap keys in a key hierarchy using a non-migratable storage root key (SRK) designed to reside exclusively within the TPM. TCG rules for non-migratable keys include not allowing a non-migratable key out of a TPM and binding, on a one-to-one basis, a non-migratable key to a trusted platform. These rules facilitate enhancing the TCG notion of “trust” being related to a third party platform's ability to query a TCG enabled trusted platform and assess whether the trusted platform is trustworthy for a given set of operations and/or transactions.
Thus, keys and/or secrets may be encrypted by a TPM but not be stored in a TPM. They may be stored in various storage media (e.g., hard drive) available on a platform, leading to a theoretically unlimited amount of protected data for storing keys and/or secrets. A TPM may store the SRK in a read-only non-volatile memory (NVM). A TPM may also store data (e.g., flags) that indicate whether a wrapped key and/or secret is migratable or non-migratable. Thus, a TPM may perform many security related functions for a platform.
However, a TPM and/or a trusted platform to which a TPM is bound may malfunction, break, or experience other problems. For example, in early TCG platforms, a TPM may be implemented as a daughter board that is uniquely bound to the trusted platform. If the daughter board fails, or is perceived to have failed (e.g., board is jiggled out of place, even momentarily), then the TPM will be seen to have failed. While the TCG specification describes theories for providing maintenance and migration processes to mitigate issues associated with a TPM and/or platform malfunctioning, it does not provide an implementation.