Reputation: 1736
TPM 2.0: Avoiding key (re-)generation overhead on every use
I'm developing an application that needs to generate an RSA key in the TPM to be used for sign operations. The public part is registered towards a backend once, and the private part is then be used repeatedly for authentication. This use will be across machine shutdown/restart cycles. At the root of my hierarchy I have an SRK-key (i.e. based on such template) generated using CreatePrimary(). I know I can regenerate this key for subsequent sessions (by saving the random input in the program's data). The program's actual signing key can also be saved in encrypted form and then loaded using the Load function once the SRK-key has been regenerated.
So functionally everything works, but I would like to avoid the key regeneration overhead. What are my options here?
1) As far as I can read (but please correct if I'm wrong) a ContextSave will not survive a power cycle (documentation says it resets across Power Reset). Please confirm if ContextSave can be used or not.
2) there's a function called EvictControl which does the job. But it involves NV memory which is limited (so if an application "forgets" such a returned handle, the memory can never be released, without resetting the whole TPM) and will wear the TPM (only on initial enrollment). Is this suitable?
3) Perhaps there's a third option I haven't found? Is there a "default" SRK that can be used so I don't have to (re-)generate one for instance?
If nothing else works I plan to use this function but I was wondering if there's a different option. I don't understand why there's not an ExportPrimary()/ImportPrimary() or such that could export a primary that could be imported later, without touching NV storage. The export would be done under a key stored inside the TPM in NV storage (only regenerated on TPM clear etc) and thereby have same security level as EvictControl but without taking up NV-storage per generated key.
Upvotes: 0
Views: 811
Answers (1)
Reputation: 11010
From my reading of the question, it seems like you are re-generating the SRK on each power-up. You are really not supposed to do that, the SRK is supposed to be a persistent key, see https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf.
As to how to make it persistent, it seems like you already know how to do that, just use EvictControl.
Upvotes: 0
Related Questions
- Get a persistant string in and out of the TPM2 module
- Is it possible to bind a TPM key to a specific application
- Proper export of TPM 2.0 key handle (in TSS.MSR .NET)
- CryptoNextGeneration : Storing a key in the TPM
- Controlling TPM with C#
- How Store key in TPM 1.2
- How to load and use a persistent symmetric key in the TPM?
- How to ensure that keys are created inside TPM?
- Relation between TPM Command Reference and TSS
- TPM key store unlock in embedded system