Google ensures the integrity of its machines' boot software through the use of hardware roots of trust such as Titan. Titan plays a key role in vulnerability recovery, allowing us to confidently measure and attest to the host's boot-time configuration to determine whether a machine is running up-to-date software. In addition to the host's software, Titan allows us to recover from severe vulnerabilities in the root of trust's firmware itself.
The Trusted Platform Module (TPM) specification describes an industry standard API for hardware roots of trust that perform a similar role to Titan. However, TPMs do not currently have a Titan-like ability to recover from arbitrarily-severe vulnerabilities in TPM firmware.
In this talk we describe new APIs that have arrived in the latest revision of the TPM 2.0 specification, which provide commensurate capabilities for self-attestation. With these new features, trust can be recovered in TPMs that may have previously run firmware with arbitrarily-severe vulnerabilities.
Chris Fenner is a Staff Software Engineer at Google working on attestation and credentialing infrastructure for datacenter devices. He co-chairs the TPM working group at TCG.
Jeff Andersen is a Senior Staff Software Engineer at Google working on data center platform security. He co-chairs the Data Center Workgroup at TCG and co-leads the Security Project at OCP.