Physical TPM support in Secure Boot
The trusted platform module (TPM) enables remote attestation of the code stack on a running system. The chain of trust firmware records the hash of the loaded firmware and stores the records in the network of processor TPMs. The network can consist of one physical TPM per master processor on low-to-mid range platforms, or redundant TPMs through master or alternate-master processors on multi-node enterprise platforms. The chain of trust firmware also records all events appropriately in TPM event logs.
The attestation supports Trusted Computing Group (TCG) 2.0 compliant trusted boot. The TPM infrastructure supports a reference remote attestation implementation that is open-sourced by IBM®.
The host processor TPM is prepared for remote attestation in the manufacturing (MFG) industry and includes a provisioning phase and an initialization phase. TPM Provisioning is a one-time process and is performed on the field-replaceable unit (FRU) of the TPM module before assembling the system. TPM Provisioning prepares the TPM to provide the necessary security services to its full-stack users. TPM Provisioning includes setting TPM preconfiguration values, authorization values and policies, provisioning hierarchies, and installing relevant certificates and keys in the TPM nonvolatile (NV) space, to bind the certificates to the specified TPM. This process includes establishing an endorsement key and platform certificate for single-node systems, and a node certificate for multi-node systems. At this stage of processing, the system requires a certification from an IBM certificate authority.
TPM Initialization is performed by firmware once per initial program load (IPL). The TPM then transitions from a power off state (reset asserted or TPM power not applied) to an initialized state. TPM Initialization includes resetting of the Roots of Trust for Measurement, validation of TPM firmware, and preparation for accepting commands on the TPM interface. The TPM self-test (extent as defined by platform startup policy) is completed before the TPM enters a fully operational mode.