Manualshelf

HP-UX Trusted Computing Services A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Trusted Computing Services (TCS) Software
11121314151617181920
Figure 1-3 TPM Key Hierarchy
System Root
Key (SRK)
System Specific
Key (SK)
Roaming
Key (RK)
tpmencrypt
tpmdecrypt
Keys
tpmencrypt
tpmdecrypt
-d”Keys
tpmcreate
Keys
EVFS Keys
System P ers isten t Storag e
Ex ternal Storage
Most of the keys provided by TPM are asymmetric key pairs. An asymmetric key pair is composed
of a public key and a private key. The keys are related so that data encrypted by the public key
can be decrypted only by the private key. The public key can be openly distributed and shared;
the private key must be kept secret.
TPM Key Storage
A TPM has little internal storage area for keys. Rather than store every key in the TPM, which
would quickly fill the storage area, the TPM stores only few keys in its internal memory. All
other TPM keys are derived from or encrypted by a key in TPM internal memory. These additional
keys are stored on disk in encrypted form. A chain of protection is established to the TPM keys
stored on disk so that these keys are as secure as the keys stored on the TPM (see “Chain of
Protection” (page 17)).
TPM keys stored on disk can be stored in three areas:
System persistent storage
User persistent storage
External storage
The TCG defines two types of persistent storage: system persistent storage and user persistent
storage. System persistent storage contains data retained across system reboots. Some keys
created by TCS utilities are stored in system persistent storage. By default, TCS uses the file
/etc/opt/tcs/system.data for system persistent storage.
User persistent storage contains data stored on a per-session basis. TCS utilities do not store data
in user persistent storage. However, you can use the TSPI interface to write applications that
store and access data in user persistent storage.
TCS utilities also create and protect data stored in files or databases outside of TCS storage, or
in external storage. For example, TCS RSA key pairs are stored in user-specified files, external
to TCS storage (TCS RSA key pairs are described in “TCS RSA Key Pairs” (page 17)).
TPM Key Hierarchy 15