Content deleted Content added
improve the lead |
cleanup, restructure |
||
Line 30:
* Part 3 Commands
* Part 4 Supporting Routines (added in TPM 2.0)
While TPM 2.0 addresses many of the same use cases and has similar features, the details are different. TPM 2.0 is not backward compatible with TPM 1.2.<ref>{{Citation |
{| class="wikitable"▼
|-▼
! Specification !! TPM 1.2 !! TPM 2.0▼
|-▼
| Architecture▼
| A complete specification is intended to consist of a platform-specific protection profile which references a common three part TPM 1.2 library.<ref name="TPM_Main_Specs" /> In practice, only a PC Client protection profile was created for TPM 1.2. Protection profiles for [[Personal digital assistant|PDA]] and [[Mobile phone|cellular]] were intended to be defined,<ref name="TPM_Main_Specs" /> but were never published.▼
| A complete specification consists of a platform-specific specification which references a common four-part TPM 2.0 library.<ref name="TPM2.0Book">{{Cite book
|-▼
| Algorithms ▼
| [[SHA-1]] and [[RSA (algorithm)|RSA]] are required.<ref name="TPM1.2Rev116Part2">{{Cite web |url=http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-2-TPM-Structures_v1.2_rev116_01032011.pdf |
| The PC Client Platform TPM Profile (PTP) Specification requires [[SHA-1]] and [[SHA-256]] for hashes; [[RSA (algorithm)|RSA]], [[Elliptic curve cryptography|ECC]] using the [[National Institute of Standards and Technology|NIST]] P-256 curve for [[public-key cryptography]] and asymmetric [[digital signature]] generation and verification; [[HMAC]] for symmetric digital signature generation and verification; 128-bit [[Advanced Encryption Standard|AES]] for [[symmetric-key algorithm]]; and the MGF1 hash-based mask generation function that is defined in [[PKCS 1|PKCS#1]] are required by the TCG PC Client Platform TPM Profile (PTP) Specification.<ref name="PCClient">{{Cite web |
|-▼
| Crypto Primitives ▼
| A [[Random number generation|random number generator]], a [[Public-key cryptography|public-key cryptographic algorithm]], a [[cryptographic hash function]], a mask generation function, [[digital signature]] generation and verification, and [[Direct Anonymous Attestation]] are required.<ref name="TPM1.2Rev116Part2"/> [[Symmetric-key algorithm]]s and [[exclusive or]] are optional.<ref name="TPM1.2Rev116Part2"/> [[Key generation]] is also required.<ref>{{Cite web |url=http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-1-Design-Principles_v1.2_rev116_01032011.pdf |
| A [[Random number generation|random number generator]], [[Public-key cryptography|public-key cryptographic algorithms]], [[cryptographic hash function]]s, [[symmetric-key algorithm]]s, [[digital signature]] generation and verification, mask generation functions, and [[exclusive or]] are required by the TCG PC Client Platform TPM Profile (PTP) Specification.<ref name="PCClient"/> [[Elliptic curve cryptography|ECC]]-based [[Direct Anonymous Attestation]] using the Barreto–Naehrig 256-bit curve is optional for the TCG PC Client Platform TPM Profile (PTP) Specification.<ref name="PCClient"/> The TPM 2.0 common library specification also requires [[key generation]] and [[key derivation function]]s.<ref>{{Cite web |url=https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.16.pdf |
|-▼
| Hierarchy ▼
| One (storage) ▼
| Three (platform, storage and endorsement)▼
|-▼
| Root keys ▼
| One (SRK RSA-2048) ▼
| Multiple keys and algorithms per hierarchy▼
|-▼
| Authorization ▼
| [[Hash-based message authentication code|HMAC]], PCR, locality, physical presence▼
| Password, [[Hash-based message authentication code|HMAC]], and policy (which covers HMAC, PCR, locality, and physical presence).▼
|-▼
| NVRAM▼
| Unstructured data▼
| Unstructured data, counter, bitmap, extend, PIN pass and fail▼
|}▼
The TPM 2.0 policy authorization includes the 1.2 HMAC, locality, physical presence, and PCR. It adds authorization based on an asymmetric digital signature, indirection to another authorization secret, counters and time limits, NVRAM values, a particular command or command parameters, and physical presence. It permits the ANDing and ORing of these authorization primitives to construct complex authorization policies.<ref>{{Citation |url=http://www.trustedcomputinggroup.org/files/static_page_files/C213752B-1A4B-B294-D053D90DF2AB69C5/TPM%20Rev%202.0%20Part%203%20-%20Commands%2001.07-2014-03-13-code.pdf
== Overview ==
Line 73 ⟶ 111:
The [[United States Department of Defense]] (DoD) specifies that "new computer assets (e.g., server, desktop, laptop, thin client, tablet, smartphone, personal digital assistant, mobile phone) procured to support DoD will include a TPM version 1.2 or higher where required by [[Defense Information Systems Agency]] (DISA) [[Security Technical Implementation Guide]]s (STIGs) and where such technology is available." The DoD anticipates that TPM is to be used for device identification, authentication, encryption, and device integrity verification.<ref>{{cite book |title=Instruction 8500.01 |date=14 March 2014 | publisher=US Department of Defense | page=43 }}</ref>
==
[[File:TPM Asus.jpg|thumb|right|Trusted Platform Module installed on a mainboard]]
{{Infobox software
Line 99 ⟶ 137:
The [[Trusted Computing Group]] (TCG) has certified TPM chips manufactured by [[Infineon Technologies]], [[Nuvoton]], and [[STMicroelectronics]],<ref>{{Cite web | url = https://www.trustedcomputinggroup.org/membership/certification/tpm-certified-products/ | title = TPM Certified Products List | publisher = Trusted Computing Group | access-date = October 1, 2016 | archive-date = October 14, 2016 | archive-url = https://web.archive.org/web/20161014153730/http://www.trustedcomputinggroup.org/membership/certification/tpm-certified-products/ | url-status = live }}</ref> having assigned TPM vendor [[Identity document|ID]]s to [[Advanced Micro Devices]], [[Atmel]], [[Broadcom]], [[IBM]], Infineon, [[Intel]], [[Lenovo]], [[National Semiconductor]], Nationz Technologies, Nuvoton, [[Qualcomm]], [[Rockchip]], [[Microchip Technology|Standard Microsystems Corporation]], STMicroelectronics, [[Samsung]], Sinosun, [[Texas Instruments]], and [[Winbond]].<ref>{{Cite web | url = https://www.trustedcomputinggroup.org/wp-content/uploads/Vendor_ID_Registry_0-8_clean.pdf | title = TCG Vendor ID Registry | date = 23 September 2015 | access-date = 27 October 2016 | archive-date = 28 October 2016 | archive-url = https://web.archive.org/web/20161028083456/https://www.trustedcomputinggroup.org/wp-content/uploads/Vendor_ID_Registry_0-8_clean.pdf | url-status = live }}</ref>
=== TPM 2.0
There are five different types of TPM 2.0 implementations (listed in order from most to least secure):<ref name="TPMRecs">{{Cite web |url=https://docs.microsoft.com/en-us/windows/device-security/tpm/tpm-recommendations |title=TPM Recommendations |last1=Lich |first1=Brian |last2=Browers |first2=Nick |date=27 October 2017 |website=Microsoft Docs |publisher=[[Microsoft]] |last3=Hall |first3=Justin |last4=McIlhargey |first4=Bill |last5=Farag |first5=Hany |access-date=10 January 2018 |archive-date=11 January 2018 |archive-url=https://web.archive.org/web/20180111052704/https://docs.microsoft.com/en-us/windows/device-security/tpm/tpm-recommendations |url-status=live }}</ref><ref name="TPMBrief">{{Cite web|url=https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-A-Brief-Introduction.pdf|title=Trusted Platform Module 2.0: A Brief Introduction |date=October 13, 2016 | publisher=Trusted Computing Group |access-date=March 31, 2018|archive-date=February 3, 2019 | archive-url=https://web.archive.org/web/20190203202259/https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-A-Brief-Introduction.pdf |url-status=live}}</ref>
*
*
*
*
*
=== Open source
The official TCG reference implementation of the TPM 2.0 Specification has been developed by [[Microsoft]]. It is licensed under [[BSD License]] and the [[source code]] is available on [[GitHub]].<ref>{{Cite web |url=https://github.com/Microsoft/ms-tpm-20-ref |title=GitHub - microsoft/ms-tpm-20-ref: Reference implementation of the TCG Trusted Platform Module 2.0 specification. |publisher=GitHub |access-date=April 5, 2020 |archive-date=October 27, 2020 |archive-url=https://web.archive.org/web/20201027190036/https://github.com/microsoft/ms-tpm-20-ref |url-status=live }}</ref>
Line 117 ⟶ 155:
In 2022, [[Advanced Micro Devices|AMD]] announced that under certain circumstances their fTPM implementation causes performance problems. A fix is available in form of a [[BIOS]]-Update.<ref>{{Cite web |date=2022-03-08 |title=Intermittent System Stutter Experienced with fTPM Enabled on Windows 10 and 11 |url=https://www.amd.com/en/support/kb/faq/pa-410 |access-date=2022-07-02 |publisher=AMD}}</ref><ref>{{Cite web |author1=Paul Alcorn |date=2022-03-07 |title=AMD Issues Fix and Workaround for Ryzen's fTPM Stuttering Issues |url=https://www.tomshardware.com/news/amd-issues-fix-and-workaround-for-ftpm-stuttering-issues |access-date=2022-07-02 |website=Tom's Hardware |language=en}}</ref>
▲While TPM 2.0 addresses many of the same use cases and has similar features, the details are different. TPM 2.0 is not backward compatible with TPM 1.2.<ref>{{Citation |chapter-url=https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.16.pdf |title=Trusted Platform Module Library |chapter=Part 1: Architecture |date=October 30, 2014 |access-date=October 27, 2016 |publisher=Trusted Computing Group |archive-date=October 28, 2016 |archive-url=https://web.archive.org/web/20161028083957/https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.16.pdf |url-status=live }}</ref><ref>{{Cite web|url=https://www.dell.com/support/article/en-us/sln312590/tpm-1-2-vs-2-0-features?lang=en|title=TPM 1.2 vs. 2.0 Features | Dell US}}</ref><ref>{{Cite web |url=http://aps2.toshiba-tro.de/kb0/TSB8B03XO0000R01.htm |title=TPM 1.2, 2.0 and FTPM (Firmware-based TPM) Information |access-date=August 31, 2020 |archive-date=February 6, 2020 |archive-url=https://web.archive.org/web/20200206234241/http://aps2.toshiba-tro.de/kb0/TSB8B03XO0000R01.htm |url-status=live }}</ref>
▲{| class="wikitable"
▲|-
▲! Specification !! TPM 1.2 !! TPM 2.0
▲|-
▲| Architecture
▲| A complete specification is intended to consist of a platform-specific protection profile which references a common three part TPM 1.2 library.<ref name="TPM_Main_Specs" /> In practice, only a PC Client protection profile was created for TPM 1.2. Protection profiles for [[Personal digital assistant|PDA]] and [[Mobile phone|cellular]] were intended to be defined,<ref name="TPM_Main_Specs" /> but were never published.
▲| A complete specification consists of a platform-specific specification which references a common four-part TPM 2.0 library.<ref name="TPM2.0Book">{{Cite book| first1 = Will | last1 = Arthur | first2 = David | last2 = Challener | first3 = Kenneth | last3 = Goldman | title = A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security | publisher=[[Apress]] Media, LLC | date = 2015 | location = [[New York City]] | isbn = 978-1430265832 | page = 69| doi = 10.1007/978-1-4302-6584-9 | s2cid = 27168869 }}</ref><ref name="TPM_Library_Specs" /> Platform-specific specifications define what parts of the library are mandatory, optional, or banned for that platform; and detail other requirements for that platform.<ref name="TPM2.0Book"/> Platform-specific specifications include PC Client,<ref>{{cite web|url=https://www.trustedcomputinggroup.org/pc-client-protection-profile-tpm-2-0/|title=PC Client Protection Profile for TPM 2.0 – Trusted Computing Group|website=trustedcomputinggroup.org|access-date=October 30, 2016|archive-date=October 31, 2016|archive-url=https://web.archive.org/web/20161031085440/https://www.trustedcomputinggroup.org/pc-client-protection-profile-tpm-2-0/|url-status=live}}</ref> mobile,<ref>{{cite web |url=https://www.trustedcomputinggroup.org/tpm-2-0-mobile-reference-architecture-specification/ |title=TPM 2.0 Mobile Reference Architecture Specification – Trusted Computing Group |publisher=trustedcomputinggroup.org |access-date=October 31, 2016|archive-date=November 1, 2016|archive-url=https://web.archive.org/web/20161101103322/https://www.trustedcomputinggroup.org/tpm-2-0-mobile-reference-architecture-specification/|url-status=live}}</ref> and Automotive-Thin.<ref>{{cite web |url=https://trustedcomputinggroup.org/tcg-tpm-2-0-library-profile-automotive-thin/ |website=trustedcomputinggroup.org |title=TCG TPM 2.0 Library Profile for Automotive-Thin |date=1 March 2015 |access-date=April 25, 2017 |archive-date=April 26, 2017 |archive-url=https://web.archive.org/web/20170426062330/https://trustedcomputinggroup.org/tcg-tpm-2-0-library-profile-automotive-thin/ |url-status=live }}</ref>
▲|-
▲| Algorithms
▲| [[SHA-1]] and [[RSA (algorithm)|RSA]] are required.<ref name="TPM1.2Rev116Part2">{{Cite web |url=http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-2-TPM-Structures_v1.2_rev116_01032011.pdf |title=Archived copy |access-date=October 29, 2016 |archive-date=October 30, 2016 |archive-url=https://web.archive.org/web/20161030140755/http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-2-TPM-Structures_v1.2_rev116_01032011.pdf |url-status=live }}</ref> [[Advanced Encryption Standard|AES]] is optional.<ref name="TPM1.2Rev116Part2"/> [[Triple DES]] was once an optional algorithm in earlier versions of TPM 1.2,<ref>{{Cite web |url=http://trustedcomputinggroup.org/wp-content/uploads/mainP2Struct_rev85.pdf |title=Archived copy |access-date=October 29, 2016 |archive-date=October 30, 2016 |archive-url=https://web.archive.org/web/20161030080258/http://trustedcomputinggroup.org/wp-content/uploads/mainP2Struct_rev85.pdf |url-status=live }}</ref> but has been removed from TPM 1.2 version 103.<ref>{{Cite web |url=https://trustedcomputinggroup.org/wp-content/uploads/mainP1DPrev103.pdf |title=TPM Main Specification Level 2 Version 1.2, Revision 103: Part 1 Design Principles |access-date=February 16, 2024 |date=July 9, 2007}}</ref> The MGF1 hash-based mask generation function that is defined in [[PKCS 1|PKCS#1]] is required.<ref name="TPM1.2Rev116Part2"/>
▲| The PC Client Platform TPM Profile (PTP) Specification requires [[SHA-1]] and [[SHA-256]] for hashes; [[RSA (algorithm)|RSA]], [[Elliptic curve cryptography|ECC]] using the [[National Institute of Standards and Technology|NIST]] P-256 curve for [[public-key cryptography]] and asymmetric [[digital signature]] generation and verification; [[HMAC]] for symmetric digital signature generation and verification; 128-bit [[Advanced Encryption Standard|AES]] for [[symmetric-key algorithm]]; and the MGF1 hash-based mask generation function that is defined in [[PKCS 1|PKCS#1]] are required by the TCG PC Client Platform TPM Profile (PTP) Specification.<ref name="PCClient">{{Cite web |url=https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PP_1p3_for_Library_1p59_pub_29sept2021.pdf |title=TCG Protection Profile for PC Client Specific TPM 2.0 Library Revision 1.59; Version 1.3 |access-date=February 16, 2024 |date= September 29, 2021}}</ref> Many other algorithms are also defined but are optional.<ref>{{Cite web |url=https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.22.pdf |title=Archived copy |access-date=October 30, 2016 |archive-date=October 31, 2016 |archive-url=https://web.archive.org/web/20161031085411/https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.22.pdf |url-status=live }}</ref> Note that [[Triple DES]] was added into the TPM 2.0 library, but with restrictions to reject [[weak key]]s.<ref>{{Cite web |url=https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Registry_Rev_1.27_FinalPublication.pdf |title=Archived copy |access-date=January 23, 2019 |archive-date=January 23, 2019 |archive-url=https://web.archive.org/web/20190123223556/https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Registry_Rev_1.27_FinalPublication.pdf |url-status=live }}</ref> Also, elliptic cryptography [[Direct Anonymous Attestation]] (ECDAA) using Barreto-Naehrig ECC curves which was mandatory in earlier versions has been made optional in the PC Client profile version 1.59.<ref name="PCClient"/>
▲|-
▲| Crypto Primitives
▲| A [[Random number generation|random number generator]], a [[Public-key cryptography|public-key cryptographic algorithm]], a [[cryptographic hash function]], a mask generation function, [[digital signature]] generation and verification, and [[Direct Anonymous Attestation]] are required.<ref name="TPM1.2Rev116Part2"/> [[Symmetric-key algorithm]]s and [[exclusive or]] are optional.<ref name="TPM1.2Rev116Part2"/> [[Key generation]] is also required.<ref>{{Cite web |url=http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-1-Design-Principles_v1.2_rev116_01032011.pdf |title=Archived copy |access-date=October 30, 2016 |archive-date=October 31, 2016 |archive-url=https://web.archive.org/web/20161031085415/http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-1-Design-Principles_v1.2_rev116_01032011.pdf |url-status=live }}</ref>
▲| A [[Random number generation|random number generator]], [[Public-key cryptography|public-key cryptographic algorithms]], [[cryptographic hash function]]s, [[symmetric-key algorithm]]s, [[digital signature]] generation and verification, mask generation functions, and [[exclusive or]] are required by the TCG PC Client Platform TPM Profile (PTP) Specification.<ref name="PCClient"/> [[Elliptic curve cryptography|ECC]]-based [[Direct Anonymous Attestation]] using the Barreto–Naehrig 256-bit curve is optional for the TCG PC Client Platform TPM Profile (PTP) Specification.<ref name="PCClient"/> The TPM 2.0 common library specification also requires [[key generation]] and [[key derivation function]]s.<ref>{{Cite web |url=https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.16.pdf |title=Archived copy |access-date=October 27, 2016 |archive-date=October 28, 2016 |archive-url=https://web.archive.org/web/20161028083957/https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.16.pdf |url-status=live }}</ref>
▲|-
▲| Hierarchy
▲| One (storage)
▲| Three (platform, storage and endorsement)
▲|-
▲| Root keys
▲| One (SRK RSA-2048)
▲| Multiple keys and algorithms per hierarchy
▲|-
▲| Authorization
▲| [[Hash-based message authentication code|HMAC]], PCR, locality, physical presence
▲| Password, [[Hash-based message authentication code|HMAC]], and policy (which covers HMAC, PCR, locality, and physical presence).
▲|-
▲| NVRAM
▲| Unstructured data
▲| Unstructured data, counter, bitmap, extend, PIN pass and fail
▲|}
▲The TPM 2.0 policy authorization includes the 1.2 HMAC, locality, physical presence, and PCR. It adds authorization based on an asymmetric digital signature, indirection to another authorization secret, counters and time limits, NVRAM values, a particular command or command parameters, and physical presence. It permits the ANDing and ORing of these authorization primitives to construct complex authorization policies.<ref>{{Citation |url=http://www.trustedcomputinggroup.org/files/static_page_files/C213752B-1A4B-B294-D053D90DF2AB69C5/TPM%20Rev%202.0%20Part%203%20-%20Commands%2001.07-2014-03-13-code.pdf |title=Trusted Platform Module Library; Part 3: Commands |section=Section 23: Enhanced Authorization (EA) Commands |date=March 13, 2014 |access-date=September 2, 2014 |publisher=Trusted Computing Group |archive-date=September 3, 2014 |archive-url=https://web.archive.org/web/20140903132917/http://www.trustedcomputinggroup.org/files/static_page_files/C213752B-1A4B-B294-D053D90DF2AB69C5/TPM%20Rev%202.0%20Part%203%20-%20Commands%2001.07-2014-03-13-code.pdf |url-status=live }}</ref>
== Reception ==
Line 165:
In August 2023, Linus Torvalds, who was frustrated with AMD fTPM's stuttering bugs opined, "Let's just disable the stupid fTPM <code>hwrnd</code> thing." He said the CPU-based random number generation, <code>rdrand </code> was equally suitable, despite having its share of bugs. Writing for Neowin, Sayan Sen quoted Torvalds' bitter comments and called him "a man with a strong opinion."<ref>{{Cite web |last=Sen |first=Sayan |date=2024-10-23 |title=Linus Torvalds seems frustrated with AMD Ryzen fTPM bugs and issues, suggests disabling |url=https://www.neowin.net/news/linus-torvalds-seems-frustrated-with-amd-ryzen-ftpm-bugs-and-issues-suggests-disabling/ |access-date=2024-10-23 |website=Neowin}}</ref>
==
In 2010 [[Christopher Tarnovsky]] presented an attack against TPMs at [[Black Hat Briefings]], where he claimed to be able to extract secrets from a single TPM. He was able to do this after 6 months of work by inserting a probe and spying on an [[Bus (computing)|internal bus]] for the Infineon SLE 66 CL PC.<ref>{{Cite web|url=https://www.networkworld.com/news/2010/020210-black-hat-processor-security.html|title=Black Hat: Researcher claims hack of processor used to secure Xbox 360, other products|date=January 30, 2012|access-date=August 10, 2017|url-status=bot: unknown|archive-url=https://web.archive.org/web/20120130095246/https://www.networkworld.com/news/2010/020210-black-hat-processor-security.html|archive-date=January 30, 2012}}</ref><ref>{{Cite web|url=https://hackaday.com/2010/02/09/tpm-crytography-cracked/|title=TPM crytography cracked|last=Szczys|first=Mike|date=February 9, 2010|website=HACKADAY|archive-url=https://web.archive.org/web/20100212050338/https://hackaday.com/2010/02/09/tpm-crytography-cracked/|archive-date=February 12, 2010}}</ref>
Line 200:
Currently, a TPM is provided by nearly all PC and notebook manufacturers in their products.
* [[Infineon]] provides both TPM chips and TPM software, which are delivered as [[Original equipment manufacturer|OEM]] versions with new computers as well as separately by Infineon for products with TPM technology which comply with TCG standards. For example, Infineon licensed TPM management software to Broadcom Corp. in 2004.<ref>{{cite web|url=https://www.heise.de/newsticker/meldung/Trusted-Platform-Module-TPM-im-LAN-Adapter-143777.html|title=Trusted Platform Module (TPM) im LAN-Adapter|date=March 12, 2005 |publisher=Heise Online|access-date=January 7, 2019|archive-date=January 7, 2019|archive-url=https://web.archive.org/web/20190107232935/https://www.heise.de/newsticker/meldung/Trusted-Platform-Module-TPM-im-LAN-Adapter-143777.html|url-status=live}}</ref>
Line 263 ⟶ 261:
* [[STMicroelectronics|ST Micro]]<ref>{{citation| title = ST Micro EK GlobalSign Certificate | url=https://secure.globalsign.com/cacert/gstpmroot.crt}}</ref><ref>{{citation| title = ST Micro EK Root Certificate | url=https://secure.globalsign.com/cacert/stmtpmekroot.crt}}</ref><ref>{{citation| title = ST Micro EK Intermediate Certificate | url=https://secure.globalsign.com/cacert/stmtpmekint01.crt}}</ref><ref>{{citation| title = ST Micro EK Intermediate Certificate | url=https://secure.globalsign.com/cacert/stmtpmekint02.crt}}</ref><ref>{{citation| title = ST Micro EK Intermediate Certificate | url=https://secure.globalsign.com/cacert/stmtpmekint03.crt}}</ref><ref>{{citation| title = ST Micro EK Intermediate Certificate | url=https://secure.globalsign.com/cacert/stmtpmekint04.crt}}</ref><ref>{{citation| title = ST Micro EK Intermediate Certificate | url=https://secure.globalsign.com/cacert/stmtpmekint05.crt}}</ref><ref>{{citation| title = ST Micro EK GlobalSign ECC Certificate | url=https://secure.globalsign.com/cacert/tpmeccroot.crt}}</ref><ref>{{citation| title = ST Micro EK ECC Root Certificate | url=https://secure.globalsign.com/stmtpmeccroot01.crt}}</ref><ref>{{citation| title = ST Micro EK ECC Intermediate Certificate | url=https://secure.globalsign.com/stmtpmeccint01.crt}}</ref>
==
To utilize a TPM, the user needs a software library that communicates with the TPM and provides a friendlier API than the raw TPM communication. Currently, there are several such open-source TPM 2.0 libraries. Some of them also support TPM 1.2, but mostly TPM 1.2 chips are now deprecated and modern development is focused on TPM 2.0.
| |||