diff options
| author | andybons <andybons@chromium.org> | 2015-08-24 14:37:09 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-08-24 21:39:36 +0000 |
| commit | 3322f7611ba1444e553b2cce4de3a1a32ad46e72 (patch) | |
| tree | dfb6bbea413da0581b8d085b184a5e6ceea5af3e /docs/tpm_quick_ref.md | |
| parent | 5d58c9eb2baa203be1b84ac88cde82c59d72f143 (diff) | |
| download | chromium_src-3322f7611ba1444e553b2cce4de3a1a32ad46e72.zip chromium_src-3322f7611ba1444e553b2cce4de3a1a32ad46e72.tar.gz chromium_src-3322f7611ba1444e553b2cce4de3a1a32ad46e72.tar.bz2 | |
Per https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/irLAQ8f8uGk
Initial migration of wiki content over to src/docs
There will be a follow-up CL to ensure docs are following chromium’s style guide, links are fixed, etc. The file auditing was becoming too much for a single change and per Nico’s suggestion, it seems to be better to do
+ Bulk import with initial prune.
+ Follow-up CLs to clean up the documentation.
So that each CL has its own purpose.
BUG=none
Review URL: https://codereview.chromium.org/1309473002
Cr-Commit-Position: refs/heads/master@{#345186}
Diffstat (limited to 'docs/tpm_quick_ref.md')
| -rw-r--r-- | docs/tpm_quick_ref.md | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/docs/tpm_quick_ref.md b/docs/tpm_quick_ref.md new file mode 100644 index 0000000..4aa0bbf --- /dev/null +++ b/docs/tpm_quick_ref.md @@ -0,0 +1,32 @@ +# Introduction + +This page is meant to help keep track of [TPM](Glossary.md) use across the system. It may not be up-to-date at any given point, but it's a wiki so you know what to do. + +# Details + + * TPM ownership management: +> > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob;f=README.tpm + + * TPM\_Clear is done (as in vboot\_reference) but in the firmware code itself on switch between dev and verified modes and in recovery. (TODO: link code) + + * TPM owner password clearing (triggered at sign-in by chrome): +> > http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/browser/chromeos/login/login_utils.cc;h=9c4564e074c650bd91c27243c589d603740793bb;hb=HEAD#l861 + + * PCR extend (no active use elsewhere): +> > http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_reference.git;a=blob;f=firmware/lib/tpm_bootmode.c + + * NVRAM use for OS rollback attack protection: +> > http://git.chromium.org/gitweb/?p=chromiumos/platform/vboot_reference.git;a=blob;f=firmware/lib/rollback_index.c + + * Tamper evident storage: +> > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob;f=README.lockbox + + * Tamper-evident storage for avoiding runtime device management mode changes: +> > http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=blob;f=chrome/browser/chromeos/login/enrollment/enterprise_enrollment_screen.cc + + * User key/passphrase and cached data protection: +> > http://git.chromium.org/gitweb/?p=chromiumos/platform/cryptohome.git;a=blob;f=README.homedirs + + * A TPM in a Chrome device has an EK certificate that is signed by an intermediate certificate authority that is dedicated to the specific TPMs allocated for use in Chrome devices. OS-level self-validation of the platform TPM should be viable with this or chaining any other trust expectations. + + * TPM is used for per-user certificate storage (NSS+PKCS#11) using opencryptoki but soon to be replaced by chaps. Update links here when chaps stabilizes (Each user's pkcs#11 key store is kept in their homedir to ensure it is tied to the local user account) This functionality includes VPN and 802.1x-related keypairs.
\ No newline at end of file |