
TPM-JS: Interactive Intro to Trusted Platform Modules - strstr
https://google.github.io/tpm-js
======
transpute
The TPM simulator is created by Google, which uses vTPMs in "Shielded VMs",
[https://arstechnica.com/information-
technology/2018/07/googl...](https://arstechnica.com/information-
technology/2018/07/google-launches-shielded-vms-to-protect-cloud-servers-from-
rootkits-data-theft/)

 _> Shielded VMs use a combination of firmware-based UEFI Secure Boot and
vTPM—a virtual Trusted Platform Module, which can generate and store "sealed"
encryption keys. Those keys are used for Secure Boot, which ensures that the
VM will only run authenticated software, and for Measured Boot, which checks
against previous baselines of the virtual machine's configuration ... Both
Secure Boot and Measured Boot can help defend against rootkits that might
execute during the operating system startup, as well as kernel-level malware
... making it difficult if not impossible to gain access to the contents of a
virtual machine's drives unless the operating system boots in a "known-good"
state. If the VM's operating system, boot loader, or firmware image is
compromised, the system won't reboot—so an attacker won't be able to decrypt
the virtual disks._

Here's a talk by the author of the Intel TPM2 Software Stack (TSS) used in the
simulator,
[https://www.platformsecuritysummit.com/2018/speaker/tricca/](https://www.platformsecuritysummit.com/2018/speaker/tricca/)

 _> TPM 2.0 became an ISO standard in 2015, a Windows 10 security requirement
in 2018 ... This talk will cover Intel’s collaboration ... to create a set of
usable APIs. Design and craftsmanship of APIs with intuitive, predictable
behavior can increase developer adoption and the likelihood of critical
infrastructure functioning as intended_

