You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Trusted platform module (TPM) technology is a technology designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The Azure IoT Edge for Linux on Windows (EFLOW) virtual machine doesn't support vTPM. However, the user can enable or disable the TPM passthrough feature, that allows the EFLOW virtual machine to use the Windows host OS TPM. The TPM passthrough feature enables two main scenarios:
17
+
A Trusted platform module (TPM) chip is a secure crypto-processor that is designed to carry out cryptographic operations. This technology is designed to provide hardware-based, security-related functions. The Azure IoT Edge for Linux on Windows (EFLOW) virtual machine doesn't have a virtual TPMs attached to the VM. However, the user can enable or disable the TPM passthrough feature, that allows the EFLOW virtual machine to use the Windows host OS TPM. The TPM passthrough feature enables two main scenarios:
18
18
19
19
- Use TPM technology for IoT Edge device provisioning using Device Provision Service (DPS)
20
20
- Read-only access to cryptographic keys stored inside the TPM.
21
21
22
-
This article describes how to develop a sample code in C# to read cryptographic keys stored inside the TPM.
22
+
This article describes how to develop a sample code in C# to read cryptographic keys stored inside the device TPM.
23
23
24
24
> [!IMPORTANT]
25
25
> The access to the TPM keys is limited to read-only. If you want to write keys to the TPM, you need to do it from the Windows host OS.
26
26
27
27
## Prerequisites
28
28
29
-
- A Windows host OS with a TPM or vTPM
29
+
- A Windows host OS with a TPM or vTPM (ig using Windows host OS virtual machine).
30
30
- EFLOW virtual machine with TPM passthrough enabled. Using an elevated PowerShell session, use `Set-EflowVmFeature -feature "DpsTpm" -enable` to enable TPM passthrough. For more information, see [Set-EflowVmFeature to enable TPM passthrough](./reference-iot-edge-for-linux-on-windows-functions.md#set-eflowvmfeature).
31
31
- Ensure that the NV index (default index=3001) is initialized with 8 bytes of data. The default AuthValue used by the sample is {1,2,3,4,5,6,7,8} which corresponds to the NV (Windows) Sample in the TSS.MSR libraries when writing to the TPM. All index initialization must take place on the Windows Host before reading from the EFLOW VM. For more information about TPM samples, see [TSS.MSR](https://github.com/microsoft/TSS.MSR).
32
32
33
+
> [!WARNING]
34
+
> Enabling TPM passthrough to the virtual machine may increase security risks.
35
+
33
36
## Create the dTPM executable
34
37
35
38
The following steps show you how to create a sample executable to access a TPM index from the EFLOW VM. For more information about EFLOW TPM passthrough, see [Azure IoT Edge for Linux on Windows Security](./iot-edge-for-linux-on-windows-security.md).
36
39
37
-
> [!WARNING]
38
-
> Enabling TPM passthrough to the virtual machine may increase security risks.
0 commit comments