Securing Embedded Linux Systems with TPM 2.0

Explore the intricacies of securing embedded Linux systems using TPM 2.0 in this comprehensive conference talk by Philip Tricca from Intel. Dive deep into threat modeling, the Intel TPM2 software stack, and implementations of mitigations using the meta-measured Open Embedded layer. Learn about the security goals achievable with TPM and the threats it can mitigate. Understand various configurations of the TPM2 software stack suitable for different Linux systems, from embedded to servers. Gain insights into system integrity, measurement architectures, and practical use cases such as RNG, crypto operations, and sealed storage. Discover how to leverage TPM 2.0 technology to enhance the security of embedded Linux systems in this informative presentation.

Intro
LEVEL SET
THE BASICS
THREAT MODELING
IF YOUR TEAM DOESN'T MODEL THREATS. Please do
TERMS
WHAT IS A TPM?
TPM2 IMPLEMENTATION: DOMAIN SEPARATION
TPM PROTECTIONS
INTEGRITY: MEASURED BOOT
TCG TPM2 SOFTWARE STACK: DESIGN GOALS
TPM2 SOFTWARE STACK System API & TCT specification
IMPLEMENTATION & CODE
USE CASE: RNG
USE CASE: CRYPTO OPERATIONS
USE CASE: SEALED STORAGE AKA LOCAL ATTESTATION