First steps: TPM keys
At the core of the TPM's functionality are its keys. All of the TPM's ability to provide authentication, attestation, and data protection services are built around its secure keys. Before you can use the TPM for the vast majority of applications, you'll need to know how to work with its keys. In this section, I'll discuss just what we mean by `secure' in more detail, and why TPM keys are both tremendously powerful and sometimes tremendously inconvenient. I'll also discuss the various types of key, how to create them, and how to use them. (I'll go into much more detail about which keys to use when, in later chapters, we discuss various use cases.) You may be thinking, `In the provisioning chapter, I just created my root/primary keys; aren't those going to be enough?' The short answer for 1.2 TPMs is: only for a very limited set of applications, mostly having to do with local data storage: the root keys are specialized in order to be maximally secure. For 2.0 TPMs, primary keys can be more flexible, but owing to the limitations of the TPM's internal space, if you're using the TPM for a variety of applications you'll almost certainly want non-primary keys as well. And regardless, you'll still need to know something about how to use TPM keys even if you just use the root or primary keys.
First steps: TPM keys, Page 1 of 2
< Previous page Next page > /docserver/preview/fulltext/books/pc/pbpc013e/PBPC013E_ch6-1.gif /docserver/preview/fulltext/books/pc/pbpc013e/PBPC013E_ch6-2.gif