Skip to main content

Intermediate Trusted Platform Module (TPM) usage


OpenSecurityTraining2

About This Course

Trusted Platform Modules (TPM) are the most popular hardware security modules (HSM), widely adopted in laptops, network equipment and embedded systems. This course builds upon TC1101 and expands our skillset with usage of TPM-based machine identity, system integrity (attestation) and deep dive into the Endorsement Hierarchy. A special lecture in the course is dedicated to the unique TPM extended authorization and TPM 2.0 policy commands, with a focus on PCR Policy.

Here are some of the skills that this course can provide:

  • Introduction to the Enhanced System API (ESAPI) and the tpm2-tss
  • The Endorsement Hierarchy and the Endorsement Key
  • Machine identity and TPM based identification
  • What are Platform Configuration Registers (PCRs)
  • What is attestation and how to use TPM2 Quote
  • TPM Policy and extended authorization

This class should take students 10h on average to complete.

Requirements

We use docker as a lab environment, therefore you must be comfortable with the command line. TC1101 *or* prior knowledge of TPM fundamentals and TPM essential functionality is required. Some knowledge of cryptopgrahy and security terminology is needed.

Course Staff

Dimi Tomov

Dimi Tomov

Dimi founded TPM.dev in 2019, the largest developers' community about hardware security.

Dimi is from Sofia, the capital of Bulgaria (EU 2007, NATO 2004). He has a BS in automation and control systems from the Technical University of Sofia (TU-Sofia). But Dimi's engineering work dates from before the university. He created industrial systems for plastic recycling plant, photovoltaic energy plant, and others.

In 2012, Dimi switched focus to the rising Internet of Things (IoT) market. He helped build a new door bell with voice-over-ip capabilities for a french company. Curious that an year later came the now famous Amazon Ring that had similar capabilities.

In 2014, Dimi was a sub-contractor for Juniper and took the task on building security solution with TPM 1.2. This was his first exposure to Trusted Computing. Information and tools for using the TPM were very hard to find. Dimi envisioned that Trusted Computing will have many applications in the future. He followed TPM 2.0 developments and visited many events to speak with people from the industry.

After failing to convince companies to help lower the knowledge barrier for Trusted Computing, Dimi founded TPM.dev on 1st of December 2019. Four years later, the community grew with over 300% every 6 months and TPM.dev has over 600 members, holds annual conference and monthly calls. It has become a place for discussions and troubleshooting of hardware security.

Between 2014 and 2019, Dimi also helped many enterprises bring new products to the market. For example, he built the fastest Hearing Aid Detection Algorithm for an ex-Siemens business unit.

Dimi rarely speaks at conferences but likes to lead discussion panels.

Frequently Asked Questions

What learning paths is this class used in?

Trusted Computing, System Security

Do the instructors teach this class in person?

Yes, contact the instructor at dimi@tpm.dev for in-person teaching inquiries.

Enroll