Trusted Platform Modules

The Linux Plumbers 2017 Trusted Platform Module microconference aims to provide a forum to discuss the next steps in improving TPM support under Linux, including discussion of a standardised TPM2 middleware layer and higher level APIs.

Key Attendees (tentative)

  • Matthew Garrett
  • Jerry Snitselaar (unable to attend)
  • Philip Tricca
  • George Wilson (confirmed)
  • Mimi Zohar
  • James Bottomley (confirmed)
  • David Woodhouse (confirmed)
  • Jarkko Sakkinen (confirmed)
  • Daniel Kiper (confirmed)

Key Topics for Discussion (tentative)

The following is the list of items presently considered as candidate topics for the microconf. Still very much subject to change.

  • Can we choose a default TSS layer yet
  • Progress in adding TPM to the various higher level crypto systems (openssl, openssh, gnutls etc)
  • crypto system integration: can we agree on a DER description for the TPM2.0 key file for them all to use?
  • Should TPM key integration just be pkcs11? (see this document by David Woodhouse)
  • How can we get a usable higher level API
  • What's the state of measured boot
  • EFI + Intel TXT and TPM + Xen/Linux - how to make it work (Daniel Kiper)
  • Best practices for bootloaders in handing off to the OS
  • How to get the TPM 2 event log exposed
  • TPM Performance
  • TPM 1.2 do we need an in-kernel resource manager for it?
  • TPM In Containers. Probably requires resource manager, so can share access, but what about hostile tenant unsafe commands?

Proposed Schedule (tentative)


Runner: Matthew Garrett

2017/tpms.txt · Last modified: 2017/08/29 22:14 by
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki