Wave Systems Corp. (fka WAVXQ)

[Genz2]

TCG publishes new ESAPI specification that simplifies TPM communication

https://www.realwire.com/releases/TCG-publishes-new-ESAPI-specification-that-simplifies-TPM-communication

Oregon, USA, October 28 2019 – Trusted Computing Group (TCG) has released a new landmark Enhanced System API (ESAPI) specification for the application program interface to access the full capabilities of the Trusted Platform Module (TPM) through the TPM Software Stack (TSS).

Making it simpler and more convenient for developers, the ESAPI specification helps vendors to utilize the Roots of Trust provided by the TPM and build a TPM command buffer manually, without the previous complexity that it entailed.

“The core idea of ESAPI is to have a consistent API that the device can talk to via the TSS, leaving very little programming for developers to do themselves. With this new specification, developers have access to a complete interface for the middle layers that are so important to TPM applications, so it is very exciting,” said Andreas Fuchs, Co-chair of TCG’s TPM Software Stack Work Group. “It’s currently a lot of effort to access the TPM as a developer, as you would need to learn all the internal specifics and the ways in which to communicate with the TPM, so this specification is game-changing.”

The ESAPI specification details how the interface provides 100 percent of the TPM’s functionality while reducing the program complexity that comes with communicating with the TPM. This marks the formulation of a simpler, comprehensive and generically specified interface for the middle layers – that are a necessity to TPM applications. Addressing a lot of the duties that need to be performed before you can talk to a TPM and taking the complexity out of manually building TPM command buffers, the new specification makes it more convenient for developers, saving time and resources.

As a result of the simplified access of the TPM’s functionality, manufacturers will be able to implement the Roots of Trust, Storage and Reporting in a device in a highly secure manner, without requiring a detailed knowledge of how to communicate with the TPM itself.

Set directly above the System API, the interface is designed to enable applications to send commands to the TPM using a small number of function calls when using sessions, while still allowing devices to work securely. ESAPI also provides a cryptographic functionality for applications wishing to encrypt the data stream from TSS 2.0 to the TPM and provides an enhanced session management functionality on top of the base SAPI functionality.

“TCG has been working on the new specifications for a while now, with several implementations of the specifications having already started based on the draft releases,” said Fuchs. “This is a really exciting time for TCG as we look to ensure that connected devices work as securely as possible both now and in the future.”

ESAPI is suitable for all applications, with no one use-case more relevant than any others, meaning it can be used universally. The interface is written in C99, allowing it to operate in a wide range of operating systems and to simplify the writing of language bindings to other languages.

The specification is targeted at experts who want to access the TPM from across the entire computing ecosystem, from servers and desktops to embedded devices.
==================================================================
This article seems to be a good development for Wave! More TPMs being enabled is good for Wave and organizations' cybersecurity!