Trusted Computing Platforms: TCPA Technology in Context

Auditing the TPM

The TPM and TSS need to be able to report a log of events that occur at the TPM. The log uses the same paradigm as the PCRs, in that the TPM keeps a PCR value that is extended with each log event (see Chapter 6 for the notion of “extending” a PCR), and the TSS maintains the log entries for challengers to review.

The TPM owner can define which functions generate an audit event, and change which functions generate the event at any time.

TPM_SetOrdinalAuditStatus

This capability is used to instruct the TPM to audit, or not to audit, a particular command. It requires TPM owner authorization, and it must be passed the command ordinal of the TPM command whose audit status is required. The command causes a TPM first to verify the owner ...

Get Trusted Computing Platforms: TCPA Technology in Context now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Trusted Computing Platforms: TCPA Technology in Context by Siani Pearson, Boris Balacheff, Liqun Chen, David Plaquin, Graeme Proudler

Auditing the TPM

TPM_SetOrdinalAuditStatus

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly