Image of RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302) (Certification Press)
Image of Advanced Programming in the UNIX Environment, Second Edition (Addison-Wesley Professional Computing Series)
Image of Android Wireless Application Development
Image of XSLT 2.0 and XPath 2.0 Programmer's Reference (Programmer to Programmer)

Examining TPM2 ACPI Table

The Advanced Configuration and Power Interface (ACPI) specification was developed to establish industry common interfaces enabling robust operating system directed motherboard device configuration and power management of both devices and entire platforms. This specification has gone from strength to strength over the years and is now maintained by the UEFI Forum. The current version is 6.1. Over the years, the Trusted Computing Group (TCG) has developed various specifications defining an ACPI table and basic methods for use on a TCG compliant platform. The goal is that the ACPI table and ACPI namespace objects provide sufficient information to an operating system

Accessing TPM Functionality From UEFI Shell - Part 1

A Trusted Platform Module (TPM) is, traditionally, a hardware device (chip) designed to enable commodity computing platforms (think laptop or personal computer) to achieve greater levels of security than non-TPM equipped platform. There are over 600 million installed TPMs, mostly in high-end laptops made by Lenovo, HP, Dell, Toshiba and others. TPMs are manufactured by many chip producers including Atmel, STMicroelectronics and Toshiba. Via it’s Trusted Execution Technology (TXT), Intel now incorporates TPM functionality in many of its current processors. TPM technology is specified by the Trusted Computing Group (TCG), an industry consortium that includes Intel, Microsoft, AMD, IBM, HP,

UEFI Shell Utility to Display TPM 1.2 Event Log

The TCG Trusted Platform Module (TPM) 1.2 library specification provides a mechanism for accessing TPM event log details. This post describes a simple UEFI shell utility which can be used to display the TPM event logs. It uses the TrEE protocol which I described in an earlier post this year and so will only work with a TPM which supports the TrEE protocol. The Intel PTT is one such TPM. Here is the source code for the utility: // // Copyright (c) 2015 Finnbarr P. Murphy. All rights reserved. // // Display all the TCG TrEE log entries // //

UEFI Shell Utility to Display TPM TrEE Capabilities

With the drive towards hardening platform firmware, for example Microsoft’s Secure Boot initiative, I have decided to explore what forensic artifacts concerning TCG Trusted Platform Module (TPM) can be retrieved from the UEFI shell command line. The EFI Trusted Execution Environment (TrEE) protocol implements a subset of the TPM 2.0 library specification. Microsoft pushed the TrEE protocol due to the delay in finalizing the TCG EFI Protocol Specification Family “2.0”. As of the date of this post, this TCG specification is currently at the public review stage. This post provides the source code for a small UEFI shell utility that