NAME

       tpm_quote_tools - an overview of TPM Quote Tools

PROGRAMS

       tpm_mkuuid,  tpm_mkaik,  tpm_loadkey,  tpm_unloadkey,  tpm_getpcrhash,  tpm_updatepcrhash,
       tpm_getquote, tpm_verifyquote

DESCRIPTION

       TPM Quote Tools is a collection of programs that provide support for TPM based attestation
       using the TPM quote operation.

       A  TPM  contains  a  set of Platform Configuration Registers (PCRs).  In a well configured
       machine, some of these registers are set to known values during the boot up process or  at
       other  times.  For example, a PCR might contain the hash of a boot loader in memory before
       it is run.

       The TPM quote operation is used to authoritatively verify the contents of a TPM's Platform
       Configuration  Registers  (PCRs).  During provisioning, a composite hash of a selected set
       of PCRs is computed.  The TPM quote operation  produces  a  composite  hash  that  can  be
       compared with the one computed while provisioning.

       To  use  the  TPM  quote  operation,  keys  must  be  generated.   During provisioning, an
       Attestation Identity Key (AIK) is generated for each TPM, and the public part of  the  key
       is made available to entities that validate quotes.

       The  TPM  quote  operation  returns  signed data and a signature.  The data that is signed
       contains the PCRs selected for the operation, the composite hash for  the  selected  PCRs,
       and  a nonce provided as input, and used to prevent replay attacks.  At provisioning time,
       the data that is signed is  stored,  not  just  the  composite  hash.   The  signature  is
       discarded.

       An entity that wishes to evaluate a machine generates a nonce, and sends it along with the
       set of PCR used to generate the composite PCR hash at provisioning time.  For this use  of
       the TPM quote operation, the signed data is ignored, and the signature returned is used to
       validate the state of the TPM's PCRs.  Given the signature, the evaluating entity replaces
       the  nonce  in  the  signed  data generated at provisioning time, and checks to see if the
       signature is valid for the data.  If so, this check  ensures  the  selected  PCRs  contain
       values that match the ones measured during provisioning.

       A  typical scenario for an enterprise using these tools follows.  The tools expect AIKs to
       be referenced via one enterprise-wide Universally Unique Identifier (UUID).   The  program
       tpm_mkuuid creates one.

       For  each machine being checked, an AIK is created using tpm_mkaik.  The key blob produced
       is bound to the UUID on its machine using tpm_loadkey.  The public key associated with the
       AIK  is sent to the entities that verify quotes.  Finally, the expected PCR composite hash
       is obtained using tpm_getpcrhash.  When the expected PCR values change, a new hash can  be
       generated with tpm_updatepcrhash.

       The  program  to  obtain  a  quote,  and  thus  measure  the  current state of the PCRs is
       tpm_getquote.  The program that verifies the quote describes the same PCR  composite  hash
       as was measured initially is tpm_verifyquote.

SEE ALSO

       tpm_mkuuid(8),    tpm_mkaik(8),   tpm_loadkey(8),   tpm_unloadkey(8),   tpm_getpcrhash(8),
       tpm_updatepcrhash(8), tpm_getquote(8), tpm_verifyquote(8)

                                             Oct 2010                          TPM QUOTE TOOLS(8)