Partially virtualizing PCR banks in mobile TPM

摘要

In accordance with the exemplary embodiments of the invention there is at least a method and apparatus to perform operations including triggering, with an entity of a device, an attestation with a trusted platform module/mobile platform module of the device; and in response to the triggering, sending information comprising a platform configuration register value towards the entity, where the platform configuration register depends on measurements of the entity triggering the attestation.

主权项

1. A method comprising:
triggering, with a trusted application of a mobile device from a number of trusted applications, an attestation of the trusted application with a trusted platform module of the mobile device, wherein the number of trusted applications permitted to trigger attestation is restricted to a predefined maximum number; in response to the triggering, defining, by the mobile device, information comprising a value of a dynamic virtualized platform configuration register, where the platform configuration register comprises an aggregate of late-launched measurements from the trusted application and at least one other trusted application, where the aggregate of the measurements from the trusted application and the at least one other trusted application is in a successive order of measurement in the platform configuration register, and where the value of the platform configuration register depends on measurements in the aggregate of measurements of the trusted application triggering the attestation; and using the information comprising the value of the dynamic virtualized platform configuration register to perform the attestation and execute the trusted application.