Enabling Key Migration Between Non-compatible TPM Versions

  • Linus KarlssonEmail author
  • Martin Hell
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9824)


We consider the problem of migrating keys from TPM 1.2 to the backwards incompatible TPM 2.0. The major differences between the two versions introduce several challenges for deployed systems when support for TPM 2.0 is introduced. We show how TPM 2.0 support can be introduced while still maintaining the functionality specified by TPM 1.2, allowing a smoother transition to the newer version. Specifically, we propose a solution such that keys can be migrated from TPM 1.2 to TPM 2.0, while retaining behavior with regard to e.g. authorization, migration secrets, PCR values and CMK functionality. This is achieved by utilizing new functionality, such as policies, in TPM 2.0. The proposed solution is implemented and verified using TPM emulators to ensure correctness.


Trusted computing TPM Migration 



The authors would like to thank the anonymous reviewers for their helpful and valuable comments.


  1. 1.
    Chen, C., Raj, H., Saroiu, S., Wolman, A.: cTPM: a cloud TPM for cross-device trusted applications. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14). USENIX Association, Seattle, WA, April 2014Google Scholar
  2. 2.
    Hell, M., Karlsson, L., Smeets, B., Mirosavljevic, J.: Using TPM secure storage in trusted high availability systems. In: Yung, M., Zhang, J., Yang, Z. (eds.) INTRUST 2015. LNCS, vol. 9565, pp. 243–258. Springer, Heidelberg (2016)Google Scholar
  3. 3.
    IBM: IBM’s software trusted platform module.
  4. 4.
    Infineon: Infineon Advances Trusted Computing with New OPTIGA™ TPM Family: Security Chips Serve Industrial/Embedded Environments and Support Next Generation TPM 2.0 Firmware.
  5. 5.
    Infineon: Infineon Expands its Trusted Computing Expertise to Mobile Devices: OPTIGA™ TPM 2.0 Chips Secure Microsoft Surface Pro 3 Tablet.
  6. 6.
    Microsoft: BitLocker Drive Encryption Overview.
  7. 7.
  8. 8.
    Microsoft: Understanding and Evaluating Virtual Smart Cards, July 2014Google Scholar
  9. 9.
    Nyman, T., Ekberg, J.E., Asokan, N.: Citizen electronic identities using TPM 2.0. In: Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, TrustED 2014, pp. 37–48. ACM, New York (2014)Google Scholar
  10. 10.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot topics in Cloud Computing. USENIX Association (2009)Google Scholar
  11. 11.
    Sinha, A., Jia, L., England, P., Lorch, J.R.: Continuous tamper-proof logging using TPM 2.0. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 19–36. Springer, Heidelberg (2014)Google Scholar
  12. 12.
    Srivastava, A., Raj, H., Giffin, J., England, P.: Trusted VM snapshots in untrusted cloud infrastructures. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 1–21. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  13. 13.
    Trusted Computing Group: Trusted Computing Platform Alliance (TCPA), Main Specification Version 1.1b, February 2002Google Scholar
  14. 14.
    Trusted Computing Group: Interoperability Specification for Backup and Migration Services, Specification Version: 1.0 Final, Revision 1.0, June 2005Google Scholar
  15. 15.
    Trusted Computing Group: TPM main specification, Version 1.2, Revision 116, March 2011Google Scholar
  16. 16.
    Trusted Computing Group: Trusted Platform Module Library Specification, Family “2.0”, Level 00, Revision 01.16, October 2014Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Department of Electrical and Information TechnologyLund UniversityLundSweden

Personalised recommendations