- Introduction
- Library Architecture
- Tpm BigNum Library
- Tpm Crypto Libraries
- Tpm Math Library
- Tpm Platform API
A TPM Implementation consists of several layers, not all provided by the TPM Reference Library. From the perspective of an outside caller into the TPM, the layers are:
The outermost, external layer. This can implement any of the signaling protocols described in various platform specs, or be entirely custom. Some examples of the protocol layer are implementations of the Serial Peripheral Interface (SPI) interconnect and Command Response Buffer definition from [8]. Other platform-specific TPM specifications such as mobile or automotive scenarios will define this layer.
All code in this repository relating to the Protocol Layer is INFORMATIVE.
All protocol layers pass TPM commands into the Core Library via the
ExecuteCommand API. Protocol layers MAY also manipulate limited TPM state
via other Platform API functions as defined in the Platform
Layer headers.
In this repository, the TPMCmd/Simulator folder provides a Protocol Layer
designed for test and development. The Samples folder demonstrates other
possible implementations of the Protocol Layer. The Samples folder has been
contributed over time by various sources and should be considered illustrative
only. In particular, it is not regularly built and may not even compile at any
particular time.
This Core layer contains the bulk of the code that implements a TPM. All of
the command parsing, data marshalling, access checks, and other primary
functionality is in this layer. The behavior (vis-a-vis the implementation)
of the Core layer of the Reference code contained in this repository is
NORMATIVE for the TPM Specification.
The Core layer consumes cryptographic services from three
implementation-defined crypto libraries. These libraries are specified by
build flags as described in TPM Crypto Libraries.
The reference code supports OpenSSL as a placeholder library, with the intention that an implementor can replace this functionality by providing an implementation of the appropriate interface.
The Platform library provides services to both the Core Layer as well as the
Protocol layer. Generally speaking, the platform layer provides operating
system services such as obtaining entropy, storing persistent (non-volatile)
data, etc.
In some implementations the Platform layer is also the communication mechanism for the Protocol Layer to signal state to the Core Library. For example, when implementing Locality, the Core layer will query the active Locality via the Platform layer, not directly from the Protocol Layer, even though it is frequently the protocol layer that is in control of locality.
The Core library requires the Platform library provide the interface defined by
tpm_to_platform_interface.h.
The Protocol and Platform Libraries are allowed to call the Core library on the
functions defined in platform_to_tpm_interface.h. The Core library is not
re-entrant or multithread safe.
See Tpm Platform API for more info.
