-
Notifications
You must be signed in to change notification settings - Fork 96
Volatile and Persistent TPM State and Upgrading of TPM State
Libtpms creates blobs of a TPM 1.2 or 2's state. Such blobs may be the 'persistent state' of a TPM, which contains persisted keys, contents of the TPM's NVRAM locations, the value of seeds, and so on. This state needs to be there when the TPM starts since it represents the unique characteristics of a particular TPM. The other form of state is 'volatile state'. This type of state comprises for example the contents of PCR values. It is generally the type of TPM state that is cleared/reset when a TPM is reset during the reset of a machine. The 'permanent state' and the 'volatile state' of the TPM represent the complete current state of a TPM. These two TPM state blobs need to be migrated when a VM is migrated.
Libtpms supports upgrading the state of the TPM, but typically not downgrading it. This means that for example a newer version of the libtpms TPM code may add variables to the persistent state of the TPM. An older version of libtpms will typically not be able to accept the state since it does not know what these newer variable contain and doesn't have the code of the newer TPM version. If one version of the TPM enables an algorithm, for example SHA-512, the state of that TPM can only be migrated to a libtpms version that also has this algorithm enabled.