跳转至主要内容
  • 快速、轻松地下订单
  • 查看订单并跟踪您的发货状态
  • 创建并访问您的产品列表

TPM 1.2 vs. 2.0 Features

摘要: TPM 1.2 vs. 2.0 Features, TPM 1.2 compared to TPM 2.0, TPM 1.2 vs. 2.0 - Supported Applications and Features, TPM 2.0 different from a firmware TPM

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。

说明

TPM 1.2 Compared toTPM 2.0 - Cryptographic Support

The table of encryption algorithms below provides a summary; for a more comprehensive list of TPM algorithms, reference the TCG Algorithm Registry. This hyperlink is taking you to a website outside of Dell Technologies. The list of mandatory algorithms for TPM 2.0 in a personal computer is defined in the latest PC Client Platform TPM Profile. This hyperlink is taking you to a website outside of Dell Technologies.

Algorithm Type

Algorithm Name

TPM 1.2

TPM 2.0

Asymmetric

RSA 1024

Yes

Optional

 

RSA 2048

Yes

Yes

 

ECC P256

No

Yes

 

ECC BN256

No

Yes

Symmetric

AES 128

Optional

Yes

 

AES 256

Optional

Optional

Hash

SHA-1

Yes

Yes

 

SHA-2 256

No

Yes

HMAC

SHA-1

Yes

Yes

 

SHA-2 256

No

Yes

Table 1: TPM 1.2 vs. 2.0

TPM 1.2 Compared to TPM 2.0 - Behavior Differences

TPM 1.2 supports a single "owner" authorization, with an RSA 2048b Endorsement Key (EK) for signing/attestation and a single RSA 2048b Storage Root Key (SRK) for encryption. This means a single user or entity ("owner") has control over both the signing/attestation and encryption functions of the TPM. In general, the SRK serves as the parent for any keys created in TPM 1.2. TPM 1.2 was specified as an opt-in device (see the Trusted Computing Group article The Case for Turning on Trusted Platform Modules This hyperlink is taking you to a website outside of Dell Technologies. for more information regarding the meaning of "opt-in" as it applies to TPM).

TPM 2.0 has the same functionality that is represented by the EK for signing/attestation and SRK for encryption as in 1.2, but the control is split into two different hierarchies in 2.0, the Endorsement Hierarchy (EH) and the Storage Hierarchy (SH). In addition to the EH and SH, TPM 2.0 also contains a Platform Hierarchy (PH) for maintenance functions, and a Null Hierarchy. Each hierarchy has its own unique "owner" for authorization. Because of this, TPM 2.0 supports four authorizations which would be analogous to the single TPM 1.2 "owner."

In TPM 2.0, the new Platform Hierarchy is intended to be used by platform manufacturers. The Storage and Endorsement hierarchies, and the Null hierarchy will be used by operating system's and OS-present applications. TPM 2.0 has been specified in a way that makes discovery and management less cumbersome than 1.2. TPM 2.0 has the capability to support RSA and ECC algorithms for Endorsement Keys and SRKs.

TPM 1.2 vs. 2.0 - Supported Applications and Features:

Feature or Application

TPM 1.2

TPM 2.0

DDP|ST - OTP client

Yes

No*

DDP|Encryption

Yes

Yes

Intel® Trusted Execution Technology ™

Yes

Yes

Microsoft Bitlocker™

Yes

Yes

Microsoft Virtual Smart Card

Yes

Yes

Microsoft Credential Guard™

Yes

Yes

Microsoft Passport™

Yes

Yes

TCG Measured Boot

Yes

Yes

UEFI Secure Boot

Yes

Yes

Microsoft Device Guard ™

Yes

Yes

Table 2: TPM 1.2 vs. 2.0 - Supported Applications and Features

NOTE: * DDP | ST works on a computer that is configured with TPM 2.0 but does not use the TPM 2.0 now.

How is Discrete TPM 2.0 different from a firmware TPM (fTPM)?

A firmware-based TPM (fTPM) is a TPM that operates using the resources and context of a multifunction/feature compute device (such as a SoC, CPU, or other similar compute environment).

A discrete TPM is implemented as an isolated, separate function or feature chip, with all necessary computing resources that are contained within the discrete physical chip package. A discrete TPM has full control of dedicated internal resources (such as volatile memory, nonvolatile memory, and cryptographic logic), and it is the only function accessing and using those resources.

A firmware-based TPM does not have its own dedicated storage. It relies on operating system and platform services to provide it access to storage within the platform. One of the implications of not having dedicated storage involves the presence of an Endorsement Key (EK) certificate. Discrete TPM devices can be delivered by the TPM manufacturer to the platform manufacturer with an EK certificate installed in the TPM storage for the TPM Endorsement Key. This is not possible with a firmware TPM. Firmware TPM vendors make certificates available to end-users through manufacturer-specific processes. To acquire the EK certificate for a computer, platform owners need to contact the chipset/CPU vendor for that platform

Also, a TCG Certified discrete TPM This hyperlink is taking you to a website outside of Dell Technologies. is required to meet compliance and security requirements including hardening of the chip and its internal resources similar to smart cards. TCG compliance verifies that the TPM correctly implements the TCG specifications. The hardening that is required by TCG certification allows a Certified discrete TPM to protect itself against more complicated physical attacks.

Operating System Support matrix:

Operating System Vendor Support

Operating System

TPM 1.2

TPM 2.0

Windows 7

Yes

No (1)

Windows 8

Yes

Yes (2)

Windows 8.1

Yes

Yes (2)

Windows 10

Yes

Yes

RHEL

Yes

Yes (3)(4)

Ubuntu

Yes

Yes (3)(5)

Table 3: Operating System Vendor Support

  • Windows 7 64 bit with SP configured in UEFI + CSM boot mode can support TPM 2.0, supported on some platforms.
  • Windows 8 launched with support for TPM 2.0 but only supports SHA-1.
  • Requires Linux upstream kernel version 4.4 or newer. Linux distribution vendors may choose to backport support to older kernels.
  • Red Hat® Enterprise Linux® 7.3 and later have basic kernel support. RHEL 7.4 has a tech preview of the user space tools.
  • Supported on Ubuntu 16.04 and later.

Dell Commercial Platform Operating System Support

Operating System

TPM 1.2

TPM 2.0

Windows 7

Yes

No

Windows 8

Yes

No (5)

Windows 8.1

Yes

No (5)

Windows 10

Yes

Yes (6)

RHEL

No (7)

Yes (8)

Ubuntu 14.04

No (7)

No

Ubuntu 16.04

No (7)

Yes (9)

Table 4: Dell Commercial Platform operating system Support

  • Dell supports TPM 2.0 with Windows 8 and 8.1 on a limited number of Tablets and Detachable personal computers that support Microsoft Connected Standby.
  • TPM 2.0 support is available on all Commercial platforms in Spring 2016, and the factory default TPM mode on Windows 10 is TPM 2.0.
  • TPM 1.2 is not officially support by Dell with Linux except on select IoT platforms.
  • Requires Red Hat® Enterprise Linux® 7.3 or later. User may need to manually change the TPM mode from 1.2 to 2.0.
  • Dell has collaborated with Canonical on TPM 2.0 support on client computers that ship with TPM 2.0. This requires that Ubuntu 16.04 ships with the computer.

其他信息

文章属性
文章编号: 000131631
文章类型: How To
上次修改时间: 05 9月 2024
版本:  7
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。