Provisioning generally has two goals: setting up the necessary initial configuration and establishing trust in the TPM. TPMs today do not come ready to use. Every TPM, whatever the version, needs to have some initial values provisioned before the TPM can generate and use keys; without keys, none of the TPM's features work. What the initial values are varies from version to version. Provisioning can in some cases also determine who has permission to use certain TPM functionality.

Chapter Contents:

• 5.1 Provisioning: what it means, and why it matters
• 5.2 Basic steps of 1.2 TPM provisioning
• 5.2.1 Setting up a 1.2 TPM
• 5.2.1.1 Turning on the 1.2 TPM
• 5.2.1.2 Testing to see if your 1.2 TPM is really on
• 5.2.1.3 Creating an EK
• 5.2.1.4 Taking ownership
• 5.2.2 Establishing trust in a 1.2 TPM
• 5.2.2.1 Establishing trust: high-and low-security approaches
• 5.2.2.2 Trust beyond the EK: provisioning identities and other keys
• 5.3 2.0 TPM provisioning and hierarchies
• 5.3.1 Changing hierarchy authorizations
• 5.3.2 Changing the hierarchy seeds
• 5.3.3 Creating primary keys and objects
• 5.4 Multiversion TPMs
• 5.5 TPM provisioning user stories
• 5.5.1 User stories: turning the TPM on
• 5.5.2 User stories: establishing trust in the TPM
• 5.5.3 User stories: taking ownership
• 5.6 Remote verification of TPM keys
• 5.6.1 Certification: 1.2 TPM keys and PKI
• 5.6.2 Certification: the homegrown approach
• 5.7 Provisioning-time key certification user stories

Inspec keywords: trusted computing; cryptography

Other keywords: the; TPM functionality; TPM provisioning; trust establishment; key generation

Subjects: Data security