Contact Legal Notice
english | deutsch
CorporateKnowledgeProductsSolutionsConsultingDistributorsSupport
ConferencesAsterisk SupportTPM Compliance
TPM Compliance
The core component specified by the Trusted Computing Group (TCG) is the Trusted Platform Module (TPM). Many vendors currently equip their platforms and devices with TPMs claiming to be TCG compliant. However, there is no feasible way to verify this fact. Further, in the near future many applications may use TPM functionalities and need to rely on their correctness. Hence it is crucial to have independent means for testing the compliance as well as analyzing the security of different TPMs.

Sirrix AG performs individual and independent TPM compliance tests for TPM manufacturers, integrators and end users. The compliance testing is based on our own TPM test suite developed in collaboration with the Horst Görtz Institute for IT Security.  Our TPM specialists support:

  • Test of compliance according to published TPM specifications
  • Test of compliance according to TCG-internal TPM specification (only for TCG members)
  • Analysis of test results (e.g., to improve TPM compliance)

Test Suite

To provide an independent way to test the compliance of TPM implementations, Sirrix AG has designed and developed a TPM compliance test suite. The main goals of the test suite design have been:

  • Allow vendors of TPMs to evaluate their implementations by an independent institution
  • Allow TPM developers to run regression tests to ensure that changes do not violate compliance against the official TPM specification
  • Give TPM integrators an independent tool to compare different TPM implementations
  • Allow end-users to check the usability and integrity of their TPMs
  • Identify security weaknesses of TPM implementations

The main advantages of our TPM compliance test suite are:

  • Extendability: New test cases can be added without much effort
  • Usability: A configuration tool allows to test any subset of test cases
  • Reports: The test suite generates an intermediate level journal file to debug single test cases
  • DAA Support: An interface to the DAA test suite developed by IBM allows to test compliance to the complex DAA protocol

Published Test Results

We have published a paper introducing our testing strategy as well as our sample test results and their analysis for different TPM implementations. One of the main results is that some TPM implementations do not meet the TCG specification and have bugs. Moreover, we show that non-compliance and inappropriate implementation may have crucial security impact, and point out the corresponding security problems in case of a widespread TPM chip.

blauer Pfeil The publication describing our test strategy and test results
blauer Pfeil A short summary of found issues with TPMs v1.1b
blauer Pfeil The TPM specifications of the TCG
© 2008 by Sirrix AG Anmelden