The Trusted Computing Group (TCG) develops and promotes industry standard specifications for hardware-enabled trusted computing and security technologies such as a trusted platform module (TPM). A TPM is used to store and report the integrity of various devices and/or hardware on a computing platform and is used to securely wrap and store platform information and secrets such as passwords, keys and certificates. The TPM is essentially a single command processing device such that while the TPM is operating on data for one process spawned by a computing system, no other process may be operated on by the TPM until the TPM finishes processing the first process. Further, no entity other than the entity that initiated the process which is currently executing on the TPM may establish a connection with the TPM during the execution of that process. Moreover, a single entity usually acts as a scheduler for all processes/entities spawned at the operating system (OS) level desiring to communicate with the TPM. This scheduler entity typically refuses to relinquish control of the TPM during its operation.
Two entities that exclusively use the TPM are the TCG software stack (TSS) and the TPM Basic Services (TBS). The TSS provides security services in accordance with TCG specifications and guidelines and executes within the control of the computer's OS; the TBS virtualizes the TPM for most recent TPM-aware versions of the Windows operating system. However, in some situations, it may be preferable to perform security operations, such as encryption or decryption, outside the control of the OS because a computer system's firmware, which is outside the OS, may be more resistant to interference by user actions, whether negligent or hostile, and is less likely to be altered. Unfortunately, memory available for storing keys and software is typically limited to firmware and the basic input/output system (BIOS), which may be in the firmware. However, if another entity, such as BIOS, firmware, an external device, or another circuit on a computer motherboard, attempts to leverage TPM functionality for security operations, the single-process operational limitation of the TPM introduces the risk of conflicts with the TSS/TBS. Conflicts may take the form of delays and state corruption. Delays occur while the TSS/TBS is using the TPM but will not relinquish control. State corruption could occur if another entity used the TPM between periods of use by the TSS/TBS and changed the state of registers which the TSS/TBS had relied upon to remain unchanged.