Back To Schedule
Thursday, October 29 • 14:40 - 15:25
Introducing TPM NV Storage with E/A Policies and TSS-FAPI - Andreas Fuchs, Fraunhofer SIT

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
The TPM contains two major features; a certain amount of NV memory and the so-called Enhanced Authorization framework. The former can be configured as simple storage, but also as monotonic counter, or bitfield. The latter can be used to implement fine-grained access policies for access TPM objects, such as NV memory. This presentation will give an introduction into these concepts and demonstrates how the features of TPM NV and E/A policies can easily be used via the TPM Software Stacks's (TSS) Feature API (FAPI). This API includes a declarative language and processing engine for TPM E/A policies which for the first time make their use very easy. In order to illustrate their usefulness, a set of example use cases and configurations, such as WriteOnceReadMany (WORM) storage (for device serial numbers) or role-based access on a per-operation level for NV storage will be presented.


Andreas Fuchs

Head of Trustworthy Platform, Fraunhofer SIT
Andreas Fuchs is a TPM and OpenSource enthusiast involved with TCG. He is a maintainer of the OpenSource TPM Software Stack (TSS) 2.0, the tpm2tss OpenSSL engine and the tpm2-totp project. Andreas Fuchs studied computer science at the Technische Universität Darmstadt and the University... Read More →

Thursday October 29, 2020 14:40 - 15:25 GMT
LSS Theater
  Linux Security Summit (LSS)