Design and Implementation of Portable TPM Device Driver Based on Extensible Firmware Interface

摘要

The goal of trusted computing proposed by TCG is to enhance the security of platform by the way of integrity measurement. TPM is a tamper-resistant hardware module designed to provide robust security capabilities like remote attestation and sealed storage for the trusted platform. But TPM has its limitation. It can't be directly used in common PC current in use. A portable TPM device is proposed and designed in our lab in this context. The portable TPM is a device which capabilities combined with the mass storage feature of USB stick and smart card. How to build the chain of trust using TPM based on legacy BIOS is a focus in the past several years. Extensible Firmware Interface (abbreviated as EFI) is intended as a significantly improved replacement of the old legacy BIOS. How to build the chain of trust using portable TPM based on EFI is what we focus on. Among which, the driver for the portable TPM device is a key part. It is a basement for the TPM Software Stack and secure application. This objective is to design and implement the driver of portable TPM based on EFI to provide root of trust for trusted platform.