Search code examples
inteltpmtrusted-computing

What is the difference between Intel TXT and TPM?


What is the difference between Intel TXT and TPM? What more Intel TXT has to offer as compared to TPM? Basically, I wanted to know how TXT works? Any easy to follow literature for beginners will be highly appreciated!


Solution

  • Scolytus is right but let me explain a bit more.

    As he said, a TPM is a dependency of TXT but not the other way around. The TPM is where TXT will store the measurements - hash of components - of the platform. If TXT is not supported by a platform but a TPM is still present you still have all these features:

    • Integrity measurement – securely measure the platform's components (hashes stored within the TPM)
    • Authenticated boot – a process by which a platform's state (the sum of its components) is reliably measured and stored. SRTM - Static Root of Trust for Measurements
    • Sealed Storage - encrypt data based on the current state of the platform or in other words, what has been measured (the PCR hash values stored in the TPM) - seal operation
    • Attestation - securely report to other parties the state of the platform, e.g., quote operation aka Remote Attestation.

    As such you could use trustedgrub (SRTM - Static Root of Trust for Measurements) but not tboot which implements a DRTM (Dynamic Root of Trust for Measurements) aka TXT.

    About "how TXT works" see this question.