Thanks to work by Intel and Microsoft, TPMs are ubiquitous in today’s hardware, from tablets all the way to servers, meaning that if you want to make use of them in the cloud, it’s likely you don’t have to buy anything else because they’re already present. TPMs can perform four essential functions: secure measurement and logging, secure signing, encryption, and private key escrow, data sealing, and attestation. (TPMs can be divided into two classes: the modern 2.0 incarnation required by Microsoft and used in the Surface and newer systems and the older (and much more common) 1.2. This talk will stick to 1.2.)
Most people have heard (at length) about measurement and all its problems. Here, James Bottomley explains how secure signing can be made to function where an external key is irretrievably (so that neither hackers nor the cloud service provider can get it) placed into a TPM and used to perform a variety of RSA authentication operations. The useful target for this is VPN, but there are a variety of other authentication systems for which this can be made to work.
James demonstrates how an existing RSA key can be wrapped for secure transmission to the TPM and then used via the OpenSSL engine functions, how an agreed PCR timer can make this key expire after an agreed interval, why it cannot ever be retrieved, and how the trust model actually works. And for the paranoid who don’t trust their own cloud provider, James covers how the TPM attestation functions can be used to verify exactly that you weren’t tricked into wrapping the key for a software-based TPM, which could allow the trickster to steal your private key. James then explains how sequestered trust models like the TPM can be used in the industry to enhance cloud security even in an apparently insecure environment.
James Bottomley is a distinguished engineer at IBM Research, where he works on cloud and container technology. James is also Linux kernel maintainer of the SCSI subsystem. He has served as a director on the board of the Linux Foundation and chair of its Technical Advisory Board. Previously, he was CTO of server virtualization at Parallels (later Odin); was a distinguished engineer at Novell’s SUSE Labs; helped found SteelEye Technology, a high-availability company for Linux and Windows, where he was vice president and CTO; and worked on distributed lock manager technology for clustering at AT&T Bell labs. James holds undergraduate and doctoral degrees from the University of Cambridge.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org