From RSA Conference: Demonstrating the Feasibility of High Security TPM Provisioning Processes in the Enterprise

Date Published: January, 01, 2015

Muddled and confused about how to start using the TPM? At TCG’s recent RSA session, member MITRE explained the process for strong enterprise security requirements.

From MITRE’s demo: Before TPMs can be used in an enterprise for machine identification, remote state verification (attestation), or authentication, we must establish trust in the hardware; and, in particular, in the TPM’s Endorsement Key. (We call the establishing of initial trust, along with other necessary prerequisites for enterprise use of the TPM, “provisioning”.) Although ideally these keys would be created and certified by the TPM manufacturer, this is not the case today; and in some enterprise environments, trust in the manufacturer’s key handling is not necessarily a good assumption. In these cases, the enterprise must establish its own trust in each device it owns.

The best tools for provisioning TPMs today rely on software support, either local via the operating system, or remote via scripting. In either case, this means that we are establishing trust in our hardware by trusting the software; in both cases, a standard. While these approaches are highly time-efficient in deployed environments, they create a potentially significant security hole. In this demonstration, we show a prototype approach for high security TPM provisioning, discuss its advantages and disadvantages, and show its feasibility in enterprise settings when used in combination with existing enterprise processes.

Demonstration code is available by contacting Ariel Segall, .

For more background on the TPM, please see the video course from Ariel and the team at OpenSecurity Training. It’s available here:


Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more


Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read More