8 Oct
2019
8 Oct
'19
11:49 p.m.
On Mon, Oct 07, 2019 at 06:13:01PM -0400, Ken Goldman wrote:
The TPM library specification states that the TPM must comply with NIST SP800-90 A.
https://trustedcomputinggroup.org/membership/certification/tpm-certified-pro...
shows that the TPMs get third party certification, Common Criteria EAL 4+.
While it's theoretically possible that an attacker could compromise both the TPM vendors and the evaluation agencies, we do have EAL 4+ assurance against both 1 and 2.
Certifications do not equal to trust.
/Jarkko