Greetings. Are there automated methods for assessing TPM posture? For example - verify TPM is: enabled, activated, contains a unique EK (i.e. tpm_getpubek is not reflective of known compliance vector fragments.)
( I apologize in advance if this question is off topic or common knowledge.) Best Regards, Brent ref oval.mitre.org/community/docs/OVAL-and-TPM-06-14-2010.pdf scap.nist.gov/events/2011/saddsp/presentations/Charles_Schmidt-Trusted_Computing_in_OVAL.pdf scap.nist.gov/events/2012/itsac/presentations/day2/4Oct_1145am_Boyle.pdf csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2014.pdf cryptotronix.com/2014/08/28/compliance_mode/ THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message. -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
