TCG Software Stack (TSS) Specification
The TCG TPM 1.2 Main specification defines a subsystem with protected storage and protected capabilities. This subsystem is the Trusted Platform Module (TPM). Since the TPM is both a subsystem intended to provide trust and to be an inexpensive component, resources within it are restricted.
This narrowing of the resources, while making the security properties easier and cheaper to build and verify, causes the interfaces and capabilities to be cumbersome. The TCG architecture has solved this by separating the functions requiring the protected storage and capabilities from the functions that do not; putting those that do not into the platformÍs main processor and memory space where processing power and storage exceed that of the TPM. The modules and components that provide this supporting functionality comprise the TSS.
- Header File: TCG Software Stack (TSS) Specification, Version 1.2 (ZIP)
- Header File: TCG Software Stack (TSS) Specification, Version 1.2, Errata A
- Header File: TCG Software Stack (TSS) Specification, Version 1.1
TCG Software Stack Specification 1.2 FAQs
What are we announcing?
TCG is announcing the Trusted Computing Group Software Stack Specification (TSS) 1.2. Applications based on this will be able to access the many features of the Trusted Platform Module (TPM) 1.2. These features include Direct Anonymous Attestation (DAA) and the ability to run and generate a new Attestation Identity Key (AIK); locality; delegation; non-volatile storage; optimized transport protection; and time stamping.
How is this version different from the existing one?
We have added support for all the new functionality that was added into the TPM 1.2 from 1.1, while maintaining backwards compatibility for TPMs based on the 1.1 specification.
Will applications developed based on this be compatible with applications based on a previous version of the TSS?
1.1 applications will continue to run with the exception of those using the GetCapabilitySigned function, which was eliminated in TPM 1.2.
Will TSS 1.2 support only TPM 1.2? Will it support TPM 1.1?
Applications based on the TSS 1.2 using the specific features of the TPM 1.2 will only work on platforms with the TPM 1.2. Applications compiled with the TSS 1.2 but using functions of the TPM 1.1 will work on either TSS 1.1 or TSS 1.2 software stacks. Applications that were compiled with the TSS 1.1 will continue to work on either TSS 1.1 or TSS 1.2.
What is required of developers to start using the spec?
Developers need the header file, which TCG will make available in March of this year, and a 1.2 TSS DLL, which should be shipping soon from many members.
What applications are anticipated to be developed?
New applications that can be developed using TSS 1.2 include those supporting features of the TPM 1.2, such as delegation functions, DAA (using group signature like structure for anonymity), time stamping, or non-volatile storage on the TPM should use this new spec.
What are some new features in the TSS 1.2?
One of these is extensions to DAA, or Direct Anonymous Attestation.
What extension to DAA have been incorporated into TSS that are not available with the TPM itself?
The original mechanism of DAA was to allow for privacy-friendly (anonymous) attestation. That is, it allows a TPM to prove that it is a certified TPM without being identified or transactions being linkable. For TSS, DAA has been extended to include arbitrary attributes in the certificates issued to the TPM. This extension allows for a fine-grained privacy-friendly attestation as well as to prove properties about the included attributes (e.g., that the date included in the certificate is still valid). Finally, in order to comply with regulations in some countries, anonymity revocation is supported: at the time a TPM proves that it is certified, a third (passive) party can be designed who will later on be able to identify the TPM in case of misuse.
What applications can be developed using DAA?
Any applications that wants to support privacy-friendly authentication. An example would be an anonymous yet restricted web access to a newspaper or patent database.
When will we see these new applications?
Some members have started shipping applications based on preliminary specifications. NTRU and Infineon support the TSS 1.2 with its products. It is expected that all new applications will take advantage of the additional functionality provided in the specification, especially as many of these have been added based on demands from the market.
Are there any tools or other requirements to start using the new TSS? If so, who is providing and when are the necessary tools available?
TCG is making available a header file for developers, which will be available in March 2006 via the TCG website, https://trustedcomputinggroup.org/developers/software_stack.