TREA

Trusted platform module management system and method

Follow

Information

  • Patent Application
  • 20080148387
  • Publication Number
    20080148387
  • Date Filed
    October 18, 2006
    18 years ago
  • Date Published
    June 19, 2008
    16 years ago
Information
Abstract
A trusted platform module (TPM) management system comprises a computing system having a basic input/output system (BIOS), a TPM and an operating system, the BIOS configured to, in response to detecting an unavailable state setting for the TPM, report to the operating system a lack of presence of the TPM on the computing system.
Description
BACKGROUND

The Trusted Computing Group (TCG) develops and promotes industry standard specifications for hardware-enabled trusted computing and security technologies such as a trusted platform module (TPM). A TPM enables secure storage of digital keys, certificates and passwords and is less vulnerable to software and hardware attacks. However, country-specific and/or other types of restrictions may prohibit using computing systems having TPMs disposed thereon. Although computing systems may be specially manufactured to accommodate and/or comply with such restrictions, building and tracking these specially-manufactured computing systems during the manufacturing process, and thereafter, is costly.





BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present invention and the advantages thereof, reference is now made to the following descriptions taken in connection with the accompanying drawings in which:



FIG. 1 is a diagram illustrating an embodiment of a trusted platform module management system;



FIG. 2 is a flow diagram illustrating an embodiment of a trusted platform module management method; and



FIG. 3 is a flow diagram illustrating another embodiment of a trusted platform module management method.





DETAILED DESCRIPTION OF THE DRAWINGS

The preferred embodiments of the present invention and the advantages thereof are best understood by referring to FIGS. 1-3 of the drawings, like numerals being used for like and corresponding parts of the various drawings.



FIG. 1 is a block diagram illustrating an embodiment of a trusted platform module (TPM) management system 10. In the embodiment illustrated in FIG. 1, system 10 comprises a computing system 12 having a TPM 14 disposed on a motherboard 16. Generally, TPM 14 is used to store and report the values of measurements (integrity metrics) of certain software and hardware on a platform 18 of system 12. For example, in some embodiments, TPM 14 is used to measure, store and report the integrity of a hard disk 20 and embedded firmware 22 such as basic input/output system (BIOS) 24. However, it should be understood that TPM 14 may be used to store and report the integrity of other devices and/or hardware and may be used to securely store platform information and secrets such as passwords, keys and certificates. Computing system 12 may comprise any type of computing device such as, but not limited to, a desktop computer, notebook computer, tablet computer, personal digital assistant, or any other type of device in which a TPM might be present.


In the embodiment illustrated in FIG. 1, system 12 comprises at least one operating system (OS) 30 and one or more executable applications 32. OS 30 and application(s) 32 may be stored on hard disk 20 and loaded into a memory component of computing system 12 for execution thereof. Further, motherboard 16 is configured having a central processing unit (CPU) 40 and a memory 42. In the embodiment illustrated in FIG. 1, memory comprises a utility interface 44 which comprises a set of instructions and/or interface for programming, configuring and/or otherwise controlling various features and/or settings of computing system 12. For example, in some embodiments, utility interface 44 is used in a manufacturing environment of computing system 12 and/or for an in-field update to computing system 12 by an authorized entity to configure and/or otherwise apply various settings for computing system 12. However, it should be understood that different applications, routines or methods may be used for configuring and/or otherwise controlling various operating parameters of computing system 12, and utility interface 44 may be used outside the manufacturing environment of computing system 12.


Embodiments of system 10 enable a setting to be applied or set for TPM 14 to indicate TPM 14 as either being available (e.g., able to be used and/or otherwise accessed for use thereof by OS 30 and/or various applications 32) or hidden (e.g., unavailable and/or otherwise reported to OS 30 as not being present on computing system 12 so that OS 30 and/or applications 32 cannot readily access and/or use TPM 14). In the embodiment illustrated in FIG. 1, utility interface 44 is used to interface with BIOS 24 to apply and/or otherwise apply the desired setting (i.e., either available or hidden) for TPM 14 in computing system 12. For example, if computing system 12 is destined for a country or a particular consumer without a restriction on use of TPM 14, utility interface 44 is used to interface with BIOS 24 to apply a setting for TPM 14 as being available. However, if computing system 12 is destined for a country or consumer having restrictions on using TPM 14, utility interface 44 is used to interface with BIOS 24 to apply a hidden setting to TPM 14, thereby making TPM 14 unavailable for use. Preferably, if a hidden or unavailable setting is applied to TPM 14, BIOS 24 is configured to report to OS 30 that TPM 14 does not reside or is not present on computing system 12. For example, in some embodiments, BIOS 24, using a status method of reporting in the Advanced Configuration and Power Interface (ACPI) namespace, reports to OS 30 that TPM 14 is not present on computing system 12 in response to detecting that a hidden or unavailable setting has been applied to TPM 14. Thus, even though TPM 14 physically resides on computing system 12, BIOS 24 reports to OS 30 that TPM 14 is not present on computing system 12 and, thus, OS 30 does not load any drivers associated with accessing and/or interfacing with TPM 14. Therefore, according to some embodiments, even though TPM 14 physically resides on computing system 12, applications 32 and/or OS 30 will not be able to access and/or otherwise use with TPM 14 and the features/functions of TPM 14 will be hidden from a user of computing system 12.


In operation, preferably during manufacturing or building of computing system 12 (e.g., before computing system 12 is delivered to a consumer), utility interface 44 is used to set the state of TPM 14 as being either hidden or available. In the embodiment illustrated in FIG. 1, BIOS 24 comprises a hide/available flag 50 and a status flag 52 stored in non-volatile memory thereof. Hide/available flag 50 is used to indicate a setting for TPM 14 as either being hidden or available. For example, in some embodiments, if hide/available flag 50 is set to “YES,” the setting for TPM 14 comprises a hidden or unavailable setting. Correspondingly, if hide/available flag 50 is set to “NO,” the setting for TPM 14 comprises an available setting. However, it should be understood that flag 50 may be otherwise set for indicating the availability or unavailability of TPM 14.


Status flag 52 is used to indicate whether a hidden or available setting for TPM 14 has been selected through utility interface 44 (e.g., selected or set as either being hidden or available). Preferably, an available setting for TPM 14 is used as a default setting. Thus, if utility interface 44 is not used to select or apply a particular setting to TPM 14, the setting for TPM 14 remains as being available. However, in response to receiving a call or command from utility interface 44 to set TPM 14 thereafter as being either hidden or available, status flag 52 is set to “YES.” Status flag 52 is used to prevent subsequent changes to the setting applied to TPM 14. For example, in response to receiving a subsequent call or command from utility interface 44 for applying a setting for TPM 14, BIOS 24 determines whether status flag 52 has been set to “YES.” If status flag 52 has been set to “YES,” BIOS 24 rejects the call and/or otherwise generates an error message, thereby preventing a subsequent change to the setting applied to TPM 14. Accordingly, utility interface 44 is preferably used during manufacturing or building of computing system 12 to apply either a hidden or available setting to TPM 14 such that, once applied, the setting is not thereafter readily changeable by a consumer.


During booting of computing system 12 (e.g., in response to a power-on event or wake event from a hibernation, sleep or other type of reduced-power mode), BIOS 24 determines whether hide/available flag 50 is set to “YES,” thereby indicating a hidden or unavailable status setting for TPM 14. In the embodiment illustrated in FIG. 1, TPM 14 comprises an enable/disable state setting 56 and an activate/deactivate state setting 58. During manufacturing or building of computing system 12, TPM 14 is generally maintained in a disabled state setting 56 unless, for example, a field upgrade or other action required TPM 14 to be enabled. Thus, in response to BIOS 24 determining that a hidden setting has been applied to TPM 14, if TPM 14 is in an enabled state, BIOS 24 issues a disable command and a deactivate command to TPM 14, and issues a command to lock the state of TPM 14 before BIOS 24 transfers control of computing system 12 to OS 30. Thus, embodiments of system 10 physically disable TPM 14 and lock the state of TPM 14 before transferring control of computing system 12 to OS 30.


Further, in response to BIOS 24 determining that a hidden setting has been applied to TPM 14, BIOS 24 disables and/or otherwise prevents display of any TPM menu data 60 associated with TPM 14. For example, because TPM 14 is present in computing system 12, BIOS 24 generally comprises provides an interface to enable various options and/or settings associated with TPM 14 to be applied and/or otherwise configured, such as through BIOS 24 setup in the form of TPM menu data 60. Embodiments of system 10 disable and/or otherwise prevent display of TPM menu data 60 in response to detecting a hidden setting of TPM 14.


BIOS 24 is preferably configured to interface with OS 30 to report to OS 30 a lack of presence of TPM 14 on computing system 12 if the setting of TPM 14 is set to hidden. For example, in some embodiments, BIOS 24 uses a status method of reporting the presence and resources of various devices of computing system 12 to OS 30 through ACPI namespace. BIOS 24 is preferably configured to, in response to detecting a hidden setting for TPM 14, indicate to OS 30 a lack of presence of TPM 14 on computing system 12. Thus, based on the status reporting received from BIOS 24 indicating a lack of presence of TPM 14, OS 30 does not load any drivers associated with TPM 14, thereby preventing OS 30 and/or applications 32 from accessing and/or otherwise interfacing with TPM 14. However, it should be understood that in some embodiments, BIOS 24 is configured to also refrain from performing particular configuration settings/requests and/or refrain from enabling particular hardware resources necessary for the function and/or use of TPM 14.


Thus, in operation, utility interface 44 is used to apply and/or otherwise designate a setting for TPM 14 as being either hidden or available. After a desired setting is applied and/or otherwise designated, status flag 52 is used to indicate that a desired setting has been applied to TPM 14 to prevent a subsequent change to the setting. Thus, after either a hidden or available setting has been applied to TPM 14, the interface to change the setting of TPM 14 is essentially locked. Thus, in operation, if a hidden setting has been applied to TPM 14, a user or administrator of computing system 12 cannot generally thereafter change the setting for TPM 14 to being available.



FIG. 2 is a flow diagram illustrating an embodiment of a TPM management method. The method begins at block 200, where a destination of computing system 12 is determined and/or an indication of the setting to apply to TPM 14 is otherwise determined. For example, in some embodiments, during manufacturing or building of computer system 12, a bill of material or other type of manufacturing building or parts list associated with a particular computing system 12 may include a designation or other type of indication that a hidden setting should be applied to TPM 14 for the particular computing system 12 (e.g., based on a destination address of the particular computing system 12, by a phantom part number or other parts list designation, etc.). However, it should be understood that different methods and/or processes may be used to determine the TPM 14 setting to apply for particular computing system 12.


At block 202, utility interface 44 is accessed for computing system 12. At block 204, utility interface 44 transmits a call or command to BIOS 24 to set the state of TPM 14 as being either hidden or available. At decisional block 206, a determination is made by BIOS 24 whether status flag 52 has been set to “YES.” If status flag 52 has been set to “YES” (e.g., indicating that a hidden/available setting has already been applied or set for TPM 14), the method proceeds to block 208, where BIOS 24 rejects the call or command and/or otherwise generates an error message, thereby preventing any further change to the TPM 14 setting. If at decisional block 206 it is determined that status flag 52 has not been set to “YES,” the method proceeds to block 210, where a desired setting for TPM 14 is received. Preferably, hide/available flag 50 is set to “NO” as a default setting, thereby indicating availability of TPM 14. However, it should be understood that a default setting for TPM 14 may be otherwise configured. In response to receiving a setting to apply to TPM 14, at block 212, BIOS 24 sets the new value of the hide/available flag 50 and sets the status flag 52 to “YES,” thereby indicating that a setting for TPM 14 has been selected, and the method ends.



FIG. 3 is a flow diagram illustrating another embodiment of a TPM management method. The method begins at block 300, where computing system 12 is booted (e.g., in response to a power-on event or wake event from a hibernation, sleep or other reduced-power operating mode). At block 302, during a power-on self-test (POST) or other routine of BIOS 24, BIOS 24 determines the status of hide/available flag 50 for TPM 14. At decisional block 304, a determination is made whether hide/available flag 50 has been set indicating a hidden setting for TPM 14. If hide/available flag 50 does not indicate a hidden setting for TPM 14, the method proceeds to block 306, where BIOS 24 reports to OS 30 the presence of TPM 14 on computing system 12, thereby enabling OS 30 to load drivers associated with TPM 14 and/or otherwise access and interface with TPM 14. If at decisional block 304 it is determined that hide/available flag 50 indicates a hidden setting for TPM 14, the method proceeds to decisional block 308, where BIOS 24 determines whether TPM 14 is set as being enabled. If TPM 14 is not currently enabled, the method proceeds to block 312. If TPM 14 is set as being enabled, the method proceeds to block 310, where BIOS 24 issues a disable command and a deactivate command to TPM 14, thereby physically disabling and/or deactivating TPM 14.


At block 312, BIOS 24 locks the state of TPM 14. At block 314, BIOS 24 disables and/or otherwise prevents presentation of TPM-related menus such as TPM menu data 60 associated with setup access of BIOS 24. At block 316, BIOS 24 reports to OS 30 a lack of presence of TPM 14 on computing system 12. Thus, in response to receiving a report of a lack of presence TPM 14 on computing system 12, OS 30 does not load any drivers associated with TPM 14, thereby preventing access to an/or use of TPM 14.


Thus, embodiments system 10 enable a TPM disposed on a computing system to be set as hidden or unavailable, thereby preventing access and/or use of the TPM by an operating system and/or other applications residing on the computing system. Further, embodiments of system 10 enable using a particular motherboard configuration for a computing system (e.g., one having a TPM) to be used across different markets and/or geographical consumer areas while accommodating any TPM-related restrictions.

Claims
  • 1. A trusted platform module (TPM) management system, comprising: a computing system having a basic input/output system (BIOS), a TPM and an operating system, the BIOS configured to, in response to detecting an unavailable state setting for the TPM, report to the operating system a lack of presence of the TPM on the computing system.
  • 2. The system of claim 1, wherein the BIOS is configured to set a status flag indicating that a state setting for the TPM has been set.
  • 3. The system of claim 2, wherein the BIOS is configured to reject a call to set a state setting for the TPM if the status flag has been set.
  • 4. The system of claim 1, wherein the unavailable state setting is based on a destination for the computing system.
  • 5. The system of claim 1, wherein the BIOS is configured to receive a call from a utility interface to set the unavailable state setting.
  • 6. The system of claim 1, wherein the BIOS is configured to issue disable and deactivate commands to the TPM in response to detecting the unavailable state setting.
  • 7. The system of claim 1, wherein the BIOS is configured to lock the unavailable state setting of the TPM before transferring control of the computing system to the operating system.
  • 8. The system of claim 1, wherein the BIOS is configured to disable TPM menu data in response to detecting the unavailable state setting.
  • 9. The system of claim 1, further comprising a utility interface configured to issue a call to the BIOS to set the unavailable state setting.
  • 10. A trusted platform module (TPM) management method, comprising: reporting from a basic input/output system (BIOS) of a computing system to an operating system that a TPM disposed on the computing system is not present on the computing system in response to detecting an unavailable state setting for the TPM.
  • 11. The method of claim 10, further comprising setting a status flag indicating that a state setting for the TPM has been set.
  • 12. The method of claim 11, further comprising rejecting a call to set a state setting for the TPM if the status flag has been set.
  • 13. The method of claim 10, further comprising setting the unavailable state setting based on a destination of the computing system.
  • 14. The method of claim 10, further comprising receiving, by the BIOS, a call from a utility interface to set the unavailable state setting.
  • 15. The method of claim 10, further comprising issuing disable and deactivate commands to the TPM in response to detecting the unavailable state setting.
  • 16. The method of claim 10, further comprising locking the unavailable state setting of the TPM before transferring control of the computing system to the operating system.
  • 17. The method of claim 10, further comprising disabling TPM menu data of the BIOS in response to detecting the unavailable state setting.
  • 18. A trusted platform module (TPM) management system, comprising: means for reporting to an operating system means of a computing system means that a TPM means disposed on the computing system means is not present on the computing system means in response to detecting an unavailable state setting for the TPM means.
  • 19. The system of claim 18, further comprising means for indicating that a state setting for the TPM has been set.
  • 20. The system of claim 19, further comprising means for rejecting a call to set the state setting if the indicating means has been set.