The finalized TCG TSS Stack standard is intended to support a wide range of devices, from high-performance multicore ICT systems to small resource-constrained IoT nodes. The large range of devices covered by the standards will ensure it is possible to integrate TPM 2.0 as a full solution and to provide interoperability for platform security, network communication and data exchange.
“The FAPI spec is designed to remove the main obstacles to the broader adoption of enhanced security with TPM 2.0 in a wide range of systems,” said Andreas Fuchs, Chair of TCG’s TSS Work Group. ‘By removing the need for programmers to be TPM experts to use the TPM functionalities, more people will be able to apply the significant security benefits provided by TCG certified TPM 2.0 chips. The FAPI specification enables a cost-effective and simplified implementation of the storage, management and processing of cryptographic keys inside the secure boundaries of a TPM chip to enhance the security of devices and even networks.”
The FAPI specification finalizes the framework for the TPM Software Stack specifications (TSS 2.0). The framework provides low-level specifications, such as the System API, to enable the use of the complete set of TPM 2.0 functionalities in resource constraint devices. FAPI’s addition as a high-level specification now allows the integration of TPM 2.0 in high-performance systems with cost-efficient development and multiple user support, parallel services, virtualization for Windows- and POSIX-based operating systems like Linux.
TPM functionalities including signing, key storage in hierarchies, authorization, secure time, personalization, lifecycle-management and certificate management are now available for a larger selection of devices and applications through the FAPI. It achieves this by allowing automated processing for key storage, default cryptographic configuration for administrators, best-practice provisioning, filesystem integration and process evaluation.
Additionally, the new JSON Data and Policy Language standard makes it easier to handle declarative policy language to support the implementation of authorisation policy with a TPM. It allows complex authorization and