#+title: Hardware Modules
#+date: 2026-06-08 Mon
#+author: W. Kosior
#+email: wkosior@agh.edu.pl

* Hardware Security Module
- key generation
- secrets store
- cryptographic operations
  - non-exportable keys
- sample uses
  - malware-resistant SSH keys
  - DNSSEC signing
  - cryptocurrency transactions
  - rng
  - TOTP/HOTP
- https://www.iana.org/dnssec/ceremonies
- API (PKCS#11 or other)

* HSM Types
- PCIe
- USB
- smart card
- virtualized/emulated
- wire protocol often proprietary, non-standard

* HSM Diversity
- firmware-based?
  - updatable?
- display?
- input device (e.g., fingerprint reader)?

* PKCS#11
- RSA Laboratories
- slot
- token
  - label, serial
- PIN

* PKCS#11, Cont.
- RSA Laboratories
- slot
- token
  - label, serial
- PIN
- mechanism (cipher + hash function + block mode)
  - capabilities
  - parameters
- object classes
  - keys
  - domain parameters
  - certs
- object attributes (class-specific)
- sessions

* SIM Cards
- K
- symmetric cryptography
  - user-operator shared secret
  - 128-bit

* Measured Boot
- Secure Boot → verify software to be booted
- Measured Boot → attest what has been booted

* Trusted Platform Module
- "Trusted" Computing Group
- aka HSM integrated with hardware
- sample uses
  - BitLocker/LUKS
  - SSH
  - GPG
  - file integrity
  - rng

* Trusted Platform Module, Cont.
- "Trusted" Computing Group
- aka HSM integrated with hardware
- sample uses
  - BitLocker/LUKS
  - SSH
  - GPG
  - file integrity
  - rng
  - eSIM

* TPM Versions
- TPM 1.0-1.2
  - SHA1, 2048-bit RSA
- TPM 2.0
  - algorithm-agnostic (in practice: SHA256, ECC, AES)
- =/sys/class/tpm/tpm0/tpm_version_major=

* Interfaces
- TCG specification
  - SAPI
  - ESAPI
  - FAPI
- tpm-tools (CLI)
  - https://tpm2-tools.readthedocs.io

* TPM Types
discrete TPM*
integrated TPM
firmware TPM
virtual TPM

* TPM Entities
- types
  - objects
    - *keys*
    - data
  - NVRAM indexes
  - Platform Configuration Registers (PCRs)
  - hierarchies
  - …
- handles (4 bytes)
- objects & NVRAM indexes can be removed

* TPM Hierarchies
- collections of entities
- defined hierarchies
  - endorsement/privacy
    - remote attestation (device state confirmation)
  - platform
    - use by motherboard manufacturer
  - storage/owner
    - most uses
  - null/ephemeral
    - entities not persisted

* PCRs
- extending (concatenate+hash)
- banks (hash algorithm)
- =tpm2_pcrlist=
- =tpm2_pcrread=

* Firmware-Extended PCRs
| 0 | "Core system firmware executable code"     | e.g., UEFI BIOS code                |
| 1 | "Core System Firmware data"                | e.g., UEFI BIOS settings            |
| 2 | "Extended or pluggable executable code"    | e.g., option ROMs                   |
| 3 | "Extended or pluggable firmware data"      |                                     |
| 4 | "Boot Manager Code and Boot Attempts"      | e.g., bootloader code               |
| 5 | "Boot Manager Configuration and Data"      | e.g., bootloader config, part table |
| 6 | "Resume from S4 and S5 Power State Events" |                                     |
| 7 | "Secure Boot State"                        | e.g., PK, KEK, db                   |

Based on: https://wiki.archlinux.org/title/Trusted_Platform_Module

* Other PCRs
| 8-16 | defined by OS         | e.g., kernel, kernel command line, initrd(s) |
|   23 | "Application support" | resettable by the OS                         |

* TPM Entity Sealing
- particular PCR values
- PCR values signed with configured key

* TPM Keys
- derivation
  - storing not needed
- endorsement key (& cert)

* TPM NVRAM
- data entities
  - size
  - attributes
  - 0x10000000-0x1fffffff
  - reading&writing
- =tpm2_nvreadpublic=
- =tpm2_nvdefine=
- =tpm2_nvwrite=
- =tpm2_nvread=
- =tpm2_nvundefine=

* TPM NVRAM Entity Locking
- =tpm2_nvwritelock=
- =tpm2_nvreadlock=

* TPM Authorization
- password (single-command sessions)
- HMAC (shared secret)
- Enhanced Authorization (policy)

* side-channel attacks
- bus snooping (passive, discrete TPM)
- MITM (active, discrete TPM)
- desolder-and-move (active, discrete TPM)
- fault injection (active)
- spectre-like? (firmware TPM)
- power analysis

* TPM Encrypted Commands / Response Buffers
- unbound, bound, salted
- first parameter only

* Application Support for TPM (2.0)
- LUKS
  - systemd-cryptenroll
- SSH
  - https://github.com/Foxboron/ssh-tpm-agent
- others
  - https://github.com/tpm2-software/tpm2-pkcs11
- PGP
  - GnuPG (since 2.3, 2021)

* "Secure" Boot for Firmware
- Intel TXT
  - using TPM to verify UEFI firmware (and more)
- one-time-programmable fuses
  - motherboard vendor's public key
  - firmware signing
  - AMD PSP
  - Intel Boot Guard

* Trusted/Treacherous Execution Environment
- remote attestation (of hardware by software vendor)
- encrypted memory regions
- application not inspectable by host OS
- IO (e.g., PCIe) not interceptible by host OS
- sample use: client-attested VM hosting
- Intel Software Guard Extensions (SGX)
  - application-level
  - deprecated on consumer PCs
- AMD Secure Encrypted Virtualization
  - encryption of guest-selected memory pages
  - also server CPUs
- Intel Trust Domain Extensions
  - shared & private VM memory
  - also server CPUs
- ARM TrustZone

* Dangers
- inability to exercise fair use rights (DRM)
  - media backup
  - software reverse engineering
- elimination of competition
- inability to audit/fix
- no software freedom :c