CAN/CSA-ISO/IEC 11889-1:16

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and Abbreviated Terms
5 Conventions
6 ISO/IEC 11889 Organization
7 Compliance
8 Changes from Previous Versions
9 Trusted Platforms
10 TPM Protections
11 TPM Architecture
12 TPM Operational States
13 TPM Control Domains
14 Primary Seeds
15 TPM Handles
16 Names
17 PCR Operations
18 TPM Command/Response Structure
19 Authorizations and Acknowledgments
20 Audit Session
21 Session-based encryption
22 Protected Storage
23 Protected Storage Hierarchy
24 Credential Protection
25 Object Attributes
26 Object Structure Elements
27 Object Creation
28 Object Loading
29 Object Creation in Reference Implementation
30 Context Management
31 Attestation
32 Cryptographic Support Functions
33 Locality
34 Hardware Core Root of Trust Measurement (H-CRTM)
   Event Sequence
35 Command Audit
36 Timing Components
37 NV Memory
38 Multi-Tasking
39 Errors and Response Codes
40 General Purpose I/O
41 Minimums
Annex A (normative) - RSA
Annex B (normative) - ECC
Annex C (normative) - Support for SMx Family of Algorithms
Annex D (informative) - Key Generation
Annex E (informative) - Policy Examples
Annex F (informative) - Acknowledgements and contributors
Bibliography

Specifies the architectural elements of the Trusted Platform Module (TPM), a device which enables trust in computing platforms in general.

Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 11889-1" throughout. At the time of publication, ISO/IEC 11889-1:2015 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This part of ISO/IEC 11889 defines the architectural elements of the Trusted Platform Module (TPM), a device which enables trust in computing platforms in general. Some TPM concepts are explained adequately in the context of the TPM itself. Other TPM concepts are explained in the context of how a TPM helps establish trust in a computing platform. When describing how a TPM helps establish trust in a computing platform, this part of ISO/IEC 11889 provides some guidance for platform requirements. However, the scope of ISO/IEC 11889 is limited to TPM requirements. This part of ISO/IEC 11889 illustrates TPM security and privacy techniques in the context of a platform through the use of cryptography. It includes definitions of how different cryptographic techniques are implemented by a TPM. The scope of ISO/IEC 11889 does not include cryptographic analysis or guidance about the applicability of different algorithms for specific uses cases. TPM requirements in this part of ISO/IEC 11889 are general, covering concepts like integrity protection, isolation and confidentially. Defining a specific strength of function or assurance level is out of scope for ISO/IEC 11889. This approach limits the guarantees provided by ISO/IEC 11889 itself, but it does allow the TPM architectural elements defined to be adapted to meet diverse implementation and platform specific needs.