Abstract
TPM2 must be initialised before it can perform useful work. A significant amount of initialisation must be done by the manufacturer to fix what the host platform can do and how it will do it. Manufacturer initialisation includes providing certificates for the TPM and platform, installing and initialising the Trusted Computing Bases for controlling TPM2, setting up TPM2’s PCRs to match the type of host platform, and deciding whether critical TPM2 commands require multi-factor authorisation. Some initialisation must be done every time that a platform boots. This boot-time initialisation includes ensuring that a TCB does in fact control TPM2, verifying that TPM2 is operating properly, and recording boot-time (static) integrity metrics. Some types of platform also require run-time TPM2 initialisation (initialisation without rebooting the platform), where the platform records metrics of isolated computing environments that were created by the platform’s chip set.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Proudler, G., Chen, L., Dalton, C. (2014). Initialising TPM2. In: Trusted Computing Platforms. Springer, Cham. https://doi.org/10.1007/978-3-319-08744-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-08744-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08743-6
Online ISBN: 978-3-319-08744-3
eBook Packages: Computer ScienceComputer Science (R0)