Trusted Computing Group

The specifications published are related to integrity management of trusted platforms. These specifications can be best understood in the following groupings by function:

        Integrity Management Architecture: This document provides the architecture for the management of integrity in systems.

• Integrity Management Architecture (v1.0)

        Measurement agent: This specification defines the trusted software capable of measuring, verifying and reporting                         software.

• PTS Interface specification (v1.0)

        Integrity Schema specifications: These specifications define the XML-based schemas for reporting and verification of                     software.

• Core Integrity Schema (v1.0)
• Integrity Report Schema (v1.0)
• Reference Manifest Schema (v1.0)
• Security Qualities Schema (v1.0 and V1.1)
•  Simple Objects Schema (v1.0)
• Verification Results Schema (v1.0)

        Certificate formats: This specification defines the profiles of TPM-related certificates based on the X.509 standard.

• Credentials Profile (v1.1)

The set of specifications consists of the Integrity Management Architecture, the interface specification for a measurement agent called the Platform Trust Service (or PTS), and a common XML-based data format for capturing and reporting integrity information about a system.

The Integrity Management Architecture provides the common framework for defining, collecting and reporting information pertaining to the integrity of the software and configuration of a system. Such information includes the components (software and hardware) constituting the platform, the elements that participated in its booting-up and the software that establishes the computing environment in the platform.

The Platform Trust Service (PTS) interface specification defines the API to a measurement agent that performs the collection, measurement and reporting of the integrity information on the platform. The PTS interface specification has been written to be platform independent, meaning that it is applicable to the various types of platforms or devices (e.g. PC client, server, mobile phones, etc).

In order for the integrity information to be meaningful and verifiable by external entities (e.g. other devices), a common XML-based data format for representing this information has been defined in the Integrity Schema specifications. The Integrity Schema itself can be understood as consisting of three major pieces derived from a single XML schema. These are the data formats for collecting and reporting integrity information, the format for representing reference measurement of known values, and the format for the verification results from evaluating a report.

The TCG uses the term "integrity management" to mean the broad aspects around the measuring, reporting and verifying of the state of a given computer system, including the infrastructure support (e.g. architectures, protocols, data formats, etc) to accomplish these tasks.

There are numerous aspects of a trusted platform that can be subject to measurements and quantification. These include the register values inside the TPM hardware, files on the system, in-memory images and others. Which aspect of a trusted platform to be measured is largely dependent on the use case of the measurement (e.g. verified boot, network access control, etc).

These specifications allow users to have confidence in the security mechanisms in their system. This stems from the fact that the integrity of these mechanisms can be verified (locally or remotely) as being free from alteration by malicious code.

These specifications are directly relevant to the TPM in PCs today and represent the next phase of infrastructure support for the operations of the platforms containing the TPM.

The TPM represents the trust anchor within the platform for the truthful reporting of the state of the platform. This feature is called "attestation" of the platform and represents a core value proposition of trustworthy computing. With the PTS specification, not only can the TPM be used to protect sensitive information, it can also be used to produce irrefutable reports (in a standardized format) regarding the TPM and the platform as a whole.

This set of IWG specifications can be implemented without the presence of a TPM. The value of these IWG specifications is dramatically increased when the root of trust (of the platform deploying them) is based in hardware.

In the context of the TNC specifications, the Platform Trust Service (PTS) interface specification provides an agent that can be employed (called by) the TNC Client to perform measurements of the components of the TNC Client device, as well as other client components. Furthermore, the set of IWG Integrity Schema specifications provides a standardized format for TNC implementers and vendors to report on the integrity status of a target device (e.g. TNC client). This standardized format promotes greater interoperability across TNC vendors.

The current set of infrastructure specifications represents a second phase of specifications, with the first phase infrastructure specifications published in 2005. The first phase specifications focused on the operational infrastructure required for a single system (containing to a TPM) to function, allowing applications to make use of the basic features of the TPM. These specifications focused on key management, backup of keying material, certificate issuance and management, and others.

In the current (second phase) specifications the focus is on the infrastructure support required for one platform to attest its state to another platform, which is a core value proposition of trustworthy computing. Thus, the current set of specifications includes a common architecture for understanding attestation using a TPM, as well as an interface to a measurement agent (the PTS) that can measure state, issue a report and verify attestations. The PTS builds on these previous first phase infrastructure specifications, and make use of a number of crucial functionalities provided by these specifications.

One of the core value propositions of trusted computing is that of providing attestation to the integrity of a given system. Thus, in addition to user authentication, a broad use case would be that of reporting the integrity status of the system (as measured and reported by the PTS) as part of access control to resources. There are numerous specific use cases for platform attestation. These include network access control (as exemplified by TNC), remote management and control of systems, security and integrity of financial transactions, verified boot of platforms, and others.

Consistent with the vision and practices of the TCG and its specifications, the infrastructure specifications have been designed to preserve the privacy of users. Similar to the TPM case, users must specifically choose to opt-in to deploy the PTS and other infrastructure functions. The PTS itself can be deployed without the TPM. The PTS vendors can implement administrative interfaces that allow control over the information that may be reported by the PTS, thereby ensuring user privacy. Finally, the PTS can be configured to perform only local verifications and thus privacy sensitive data can remain local to the platform. The PTS configuration should be driven by IT policies that will ensure that privacy sensitive values are not disclosed.

The PTS specification has been written to be agnostic across platforms (PC-Client, Server, Mobile, etc), and across operating systems and applications. The need for an agent to measure and report the integrity state of devices covering the entire software stack is a fundamental need of all devices. For vendors implementing the PTS, it is important to note that each implementation may be dependent on the hardware architecture and operating system upon which the PTS is implemented. For application developers that make use of the PTS, the same interface will be available independent of the operating system and underlying hardware platform.