Already a subscriber? 
MADCAD.com Free Trial
Sign up for a 3 day free trial to explore the MADCAD.com interface, PLUS access the
2009 International Building Code to see how it all works.
If you like to setup a quick demo, let us know at support@madcad.com
or +1 800.798.9296 and we will be happy to schedule a webinar for you.
Security check
Please login to your personal account to use this feature.
Please login to your authorized staff account to use this feature.
Are you sure you want to empty the cart?
ISO/IEC 11889-1:2015 Information technology - Trusted Platform Module Library - Part 1: Architecture, 2015
- 1 Scope
- 2 Normative references
- 3 Terms and definitions
- 4 Symbols and Abbreviated Terms [Go to Page]
- 4.1 Symbols
- 4.2 Abbreviations
- 5 Conventions [Go to Page]
- 5.1 Bit and Octet Numbering and Order
- 5.2 Sized Buffer References
- 5.3 Numbers
- 5.4 KDF Label Parameters
- 6 ISO/IECÂ 11889 Organization
- 7 Compliance
- 8 Changes from Previous Versions
- 9 Trusted Platforms [Go to Page]
- 9.1 Trust
- 9.2 Trust Concepts [Go to Page]
- 9.2.1 Trusted Building Block
- 9.2.2 Trusted Computing Base
- 9.2.3 Trust Boundaries
- 9.2.4 Transitive Trust
- 9.2.5 Trust Authority
- 9.3 Trusted Platform Module
- 9.4 Roots of Trust [Go to Page]
- 9.4.1 Introduction
- 9.4.2 Root of Trust for Measurement (RTM)
- 9.4.3 Root of Trust for Storage (RTS)
- 9.4.4 Root of Trust for Reporting (RTR) [Go to Page]
- 9.4.4.1 Description
- 9.4.4.2 Identity of the RTR
- 9.4.4.3 RTR Binding to a Platform
- 9.4.4.4 Platform Identity and Privacy Considerations
- 9.5 Basic Trusted Platform Features [Go to Page]
- 9.5.1 Introduction
- 9.5.2 Certification
- 9.5.3 Attestation and Authentication [Go to Page]
- 9.5.3.1 Types of Attestation
- 9.5.3.2 Attestation Keys
- 9.5.3.3 Attestation Key Identity Certification
- 9.5.4 Protected Location
- 9.5.5 Integrity Measurement and Reporting
- 10 TPM Protections [Go to Page]
- 10.1 Introduction
- 10.2 Protection of Protected Capabilities
- 10.3 Protection of Shielded Locations
- 10.4 Exceptions and Clarifications
- 11 TPM Architecture [Go to Page]
- 11.1 Introduction
- 11.2 TPM Command Processing Overview
- 11.3 I/O Buffer
- 11.4 Cryptography Subsystem [Go to Page]
- 11.4.1 Introduction
- 11.4.2 Hash Functions
- 11.4.3 HMAC Algorithm
- 11.4.4 Asymmetric Operations
- 11.4.5 Signature Operations [Go to Page]
- 11.4.5.1 Signing
- 11.4.5.2 Signature Verification
- 11.4.5.3 Tickets
- 11.4.6 Symmetric Encryption [Go to Page]
- 11.4.6.1 Introduction
- 11.4.6.2 Block Cipher Modes
- 11.4.6.3 Cipher Feedback (CFB) Mode
- 11.4.6.4 XOR Obfuscation
- 11.4.7 Extend
- 11.4.8 Key Generation
- 11.4.9 Key Derivation Function [Go to Page]
- 11.4.9.1 Introduction
- 11.4.9.2 KDFa()
- 11.4.9.3 Note on Labels
- 11.4.9.4 KDFe for ECDH
- 11.4.10 Random Number Generator (RNG) Module [Go to Page]
- 11.4.10.1 Source of Randomness
- 11.4.10.2 Entropy Source and Collector
- 11.4.10.3 Nonce Creation
- 11.4.11 Algorithms [Go to Page]
- 11.4.11.1 Algorithm Identifiers
- 11.4.11.2 Algorithm Support
- 11.5 Authorization Subsystem
- 11.6 Random Access Memory [Go to Page]
- 11.6.1 Introduction
- 11.6.2 Platform Configuration Registers (PCR)
- 11.6.3 Object Store
- 11.6.4 Session Store
- 11.6.5 Size Requirements
- 11.7 Non-Volatile (NV) Memory
- 11.8 Power Detection Module
- 12 TPM Operational States [Go to Page]
- 12.1 Introduction
- 12.2 Basic TPM Operational States [Go to Page]
- 12.2.1 Power-off State
- 12.2.2 Initialization State
- 12.2.3 Startup State [Go to Page]
- 12.2.3.1 TPM2_Startup()
- 12.2.3.2 Startup Types
- 12.2.4 Shutdown State
- 12.2.5 Startup Alternatives
- 12.3 Self-Test Modes
- 12.4 Failure Mode
- 12.5 Field Upgrade [Go to Page]
- 12.5.1 Introduction
- 12.5.2 Field Upgrade Mode
- 12.5.3 Preserved TPM State
- 12.5.4 Field Upgrade Implementation Options
- 13 TPM Control Domains [Go to Page]
- 13.1 Introduction
- 13.2 Controls
- 13.3 Platform Controls
- 13.4 Owner Controls
- 13.5 Privacy Administrator Controls
- 13.6 Primary Seed Authorizations
- 13.7 Lockout Control
- 13.8 TPM Ownership [Go to Page]
- 13.8.1 Taking Ownership
- 13.8.2 Releasing Ownership
- 14 Primary Seeds [Go to Page]
- 14.1 Introduction
- 14.2 Rationale
- 14.3 Primary Seed Properties [Go to Page]
- 14.3.1 Introduction
- 14.3.2 Endorsement Primary Seed (EPS)
- 14.3.3 Platform Primary Seed (PPS)
- 14.3.4 Storage Primary Seed (SPS)
- 14.3.5 The Null Seed
- 14.4 Hierarchy Proofs
- 15 TPM Handles [Go to Page]
- 15.1 Introduction
- 15.2 PCR Handles (MSO=0016)
- 15.3 NV Index Handles (MSO=0116)
- 15.4 Session Handles (MSO=0216 and 0316)
- 15.5 Permanent Resource Handles (MSO=4016)
- 15.6 Transient Object Handles (MSO=8016)
- 15.7 Persistent Object Handles (MSO=8116)
- 16 Names
- 17 PCR Operations [Go to Page]
- 17.1 Initializing PCR
- 17.2 Extend of a PCR
- 17.3 Using Extend with PCR Banks
- 17.4 Recording Events
- 17.5 Selecting Multiple PCR
- 17.6 Reporting on PCR [Go to Page]
- 17.6.1 Reading PCR
- 17.6.2 Attesting to PCR
- 17.7 PCR Authorizations [Go to Page]
- 17.7.1 Introduction
- 17.7.2 PCR Not in a Set
- 17.7.3 Authorization Set
- 17.7.4 Policy Set
- 17.7.5 Order of Checking
- 17.8 PCR Allocation
- 17.9 PCR Change Tracking
- 17.10 Â Other Uses for PCR
- 18 TPM Command/Response Structure [Go to Page]
- 18.1 Introduction
- 18.2 Command/Response Header Fields [Go to Page]
- 18.2.1 Introduction
- 18.2.2 tag
- 18.2.3 commandSize/responseSize
- 18.2.4 commandCode
- 18.2.5 responseCode
- 18.3 Handles
- 18.4 Parameters
- 18.5 authorizationSize/parameterSize
- 18.6 Authorization Area [Go to Page]
- 18.6.1 Introduction
- 18.6.2 Authorization Structure [Go to Page]
- 18.6.2.1 Command
- 18.6.2.2 Response
- 18.6.3 Session Handles
- 18.6.4 Session Attributes (sessionAttributes)
- 18.7 Command Parameter Hash (cpHash)
- 18.8 Response Parameter Hash (rpHash)
- 18.9 Command Example
- 18.10 Response Example
- 19 Authorizations and Acknowledgments [Go to Page]
- 19.1 Introduction
- 19.2 Authorization Roles
- 19.3 Physical Presence Authorization
- 19.4 Password Authorizations
- 19.5 Sessions
- 19.6 Session-Based Authorizations [Go to Page]
- 19.6.1 Introduction
- 19.6.2 Authorization Session Formats
- 19.6.3 Session Nonces [Go to Page]
- 19.6.3.1 Overview
- 19.6.3.2 Session Nonce Size
- 19.6.3.3 Guidance on Nonce Size Selection
- 19.6.3.4 Nonce Binding
- 19.6.4 Authorization Values [Go to Page]
- 19.6.4.1 Overview
- 19.6.4.2 authValue Size
- 19.6.4.3 Authorization Size Convention
- 19.6.5 HMAC Computation
- 19.6.6 Note on Use of Nonces in HMAC Computations
- 19.6.7 Starting an Authorization Session
- 19.6.8 sessionKey Creation
- 19.6.9 Unbound and Unsalted Session Key Generation
- 19.6.10 Bound Session Key Generation
- 19.6.11 Salted Session Key Generation
- 19.6.12 Salted and Bound Session Key Generation
- 19.6.13 Encryption of salt [Go to Page]
- 19.6.13.1 Overview
- 19.6.13.2 Asymmetric Encryption of Salt
- 19.6.13.3 XOR obfuscation of Salt
- 19.6.13.4 Symmetric Block Cipher Encryption of Salt
- 19.6.14 Caution on use of Unsalted Authorization Sessions
- 19.6.15 No HMAC Authorization
- 19.6.16 Authorization Selection Logic for Objects
- 19.6.17 Authorization Session Termination
- 19.7 Enhanced Authorization [Go to Page]
- 19.7.1 Introduction
- 19.7.2 Policy Assertion
- 19.7.3 Policy AND
- 19.7.4 Policy OR
- 19.7.5 Order of Evaluation
- 19.7.6 Policy Assertions (Policy Commands) [Go to Page]
- 19.7.6.1 Introduction
- 19.7.6.2 Immediate Assertions
- 19.7.6.3 Deferred Assertions
- 19.7.6.4 Combined Assertions
- 19.7.6.5 Repetition of Assertions
- 19.7.6.6 List of Assertions
- 19.7.7 Policy Session Context Values
- 19.7.8 Policy Example
- 19.7.9 Trial Policy
- 19.7.10 Modification of Policies
- 19.7.11 TPM2_PolicySigned(), TPM2_PolicySecret(), and TPM2_PolicyTicket()
- 19.8 Policy Session Creation
- 19.9 Use of TPM for authPolicy Computation
- 19.10 Trial Policy Session
- 19.11 Dictionary Attack Protection [Go to Page]
- 19.11.1 Introduction
- 19.11.2 Lockout Mode Configuration Parameters
- 19.11.3 Lockout Mode
- 19.11.4 Recovering from Lockout Mode
- 19.11.5 Authorization Failures Involving lockoutAuth
- 19.11.6 Non-orderly Shutdown
- 19.11.7 Justification for Lockout Due to Session Binding
- 19.11.8 Sample Configurations for Lockout Parameters [Go to Page]
- 19.11.8.1 Introduction
- 19.11.8.2 Enterprise Use
- 19.11.8.3 Home or Unmanaged Use
- 20 Audit Session [Go to Page]
- 20.1 Introduction
- 20.2 Exclusive Audit Sessions
- 20.3 Command Gating Based on Exclusivity
- 20.4 Audit Session Reporting
- 20.5 Audit Establishment Failures
- 21 Session-based encryption [Go to Page]
- 21.1 Introduction
- 21.2 XOR Parameter Obfuscation
- 21.3 CFB Mode Parameter Encryption
- 22 Protected Storage [Go to Page]
- 22.1 Introduction
- 22.2 Object Protections
- 22.3 Protection Values
- 22.4 Symmetric Encryption
- 22.5 Integrity
- 23 Protected Storage Hierarchy [Go to Page]
- 23.1 Introduction
- 23.2 Hierarchical Relationship between Objects
- 23.3 Duplication [Go to Page]
- 23.3.1 Definition
- 23.3.2 Protections [Go to Page]
- 23.3.2.1 Introduction
- 23.3.2.2 Inner Duplication Wrapper
- 23.3.2.3 Outer Duplication Wrapper
- 23.4 Duplication Group
- 23.5 Protection Group
- 23.6 Summary of Hierarchy Attributes
- 23.7 Primary Seed Hierarchies
- 23.8 Hierarchy Attributes Settings Matrix
- 24 Credential Protection [Go to Page]
- 24.1 Introduction
- 24.2 Protocol
- 24.3 Protection of Credential
- 24.4 Symmetric Encrypt
- 24.5 HMAC
- 24.6 Summary of Protection Process
- 25 Object Attributes [Go to Page]
- 25.1 Base Attributes [Go to Page]
- 25.1.1 Introduction
- 25.1.2 Restricted Attribute
- 25.1.3 Sign Attribute
- 25.1.4 Decrypt Attribute
- 25.1.5 Uses
- 25.2 Other Attributes [Go to Page]
- 25.2.1 fixedTPM and fixedParent
- 25.2.2 stClear
- 25.2.3 sensitiveDataOrigin
- 25.2.4 userWithAuth
- 25.2.5 adminWithPolicy
- 25.2.6 noDA
- 25.2.7 encryptedDuplication
- 26 Object Structure Elements [Go to Page]
- 26.1 Introduction
- 26.2 Public Area
- 26.3 Sensitive Area
- 26.4 Private Area
- 26.5 Qualified Name
- 26.6 Sensitive Area Encryption
- 26.7 Sensitive Area Integrity
- 27 Object Creation [Go to Page]
- 27.1 Introduction
- 27.2 Public Area Template [Go to Page]
- 27.2.1 Introduction
- 27.2.2 type
- 27.2.3 nameAlg
- 27.2.4 objectAttributes
- 27.2.5 authPolicy
- 27.2.6 parameters
- 27.2.7 unique
- 27.3 Sensitive Values [Go to Page]
- 27.3.1 Overview
- 27.3.2 userAuth
- 27.3.3 data
- 27.4 Creation PCR
- 27.5 Public Area Creation [Go to Page]
- 27.5.1 Introduction
- 27.5.2 type, nameAlg, objectAttributes, authPolicy, and parameters
- 27.5.3 unique [Go to Page]
- 27.5.3.1 Introduction
- 27.5.3.2 TPM_ALG_KEYEDHASH
- 27.5.3.3 TPM_ALG_SYMCIPHER
- 27.5.3.4 TPM_ALG_RSA
- 27.5.3.5 TPM_ALG_ECC
- 27.6 Sensitive Area Creation [Go to Page]
- 27.6.1 Introduction
- 27.6.2 type
- 27.6.3 authValue
- 27.6.4 seedValue
- 27.6.5 sensitive [Go to Page]
- 27.6.5.1 Symmetric Objects
- 27.6.5.2 Asymmetric Objects
- 27.7 Creation Data and Ticket
- 27.8 Creation Resources
- 28 Object Loading [Go to Page]
- 28.1 Introduction
- 28.2 Load of an Ordinary Object
- 28.3 Public-only Load
- 28.4 External Object Load
- 29 Object Creation in Reference Implementation
- 30 Context Management [Go to Page]
- 30.1 Introduction
- 30.2 Context Data [Go to Page]
- 30.2.1 Introduction
- 30.2.2 Sequence Number
- 30.2.3 Handle
- 30.2.4 Hierarchy
- 30.3 Context Protections [Go to Page]
- 30.3.1 Context Confidentiality Protection
- 30.3.2 Context Integrity Protection
- 30.4 Object Context Management
- 30.5 Session Context Management
- 30.6 Eviction
- 30.7 Incidental Use of Object Slots
- 31 Attestation [Go to Page]
- 31.1 Introduction
- 31.2 Standard Attestation Structure
- 31.3 Privacy
- 31.4 Qualifying Data
- 31.5 Anonymous Signing
- 32 Cryptographic Support Functions [Go to Page]
- 32.1 Introduction
- 32.2 Hash
- 32.3 HMAC
- 32.4 Hash, HMAC, and Event Sequences [Go to Page]
- 32.4.1 Introduction
- 32.4.2 Hash Sequence
- 32.4.3 Event Sequence
- 32.4.4 HMAC Sequence
- 32.4.5 Sequence Contexts
- 32.5 Symmetric Encryption
- 32.6 Asymmetric Encryption and Signature Operations
- 33 Locality
- 34 Hardware Core Root of Trust Measurement (H-CRTM) Event Sequence [Go to Page]
- 34.1 Introduction
- 34.2 Dynamic Root of Trust Measurement
- 34.3 H-CRTM before TPM2_Startup()
- 35 Command Audit
- 36 Timing Components [Go to Page]
- 36.1 Introduction
- 36.2 Clock [Go to Page]
- 36.2.1 Introduction
- 36.2.2 Clock Implementation
- 36.2.3 Orderly Shutdown of Clock
- 36.2.4 Clock Initialization at TPM2_Startup()
- 36.2.5 Setting Clock
- 36.2.6 Clock Periodicity
- 36.3 Time
- 36.4 resetCount
- 36.5 restartCount
- 36.6 Note on the Accuracy and Reliability of Clock
- 36.7 Privacy Aspects of Clock
- 37 NV Memory [Go to Page]
- 37.1 Introduction
- 37.2 NV Indices [Go to Page]
- 37.2.1 Definition
- 37.2.2 NV Index Allocation
- 37.2.3 NV Index Deletion
- 37.2.4 High-Endurance (Hybrid) Indices [Go to Page]
- 37.2.4.1 Description
- 37.2.4.2 Ordinary, Bit Field, and Extend Hybrid Indices
- 37.2.4.3 Counter Hybrid Indices
- 37.2.5 Reading an NV Index
- 37.2.6 Updating an Index [Go to Page]
- 37.2.6.1 Introduction
- 37.2.6.2 NV Ordinary Index Update
- 37.2.6.3 NV Counter Index
- 37.2.6.4 NV Bit Field Index
- 37.2.6.5 NV Extend Index
- 37.2.7 NV Index in a Policy
- 37.3 Owner and Platform Evict Objects
- 37.4 State Saved by TPM2_Shutdown() [Go to Page]
- 37.4.1 Background
- 37.4.2 NV Orderly Data
- 37.4.3 NV Clear Data
- 37.4.4 NV Reset Data
- 37.5 Persistent NV Data
- 37.6 NV Rate Limiting
- 37.7 NV Other Considerations [Go to Page]
- 37.7.1 Power Interruption
- 37.7.2 External NV [Go to Page]
- 37.7.2.1 Introduction
- 37.7.2.2 Access Interruptions
- 37.7.3 PCR in NV
- 38 Multi-Tasking
- 39 Errors and Response Codes [Go to Page]
- 39.1 Error Reporting
- 39.2 TPM State After an Error
- 39.3 Resource Exhaustion Warnings [Go to Page]
- 39.3.1 Introduction
- 39.3.2 Transient Resources
- 39.3.3 Temporary Resources
- 39.4 Response Code Details
- 40 General Purpose I/O
- 41 Minimums [Go to Page]
- 41.1 Introduction
- 41.2 Authorization Sessions
- 41.3 Transient Objects
- 41.4 NV Counters and Bit Fields
- C066510e - Copy.pdf [Go to Page]
- Blank Page [Go to Page]
