Talk:Trusted Platform Module/Archive 1

April 2006
this article says nothing about what this "module" is supposed to do. - --Sprafa 19:00, 8 April 2006 (UTC)

this article also reads like a load of vague marketing speak, and mentions nothing of the controversy of "trusted" computing, or the hardware aspects of palladium, or the potential downside for users. *major* rewrite needed by someone with more knowledge on the subject (and preferably not someone from the marketing department of some company trying to push the technology onto people) Xmoogle 21:19, 27 June 2006 (UTC)


 * The "How it works" section was added just a few days ago by a new editor, whose sole contribution was that section. I've removed it entirely, because you're right, it sounds like marketing material.  Also, it was factually incorrect for the most part, since a TPM can't necessarily prevent spyware from being installed on modern operating systems.... it's just a hardware-based cryptographic provider.  As for the issue of contraversy around trusted computing, you'll find that subject well-covered in the trusted computing article... any criticism or contraversy put here should be about the chip itself, not about the bigger conceptual issues of TC.  Warrens 21:32, 27 June 2006 (UTC)

Capitalization
Shouldn't the title of the article be capitalized as "Trusted Platform Module"? It is referred to as such in the first line, after all. --Paul1337 19:07, 16 July 2006 (UTC)

truecrypt
What's the relationship between truecrypt and the TPM ? Dbiagioli 08:34, 21 November 2006 (UTC)
 * link removed Dbiagioli 10:09, 24 November 2006 (UTC)

Usage
Given to OSS community's resistance to TPM stuff, it would be interesting to see references/links to OSS projects that provide an API to use this technology for 'good' - anyone willing to share?
 * opentc.net ? trousers.sf.net ? emscb.com Dbiagioli 09:09, 7 February 2007 (UTC)

is it true?
http://www.againsttcpa.com/what-is-tcpa.html

take a look at "The technology:"

is it true?

if it is, then it must be added to the article —The preceding unsigned comment was added by 84.108.50.106 (talk) 00:15, 7 April 2007 (UTC).
 * that info is already present in wikipedia, in the Trusted Computing article Dbiagioli 06:45, 7 April 2007 (UTC)

NPOV
As it was already mentioned, this article reads like marketing crap. Especially the "Uses" section is a serious violation of the NPOV ("This is highly desirable..." "Pushing the security down to the hardware level in conjunction with software s a much better solution...") --84.143.223.74 07:39, 30 September 2006 (UTC)
 * i've modified the 'Uses' section, i hope the article is NPOV enough now . fell free to re-add the NPOV tag if you disagree ,  and in , that case , please explain why. Dbiagioli 08:19, 30 September 2006 (UTC)

I really don't think this adheres to NPOV. Only negative examples are given in 'uses', rather then strictly sticking to the capabilities of the hardware being discussed.
 * what are the "negative examples" ? the tripwire tool does the same thing the enforcer does, and people  are actually buying tripwire  ... Dbiagioli 20:13, 18 November 2006 (UTC)

I've added a NPOV tag. The marked section does not read as neutral: "Unfortunately, the chip does not offer ... is not fully thought out ... uneasily mixes and matches ... rather than offering mature, orthogonal mechanisms." I would have more confidence in this section if it used neutral language and cited its claims. --Billgordon1099 00:18, 3 April 2007 (UTC)


 * I've removed the disputed text altogether. It was added by an anonymous user at the beginning of March; their subsequent edits in another article are an apt demonstration that they weren't terribly concerned with WP:NPOV... -/- Warren 07:11, 7 April 2007 (UTC)
 * right . the text looked like original research .The national computer security center, which is part of the NSA , never released such a declaration. by the way , the NSA insted criticized directly DES ,back in the '80s . so , until the NSA officially states its position on the TPM's security , we should classify allegation that the TPM is not secure as not verifiable Dbiagioli 23:01, 7 April 2007 (UTC)

I've removed the NPOV content about lost keys and their business impact. The Trousers FAQ covers this issue correctly. There are ways to secure information with the help of the TPM, but NPOV statements such as "requires an enterprise-level process for transferring the appropriate TPM-secured application keys." do not accurately describe the issue.

Specification correction
The current specification, as written in the opening section of this page, is incorrect. It is actually TPM Specification Version 1.2, Level 2, Revision 103, published 9 July 2007. This information is available at https://www.trustedcomputinggroup.org/specs/TPM

Gizmo 17:31, 30 August 2007 (UTC)

Obsolete module
The Linux module "the enforcer" seems to be out of date (no commit since apr. 2004). Does it make sense to mention it in the article ? G Allegre (talk) 09:28, 4 January 2008 (UTC)

TPM is not a chip
People are confused about TPM. They think it is a single purpose chip on a board that can be removed but it's not. I understand why as it's easy to think of there being one chip to control audio (like AC'97) another to control bios another to control TPM... but it doesn't work like that and the main page doesn't describe how it works on a fundamental level. I think we need a flowchart diagram similar to the top of chipset for people to understand.

TPM is firmware of chips. While TPM could be the only thing that chip does, it doesn't have to be. TPM is built into CPUs and southside bridges for example.--None Error (talk) 22:24, 9 September 2008 (UTC)
 * From here, "The Trusted Platform Module is a component on the desktop board that is specifically designed to enhance platform security above-and-beyond the capabilities of today’s software by providing a protected space for key operations and other security critical tasks."   Socrates2008 ( Talk )   08:27, 10 September 2008 (UTC)

Citation: A full explanation on the main page would be overkill and break up the flow, so here is a quick and dirty one: A TPM can (and often is) a single purpose chip attached to the board. But it doesn't have to be.--None Error (talk) 05:57, 13 September 2008 (UTC)
 * A modern CPU (including the duo cores etc) is a single physical object as opposed to a board of chips where some component could be pried off.
 * List of Intel CPUs that use Intel TXT
 * Intel TXT = a TPM
 * And there are the technical papers on how to conform to the specification.
 * This is a bit vague for an encyclopedia. You've made an edit stating that TPM is implemented not as chip but as firmware. Please add a citation stating exactly this, otherwise your edit will be removed as unreferenced original research.  Thanks.   Socrates2008 ( Talk )   11:44, 13 September 2008 (UTC)

Many errors
I work professionally with these technologies and I'm sorry to say there are many misconceptions on this webpage. 1) Intel TXT != TPM. Intel TXT is a technology in CPU + chipset that can work together with the TPM in a Dynamic Root of Trust mode of usage that was made available in TPM spec 1.2 2) It is true that Intel has intergrated TPM functionality in the Q45 chipset but TXT existed long before, in Q35 for instance. 2) The TPM is indeed a chip specification. You can even find suggested PIN-outs in the spec. It is also to some extend tied up to special bus cycles on the LPC bus, in the case of TPM 1.2. However, it doesn't _HAVE_ to be a physical, discrete chip on the mainboard. Still, I think it is wrong to say that "it is not a chip specification but a firmware specification". I recall this article being mostly correct at a previous point in time so it is sad that it has deteroriated. I don't have time to find sources and correct the errors but I will now delete the wron statements from the article. —Preceding unsigned comment added by 83.89.200.10 (talk) 15:37, 19 November 2008 (UTC)

obsolete
"Intel is planning to integrate the TPM capabilities into the southbridge chipset in 2008." Did this end up happening? Looking for an updated source. Radiant chains (talk) 17:12, 27 March 2009 (UTC)

Taking Ownership
re: "Each application that uses the TPM must register a unique passphrase when it takes ownership of the TPM in order to prevent other applications from also making unauthorized use of the TPM once it's enabled.[8] "

This seems to suggest that multiple individual applications take ownership, which is not the case. Taking ownership is an operation that generally occurs only a few times in the life of a TPM, and the computer (or device) in which it is embedded. TPM Ownership would be changed only when the physical ownership of the computer changes, or when the ownership secret phrase has become compromised. Individual applications do not take ownership. For example, See http://technet.microsoft.com/en-us/library/cc749022.aspx which describes taking ownership as part of the process of intially configuring a TPM.

I've made edits to reflect this. Leotohill (talk) 16:00, 12 June 2009 (UTC)
 * Agree it could be phrased better, but the part about taking ownership is important - as it conveys the fact that not just any application can use the TPM, even once it's activated. How about "Only one application can use the TPM, and must register a unique passphrase when it takes ownership of the TPM in order to prevent other applications from also making unauthorized use of the TPM once it's enabled."?    Socrates2008 ( Talk )   22:12, 12 June 2009 (UTC)
 * That still sounds wrong to me. I think that any application CAN use the TPM, as long as it can provide the AuthData that allows it to access the particular resources (e.g., key) that it wants to access. Providing the AuthData is not the same as taking ownership.   I'm working my way through the spec docs and could be wrong about this.  If you are confident that you are right, go ahead and make the change and I'll correct it only if I come to a different conclusion.  Or, wait, in a day or 3 I'll post more here.
 * Leotohill (talk) 03:02, 14 June 2009 (UTC)


 * Well, yes, but that implies that the passphrase supplied when taking ownership has been "cracked" somehow by a rogue application.  Socrates2008 ( Talk )   03:24, 14 June 2009 (UTC)


 * I'm quite certain now that "taking ownership" is a rare event, generally executed only on system setup, change of physical ownership of the device, or compromise of the secret. Applications don't take ownership.


 * I found 13 commands that require assertion of physical presence. These are all for admin functions such as enable/disable, activate/deactivate, and clear.


 * Applications have more mundane requirements. Among other things, applications typically want to use sealed or bound data.  These secured entities (the data) have their own authorization values (secrets).  An application can create and access its own sealed/bound data, and certainly does not "take ownership" nor even assert ownership identity to execute the commands for those operations. An application only needs to provide the secret that is associated with the data.


 * Commands that access sealed/bound data MAY require physical presence, but only if an attribute associated with that data indicates so. (e.g/, see the TPM_NV_PER_PPREAD member of the structure TPM_NV_ATTRIBUTES.


 * Note that some commands require owner authority, by providing the owner secret, but still do not require physical presence. For example, see TPM_DisableOwnerClear.


 * Finally, there is no prohibition against multiple applications knowing the owner secret: "Control of the TPM revolves around knowledge of the TPM Owner authentication value. Proving knowledge of authentication value proves the calling entity is the TPM Owner. It is possible for more than one entity to know the TPM Owner authentication value." (section 9.4.3) However, a better approach is to use the delegation feature to grant rights to other entities.  Delegation "...allows the TPM Owner to create a new AuthData value and to delegate some of the TPM Ownership rights to the new AuthData value." (section 29.2)

Leotohill (talk) 04:46, 16 June 2009 (UTC)


 * Thanks, I've seen your post, but will take a couple of days to respond to due workload.   Socrates2008 ( Talk )   09:28, 18 June 2009 (UTC)

How would a TPM compromise your privacy?
First, to get things right, I am very sceptical of the true goals of this "Trusted Computing" initiative and I have heard rumours about hardware-side backdoors to your system integrated into the Trusted Platform Module and whatnot. However, I think that there is a lot of misconception about the "Trusted Computing" effort and about what such a platform module might do and what not. I really do not see how this chip by itself, aside from possible backdoors (which any chip in your computer might have) will compromise your privacy. It is only a cryptoprocessor. It will NEVER prevent you from opening any file or from copying that file around, whether this file is "DRM secured" or not. It will NEVER prevent an "unauthorized" operating system from booting and it will NEVER prevent an "unauthorized" or "modified" application software from starting. It has NO influence AT ALL on the kind of software you are executing and it will NEVER communicate over a network to "attestate" something. A software program could make use of the TPM to generate signatures for all of these purposes, but it could also do so without using the TPM. The TPM only implements well-known algorithms like SHA1 and RSA in hardware, together with a hardware random number generator. Any software could generate the same signatures a TPM will generate. If a software uses the TPM for performing these algorithms for DRM purposes, that's a problem with the particular software and it could do the same without the TPM. 217.94.192.205 (talk) 19:17, 2 March 2011 (UTC)
 * Concerns about the uniqueness of the endorsement key (EK) revolve around 3rd parties' ability to track you. The TCG took this concern so seriously, that the TPM cannot be cleared, owership taken etc. without a "physical presence operation", which is a real pain for enterprise system administrators wanting to make use of the TPM.   Socrates2008 ( Talk )  10:53, 3 March 2011 (UTC)

New security information TPM 2.0
Cannot be trusted for security purposes. Potential backdoor to NSA.

http://rt.com/news/windows-8-nsa-germany-862/

http://www.infosecurity-us.com/view/34119/german-federal-government-warns-on-the-security-dangers-of-windows-8/

https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2013/Windows_TPM_Pl_21082013.html

--Paulmd199 (talk) 02:43, 23 August 2013 (UTC)

Sorry to say, but this is is not the point the BSI had made, saying there are potential backdoors of the NSA. Maybe the brevity of the comment is introducing misconceptions. The point made by the BSI is that the owner of the device may not have full control over future updates of the OS the TPM must authorize. This does not immediately say the NSA installs BD. Other, e.g. the vendor, could do as well. Not having full control over future updates means you'll may be hindered to use that software you'd like to use. For most users this is IMO much more severe. The probability to be the individual target of the NSA exists but isn't that high. Maybe, this is worthwhile an entry in the Criticism section. Ppso (talk) 05:24, 30 January 2014 (UTC)

Even if this page remains dominated by it's current sycophantic viewpoint, not including something about reports like the ones linked above in the criticism section is clearly censorship, as that is exactly what it is; CRITICISM. Criticism in not valid only if you agree with it. I haven't bothered editing this in myself. I will leave it to the page's regular maintainers to do some naval gazing and decided exactly how obvious they want it to be. This is very disappointing. There are obvious advantages to having hardware level security. It's a shame to think that such a great idea could possibly be destroyed by sanctioned built in holes. If true, these types of things are ALWAYS compromised eventually, so the issue deserves a healthy debate.

Blind trust in the chip manufacturer and the authorities
I added this text to the article:

''The private part of the endorsement key is burned into the chip at the manufacturing plant, which means that at least the manufacturer must have had access to the private key at least during the time of manufacturing. There exist no method for the user to obtain the private part of the endorsement key. The user will have to blindly trust the manufacturer and the authorities in the country where the chip was manufactured to not have stored the key, or else it must be assumed that they are in control of the private endorsement key, upon which all security of the TPM relies.''

I admit that I have no direct source for this, except what I have understood from reading the technical specifications for the TPM. I think that this is a self-evident fact! I think it must be obvious that they have had access to the private key, if they burned it into the circuit. If one does not trust the manufacturer (and the authorities in the country where the TPM was created), it is simply impossible to trust the Trusted Platform Module!

Footnote: Of course it depends on what one means with "trusted", when talking about trusting the TPM. If you are a 100% law-abiding company or citizen, or if you are the manufacturer of the chip, then it would make sense in calling it "trusted". From what I understand from the TPM documents, this is the perspective that the promoters of the TPM have. (I do not share this perspective!) — Preceding unsigned comment added by 85.225.254.120 (talk) 21:06, 25 August 2013 (UTC)

The EK is not typically generated externally and loaded onto the chip. It's typically generated on the chip using TPM_CreateEndorsementKeyPair. Thus, the manufacturer will not have access to the private key. — Preceding unsigned comment added by 129.34.20.23 (talk) 18:06, 14 August 2014 (UTC)

Endorsement Key is not used for binding/sealing
Every key in a TPM depends on the EK, but it is never used for sealing/binding. —Preceding unsigned comment added by 78.94.50.146 (talk) 10:20, 22 May 2011 (UTC)

Every key does not depend on the EK, or any other key. Keys are independently generated using the TPM random number generator. When keys are exported off the TPM, they are wrapped with (encrypted by) a parent. The root of the tree is the Storage Root Key (SRK), which never leaves the TPM. The root is not the EK. — Preceding unsigned comment added by 129.34.20.23 (talk) 18:13, 14 August 2014 (UTC)

Article implies TPM can do bulk encryption
I would like to discuss this statement:

"This problem is eliminated if key(s) used in TPM are not accessible on a bus or to external programs and all encryption/decryption is done in TPM."

To me "all encryption" implies that the TPM can do bulk encryption. It cannot. It also implies that TPM keys are in the clear on a bus. They are never in the clear outside the TPM.

I suspect that the author was discussing the use case where a TPM key protects a symmetric bulk encryption key. If so, I can try to improve it.

Opinions? — Preceding unsigned comment added by Kgold1 (talk • contribs) 12:51, 20 August 2014 (UTC)

Hacked?
A quick web search "TPM hacked" confirmed this system was hacked in 2009 by Christopher Tarnovsky http://hackaday.com/2010/02/09/tpm-crytography-cracked/

I wonder why this is not mentioned in the article?


 * This isn't an attack, per se, since the TPM does not offer protection against hardware attacks. Given that the TPM is a secure cryptoprocessor, which is defined as "a dedicated computer ... embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance," I think there's already a subtle hint that hardware attacks are possible. Moreover, it is explicitly discussed: https://en.wikipedia.org/wiki/Secure_cryptoprocessor#Degree_of_security. Nevertheless, Tarnovsky presented the first attack, so it would be nice to cite him.

Pundits point out that a hack was always likely, especially since the system is used for DRM, therefore is a shiny target.

However, this isn't a full-blown remote hack; it seems to need physical access to the hardware, though something like an Evil Maid attack might be possible. or of course an assault on stolen equipment.

See for example TrueCrypt (defunct).

Of course (in theory) nothing is secure from someone with intent and physical access, and any equipment so accessed must be considered as potentially compromised. One is one and one is one (talk) 15:19, 20 December 2015 (UTC)

Broken citation link
Citation #8 is a broken link. This reference seems to have the information that would make it a suitable replacement: https://trustedcomputinggroup.org/trusted-platform-module-tpm-summary/ H4rp3rV (talk) 21:06, 3 April 2017 (UTC)

Text That Seems Out Of Place
TPM is implemented by several vendors: ... In 2006, with the introduction of first Macintosh models with Intel processors, Apple started to ship Macs with TPM. Apple never provided an official driver, but there was a port under GPL available.[45] Apple has not shipped a computer with TPM since 2006.[46]

In effect, TPM is *not* implemented by Apple anymore (and hasn't been for 12 years, an eon in computer years), so this bullet might better be located outside of the set of bullets under "implemented by several vendors". — Preceding unsigned comment added by 162.250.211.66 (talk) 00:25, 14 March 2018 (UTC)

PTT (Platform Trusted Technology
As an alternative for TPM Intel developed PTT Platform Trusted Technology. A reference or explanation of PTT and a compare to TPM is missing. Theking2 18:27, 6 December 2017 (UTC) — Preceding unsigned comment added by Theking2 (talk • contribs)
 * Hi.
 * Google search brings up zero results on this. But "Intel Platform Trust Technology" is a password manager, unrelated to TPM.
 * Best regards, Codename Lisa (talk) 08:52, 7 December 2017 (UTC)


 * If you did a bit more research you'd find this: TPM for the masses or trusted infrastructure overview


 * So the question remains: Could someone draft a segment on Intel Platform Trusted Technology? Or should I give it a go?
 * Theking2 17:18, 31 May 2018 (UTC) — Preceding unsigned comment added by Theking2 (talk • contribs)

Authorship
What clown wrote this article in the first place? Has he even the least understanding of electrical engineering and computer science? — Preceding unsigned comment added by 2601:14B:4301:AF90:EC1E:BA83:D697:95D0 (talk) 15:39, 29 April 2022 (UTC)


 * I would recommend that you familiarize yourself with what Wikipedia is. To begin with, it's a collaborative medium, and anyone can edit it. So, there have been hundreds of editors since the article was first created back in 2005.
 * There are more constructive ways to improve the article; to begin with - start editing it, and make it better. Anastrophe (talk) 22:02, 29 April 2022 (UTC)

Citation 1 on DRM
Currently Citation #1 references an article that uses a concept "technical protection measures" (TPM) that isn't even related to "trusted platform module" (TPM) and is a completely invalid citation. — Preceding unsigned comment added by 2604:4080:104A:0:CC7D:DE68:3970:7E0B (talk) 18:07, 25 August 2022 (UTC)


 * Good catch. Removed. Thanks. – Novem Linguae (talk) 23:02, 25 August 2022 (UTC)

Disabling TPM
As much as I love the NSA looking through email and phone records, I would prefer that the had to *at least* work for it. Trusted Computing (What a crock BTW) says it can be turned off, but does anyone know how? Fosnez 07:52, 13 February 2007 (UTC)
 * you can do that from the BIOS setup ro from the OS .. see also http://technet.microsoft.com/en-us/windowsvista/aa905092.aspx#BKMK_S2 Dbiagioli 08:31, 13 February 2007 (UTC)
 * link is broken--None Error (talk) 22:07, 9 September 2008 (UTC)
 * TPMs are turned off by default (cf. https://books.google.co.uk/books?id=xS0kBgAAQBAJ&pg=PA133&lpg=PA133&dq=TPMs+off+by+default+trusted+computing+-tire&source=bl&ots=tpmK78ti0Y&sig=t-smcA518TA-q3vaKFBC5KFF5Lo&hl=en&sa=X#v=onepage&q=TPMs%20off%20by%20default%20trusted%20computing%20-tire&f=false) — Preceding unsigned comment added by 194.213.3.4 (talk) 14:19, 23 February 2016 (UTC)

Yes, it is true that you can turn off or remove the TPM just as you can turn off or remove any other computer part. But, this is a red herring.

The real problem is that it's possible to make a service or product that you can only access if you have an activated TPM. In the future, if you disable your TPM you may lose the ability to exchange documents or email with your coworkers, buy music online, or do any number of important things that require your computer to communicate with other computers. This will force you to keep your TPM enabled all the time in order to get stuff done. If you have to keep your TPM enabled all the time, then you get all the bad effects of Trusted Computing like government/commercial spying and other people controlling your computer.

The only defense is for most people to not buy or to disable their TPMs. That way, nobody will create services that only work with computers that have activated TPMs in the first place. —Preceding unsigned comment added by 75.111.42.52 (talk) 09:21, 26 November 2007 (UTC)
 * They're doing that at the ISP level; if they need to get something only on your computer, they're using back-doors in the firmware of the low-power Intel Quark / ARC4 CPU (on Intel) or the ARM core (AMD) running at higher privilege than system management mode (and required to boot the x86 processor).  If these aren't directly available, I'm sure they've got exploits in the firmware of every major network interface device.   Both of these are usually powered on even if the computer isn't.     Basically the TPM has nothing to do with this, but if you actually get them looking at *your* computer you are screwed with no recourse unless you're running a fully open source hardware platform like POWER9, an operating system with as few security issues as possible (probably a BSD, I'd avoid a GUI, no third party software).   Or just don't use the internet.   It is IS an option.   A Shortfall Of Gravitas (talk) 05:48, 13 November 2022 (UTC)


 * Not sure if you're aware, but you just responded to a fifteen year old comment. At any rate, I'm not clear in what way this is geared towards article improvement. Please see WP:NOTAFORUM. cheers. anastrophe, an editor he is. 07:58, 13 November 2022 (UTC)

Please update Richard Stallman's reaction to TPM
The final thought in the reception section is no longer accurate. I had to check citation 63 because I was surprised to read that. Indeed, he did state that TPM is harmless in 2015. But then an update in 2022 states, "As of 2022, the TPM2, a new 'Trusted Platform Module', really does support remote attestation and DRM. The threat I warned about in 2002 has become terrifyingly real." 135.245.48.87 (talk) 11:15, 3 May 2023 (UTC)

"Versatile" or "Volatile" Memory ?
In the image at the top labeled "Components of a Trusted Platform Module", shouldn't "Versatile Memory" be "Volatile Memory", the latter being contradistinct from "Persistent Memory" just above. BMJ-pdx (talk) 15:19, 7 July 2023 (UTC)