Skip to main content

OpenSecurityTraining2: TC1103 Trusted Computing 1103: Advanced Trusted Platform Module (TPM) usage

Trusted Computing 1103: Advanced Trusted Platform Module (TPM) usage


OpenSecurityTraining2
Enrollment in this course is by invitation only

About This Course

Trusted Platform Modules (TPM) are the most popular hardware security modules (HSM), widely adopted in laptops, network equipment and embedded systems. This course builds upon TC1102 and TC1101. You will craft a basic Disk Encryption solution using TPM operations and also learn how to import (load) external keys into a TPM. A special lecture in the course is dedicated to key attestation.

Here are some of the skills that this course can provide:

  • Introduction to the Feature API (FAPI) using tpm2-tss
  • Advanced TPM Policy using PolicyLocality, PolicyNV and PolicyCounterTimer
  • Full Disk Encryption (FDE) using TPM 2.0 operations
  • Importing external key pairs and loading external keys into a TPM 2.0
  • Key Attestation

This class should take students 14h on average to complete.

Requirements

We use docker as a lab environment, therefore you must be comfortable with the command line. TC1102 *or* prior knowledge of TPM fundamentals and TPM intermediate functionality is required. Some knowledge of cryptopgrahy and security terminology is needed.

Course Staff

Dimi Tomov

Dimi Tomov

Dimi founded TPM.dev in 2019, the largest developers' community about hardware security.

Dimi is from Sofia, the capital of Bulgaria (EU 2007, NATO 2004). He has a BS in automation and control systems from the Technical University of Sofia (TU-Sofia). But Dimi's engineering work dates from before the university. He created industrial systems for plastic recycling plant, photovoltaic energy plant, and others.

In 2012, Dimi switched focus to the rising Internet of Things (IoT) market. He helped build a new door bell with voice-over-ip capabilities for a french company. Curious that an year later came the now famous Amazon Ring that had similar capabilities.

In 2014, Dimi was a sub-contractor for Juniper and took the task on building security solution with TPM 1.2. This was his first exposure to Trusted Computing. Information and tools for using the TPM were very hard to find. Dimi envisioned that Trusted Computing will have many applications in the future. He followed TPM 2.0 developments and visited many events to speak with people from the industry.

After failing to convince companies to help lower the knowledge barrier for Trusted Computing, Dimi founded TPM.dev on 1st of December 2019. Five years later, the community has over 1000 members and has its own developers' conference. It has become a place for discussions and troubleshooting of hardware security.

Dimi has helped many enterprises bring new products to the market and integrate TPM 2.0 security. For example, he built the fastest Hearing Aid Detection Algorithm for an ex-Siemens business unit. Dimi also helped build the wolfTPM 2.0 Software Stack and added Parameter Encryption support, Attestation and many other TPM 2.0 capabilities. The focus of Dimi continues to be the adoption of TPM 2.0 security in more products and new systems, especially IoT Edge, Industrial and Medical.

Dimi rarely speaks at conferences but likes to lead discussion panels.

Frequently Asked Questions

What learning paths is this class used in?

Trusted Computing, System Security

Do the instructors teach this class in person?

Yes, contact the instructor at dimi@tpm.dev for in-person teaching inquiries.

  1. Course Number

    TC1103

  2. Classes Start