Transcription
Virtual TPMSecurity Policy DocumentMicrosoft WindowsFIPS 140 ValidationMicrosoft Windows 10 (October 2018 Update)Microsoft Windows Server 2019Non-ProprietarySecurity Policy DocumentDocument InformationVersion NumberUpdated On 2020 Microsoft. All Rights Reserved1.0July 21, 2020Page 1 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPMThe information contained in this documentrepresents the current view of Microsoft Corporationon the issues discussed as of the date of publication.Because Microsoft must respond to changing marketconditions, it should not be interpreted to be acommitment on the part of Microsoft, and Microsoftcannot guarantee the accuracy of any informationpresented after the date of publication.This document is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESSOR IMPLIED, AS TO THE INFORMATION IN THISDOCUMENT.Complying with all applicable copyright laws is theresponsibility of the user. This work is licensed underthe Creative Commons Attribution-NoDerivsNonCommercial License (which allows redistributionof the work). To view a copy of this license, 1.0/ orsend a letter to Creative Commons, 559 NathanAbbott Way, Stanford, California 94305, USA.Microsoft may have patents, patent applications,trademarks, copyrights, or other intellectual propertyrights covering subject matter in this document.Except as expressly provided in any written licenseagreement from Microsoft, the furnishing of thisdocument does not give you any license to thesepatents, trademarks, copyrights, or other intellectualproperty. 2020 Microsoft Corporation. All rights reserved.Microsoft, Windows, the Windows logo, WindowsServer, and BitLocker are either registeredtrademarks or trademarks of Microsoft Corporation inthe United States and/or other countries.The names of actual companies and productsmentioned herein may be the trademarks of theirrespective owners. 2020 Microsoft. All Rights ReservedPage 2 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPMVersion HistoryVersion1.0DateJuly 21, 2020 2020 Microsoft. All Rights ReservedSummary of changesDraft sent to NIST CMVPPage 3 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPMTABLE OF CONTENTSSECURITY POLICY DOCUMENT .1VERSION HISTORY .31INTRODUCTION .71.11.2LIST OF CRYPTOGRAPHIC MODULE BINARY EXECUTABLES .7VALIDATED PLATFORMS .72CRYPTOGRAPHIC MODULE SPECIFICATION.92.12.22.32.42.52.6CRYPTOGRAPHIC BOUNDARY.9FIPS 140-2 APPROVED ALGORITHMS . 10NON-APPROVED ALGORITHMS . 11FIPS 140-2 APPROVED AND ALLOWED ALGORITHMS FROM BOUNDED MODULES . 12CRYPTOGRAPHIC BYPASS . 12HARDWARE COMPONENTS OF THE CRYPTOGRAPHIC MODULE . 123CRYPTOGRAPHIC MODULE PORTS AND INTERFACES . VTPM EXPORT FUNCTIONS . 13VTPMCOLDINITWITHPERSISTENTSTATE . 13VTPMWARMINIT . 13VTPMSHUTDOWN . 14VTPMEXECUTECOMMAND . 14VTPMSETCANCELFLAG . 17VTPMGETRUNTIMESTATE . 17CONTROL INPUT INTERFACE . 18STATUS OUTPUT INTERFACE . 18DATA INPUT INTERFACE . 18DATA OUTPUT INTERFACE . 18NON-SECURITY RELEVANT INTERFACES . 184ROLES, SERVICES AND AUTHENTICATION . 184.14.24.2.1ROLES. 18SERVICES . 18MAPPING OF SERVICES, ALGORITHMS, AND CRITICAL SECURITY PARAMETERS . 19 2020 Microsoft. All Rights ReservedPage 4 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPM4.3AUTHENTICATION . 225FINITE STATE MODEL . 225.15.2STARTUP . 23COMMAND PROCESSING . 246OPERATIONAL ENVIRONMENT. 246.16.2CRYPTOGRAPHIC ISOLATION . 24INTEGRITY CHAIN OF TRUST . 257CRYPTOGRAPHIC KEY MANAGEMENT . 267.17.27.37.47.57.67.77.8ACCESS CONTROL POLICY . 27KEY MATERIAL. 30KEY GENERATION . 30KEY AGREEMENT AND DERIVATION . 30KEY ENTRY AND OUTPUT . 31KEY STORAGE . 31KEY ARCHIVAL . 31KEY ZEROIZATION . 318SELF-TESTS . 318.18.2POWER-ON SELF-TESTS . 31CONDITIONAL SELF-TESTS. 329DESIGN ASSURANCE . 3210MITIGATION OF OTHER ATTACKS . 3311SECURITY LEVELS . 3412ADDITIONAL DETAILS . 3413APPENDIX A – HOW TO VERIFY WINDOWS VERSIONS AND DIGITAL SIGNATURES . 3513.1HOW TO VERIFY WINDOWS VERSIONS . 35 2020 Microsoft. All Rights ReservedPage 5 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPM13.2HOW TO VERIFY WINDOWS DIGITAL SIGNATURES . 35 2020 Microsoft. All Rights ReservedPage 6 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPM1 IntroductionThe Virtual Trusted Platform Module (Virtual TPM or VTPM) is a dynamically linked library,TPMEngUM.dll, that provides TPM 2.0 cryptographic services to virtual machines that are running inguest partitions on the host Windows operating system.The only requirements for VTPM services are the requirements needed to configure and run Hypervisoras described here.1.1 List of Cryptographic Module Binary ExecutablesThe Virtual Trusted Platform Module (VTPM) contains the following binaries: TPMEngUM.dllThe Windows builds covered by this validation are: Windows 10 version 1809 and Windows Server 2019 build 10.0.17763Note: The software version for the Virtual TPM is the Windows 10 build number.1.2 Validated PlatformsThe Windows editions covered by this validation are: Microsoft Windows 10 Pro Edition (64-bit version)Microsoft Windows 10 Enterprise Edition (64-bit version)Microsoft Windows 10 Education Edition (64-bit version)Windows Server Standard CoreWindows Server Datacenter CoreThe Virtual Trusted Platform Module components listed in Section 1.1 were validated using thecombination of computers and Windows operating system editions specified in the table below.All the computers for Windows 10 and Windows Server listed in the table below are all 64-bit Intelarchitecture and implement the AES-NI instruction set but not the SHA Extensions. The exceptions are: HP Slimline Desktop - Intel Pentium with AES-NI and SHA ExtensionsWhile all the certified platforms listed below support AES-NI, the Virtual TPM is designed to operate onplatforms that do not implement the AES-NI instruction set as well. The underlying AES implementationsused by the Virtual TPM were tested both with and without AES-NI.Table 1 Validated Platforms for Windows 10 and Windows Server version 1809 and Azure Data Box EdgeComputerWindows10 HomeWindows10 Pro 2020 Microsoft. All Rights wsServer2019WindowsServer2019DatacenterAzureData BoxEdgePage 7 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPMMicrosoftSurface Go –Intel PentiumMicrosoftSurface Book 2– Intel Core i7MicrosoftSurface ProLTE – IntelCore i5MicrosoftSurface Laptop– Intel Core i5MicrosoftSurface Studio– Intel Core i7MicrosoftWindowsServer 2019Hyper-V1MicrosoftWindowsServer 2016Hyper-V2Dell Latitude12 RuggedTablet – IntelCore i5Dell Latitude5290 – IntelCore i7DellPowerEdgeR740 – IntelXeon GoldDell Inspiron660s [with x86Windows] –Intel Core i3HP SlimlineDesktop – IntelPentium12 Hardware Platform: Dell Precision Tower 5810MT – Intel Xeon E5Hardware Platform: Dell PowerEdge R740 Server – Intel Xeon Gold 2020 Microsoft. All Rights ReservedPage 8 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPMHP Elite x21013 G3 Tablet– Intel Core i7HP EliteBookx360 1030 G2 –Intel Core i7SamsungGalaxy Book10.6” – IntelCore m3SamsungGalaxy Book12” – IntelCore i5MicrosoftAzure DataBox Edge –Intel XeonSilver Note: The table above includes rows for all platforms tested under a particular Windows 10 release, butthe Virtual TPM is not supported on all of these platforms. The Virtual TPM module was validated on theplatforms above that have check marks in their row.2 Cryptographic Module SpecificationVirtual Trusted Platform Module is a multi-chip standalone module that operates in FIPS-approvedmode during normal operation of the computer and Windows operating system. See Self-Tests for adescription of how self-tests are implemented.The following configurations and modes of operation will cause Virtual Trusted Platform Module tooperate in a non-approved mode of operation: Boot Windows in Debug modeBoot Windows with Driver Signing disabledWindows enters the ACPI S4 power stateUtilize one of the Non-Approved algorithms from section 2.32.1 Cryptographic BoundaryThe software binaries that comprise the logical cryptographic boundary for the Virtual Trusted PlatformModule are TPMEngUM.dll. The following diagram displays this logical cryptographic boundary: 2020 Microsoft. All Rights ReservedPage 9 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPM2.2FIPS 140-2 Approved AlgorithmsVTPM implements the following FIPS-140-2 Approved algorithms.3Algorithm3Windows 10version 1809and WindowsServer 2019FIPS 186-4 ECDSA with NIST Curves P-256 and P-384 (Key Pair Generation)#C350FIPS 186-4 ECDSA with NIST Curves P-256 and P-384 (Public Key Validation, SignatureGeneration, Signature Verification)#C348FIPS 186-4 RSA PKCS#1 (v1.5) and PSS digital signature generation and verification with1024-bit (verification only) and 2048-bit moduli; supporting SHA-1 (verification only),SHA-256, and SHA-384#C350This module may not use some of the capabilities described in each CAVP certificate. 2020 Microsoft. All Rights ReservedPage 10 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPMFIPS 186-4 RSA key-pair generation with 2048-bit moduli#C348FIPS 180-4 SHS SHA-1, SHA-256, and SHA-384#C211FIPS 197 AES-128, AES-192, and AES-256 encryption and decryption in ECB mode#C211FIPS 197 AES-128, AES-192, and AES-256 encryption and decryption in CBC, CFB128,OFB and CTR modes#C350FIPS PUB 198-1 HMAC-SHA-14, HMAC-SHA-256, and HMAC-SHA-384#C350SP 800-56A KAS ECC with parameter EC (P-256 with SHA-256) and ED (P-384 with SHA384)SP 800-90A CTR DRBG (AES-256)#C350#C350SP 800-108 KDF with HMAC (SHA-1, SHA-256, SHA-384)#C350SP 800-56B RSADP component#C348SP 800-133 Cryptographic Key GenerationVendoraffirmedKTS compliant with SP 800-56B (Key Transport using RSA-OAEP, RSA Key Generation)Vendoraffirmed2.3 Non-Approved AlgorithmsVTPM implements the following non-approved algorithms: 4SHA-1 hash, which is disallowed for use in digital signature generation. It can be used for legacydigital signature verification. Its use is Acceptable for non-digital signature generationapplications.RSA 1024-bits for digital signature generation, which is disallowed.ECDAA for object creation and approved actions on keys that are non-FIPS compliant.For HMAC, only key sizes that are 112 bits in length are used by the module in FIPS mode. 2020 Microsoft. All Rights ReservedPage 11 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPM XOR obfuscation used as a hash-based stream cipher.MGF1 RSAES OAEP mask generation.EC Schnorr for signing and verifying signatures that are non-FIPS compliant.AES CFB128 for key wrapping during key import5As a matter of security policy, non-FIPS Approved algorithms shall not be used for any form of dataprotection while in FIPS mode.2.4 FIPS 140-2 Approved and Allowed Algorithms from Bounded ModulesA bounded module is a FIPS 140 module which provides cryptographic functionality that is relied on by adownstream module. As described in the Integrity Chain of Trust section, the Virtual TPM depends onthe following modules and algorithms:When Hypervisor Code Integrity is not enabled for Windows 10 version 1809, Code Integrity (modulecertificate #3644) provides: CAVP certificate #C211 for FIPS 186-4 RSA PKCS#1 (v1.5) digital signature verification with 2048moduli; supporting SHA-256 CAVP certificate #C211 for FIPS 180-4 SHS SHA-256When Hypervisor Code Integrity is enabled for Windows 10 version 1809, Secure Kernel Code Integrity(module certificate #3651) provides: CAVP certificate #C211 for FIPS 186-4 RSA PKCS#1 (v1.5) digital signature verification with 2048moduli; supporting SHA-256 CAVP certificate #C211 for FIPS 180-4 SHS SHA-256The Virtual TPM depends on the Kernel Mode Cryptographic Primitives (module certificate #3196) for: DRBG (CAVP certificate #C211) to provide the entropy input for the Virtual TPM’s DRBG instanceAES (CAVP certificate #C211) in CTR mode as a prerequisite for the DRBG of the boundedmoduleA non-Approved but Allowed Non-deterministic Random Number Generator (NDRNG) to seedthe DRBG of the bounded module2.5 Cryptographic BypassCryptographic bypass is not supported by VTPM.2.6 Hardware Components of the Cryptographic ModuleThe physical boundary of the module is the physical boundary of the computer that contains themodule. The following diagrams illustrate the hardware components used by the Virtual TPM module:5Disallowed since 2017 per FIPS 140-2 IG D.9. Using this algorithm for key import qualifies as ‘obfuscation’ per FIPS140-2 IG 1.23 and is considered equivalent to plaintext. 2020 Microsoft. All Rights ReservedPage 12 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPM3 Cryptographic Module Ports and Interfaces3.1 VTPM export functionsThe following list contains all the functions exported by VTPM. These functions are explained further inthe subsequent subsections. timeState3.1.1 sistentState() is the function exported by VTPM to initialize an instance of VTPMwith an existing persistent state. A pointer to the existing state is passed as one of the parameters. Ifthat pointer is NULL, a new VTPM instance will be created. The return code S OK means the functionwas successful. Any other return code indicates failure. Includes a memory reference to the runtimestate for the Virtual TPM, which includes the vTPM’s CSPs.3.1.2 VTpmWarmInitVTpmWarmInit() is an exported VTPM function to initialize an instance of a VTPM by the caller providingboth a persistent state and a run-time state. A pointer to the exiting persistent state and a pointer to theexisting run-time state are passed in as parameters. Neither pointer can be NULL. The resulting VTPM 2020 Microsoft. All Rights ReservedPage 13 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPMinstance is a copy of the source VTPM. The resulting VTPM instance can be used where the sourceinstance left off. No additional initialization of the TPM engine is required. The return code S OK meansthe function was successful. Any other return code indicates failure. Includes a memory reference to theruntime state for the Virtual TPM, which includes the vTPM’s CSPs.3.1.3 VTpmShutdownVTpmShutdown() is the function exported by VTPM to shut down an instance of a VTPM. The returncode S OK means the function was successful. Any other return code indicates failure.3.1.4 VTpmExecuteCommandVTpmExecuteCommand() is an exported VTPM function to execute TPM 2.0 commands. Pointers andsize parameters for the command and response buffers are provided by the caller. The return code S OKmeans the function was successful. Any other return code indicates failure.The TPM 2.0 library specification for the commands is Trusted Platform Module Library Part 3:Commands, Family “2.0”, Level 00 Revision 01.16, dated October 30, 2014. It is available from theTrusted Computing Group (TCG) tpm library specificationA high-level list of TPM 2.0 commands is provided here. Please refer to the TPM 2.0 library specificationfor details. Start-up Commandso TPM Inito TPM2 Startupo TPM2 ShutdownTesting Commandso TPM2 SelfTesto TPM2 IncrementalSelfTesto TPM2 GetTestResultSession Commandso TPM2 StartAuthSessiono TPM2 PolicyRestartObject Commandso TPM2 Createo TPM2 Loado TPM2 LoadExternalo TPM2 ReadPublico TPM2 ActivateCredentialo TPM2 MakeCredentialo TPM2 Unsealo TPM2 ObjectChangeAuthDuplication Commands 2020 Microsoft. All Rights ReservedPage 14 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPM o TPM2 Duplicateo TPM2 Rewrapo TPM2 ImportAsymmetric Primitiveso TPM2 RSA Encrypto TPM2 RSA Decrypto TPM2 ECDH KeyGeno TPM2 ECDH ZGeno TPM2 ECC Parameterso TPM2 ZGen 2PhaseSymmetric Primitiveso TPM2 EncryptDecrypto TPM2 Hasho TPM2 HMACRandom Number Generatoro TPM2 GetRandomo TPM2 StirRandomHash/HMAC/Event Sequenceso TPM2 HMAC Starto TPM2 HashSequenceStarto TPM2 SequenceUpdateo TPM2 SequenceCompleteo TPM2 EventSequenceCompleteAttestation Commandso TPM2 Certifyo TPM2 CertifyCreationo TPM2 Quoteo TPM2 GetSessionAuditDigesto TPM2 GetCommandAuditDigesto TPM2 GetTimeEphemeral EC Keyso TPM2 Commito TPM2 EC EphemeralSigning and Signature Verificationo TPM2 VerifySignatureo TPM2 SignCommand Audito TPM2 SetCommandCodeAuditStatusIntegrity Collection (PCR)o TPM2 PCR Extendo TPM2 PCR Event 2020 Microsoft. All Rights ReservedPage 15 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPM o TPM2 PCR Reado TPM2 PCR Allocateo TPM2 PCR SetAuthPolicyo TPM2 PCR SetAuthValueo TPM2 PCR Reseto TPM Hash Starto TPM Hash Datao TPM Hash EndEnhanced Authorization (EA) Commandso TPM2 PolicySignedo TPM2 PolicySecreto TPM2 PolicyTicketo TPM2 PolicyORo TPM2 PolicyPCRo TPM2 PolicyLocalityo TPM2 PolicyNVo TPM2 PolicyCounterTimero TPM2 PolicyCommandCodeo TPM2 PolicyPhysicalPresenceo TPM2 PolicyCpHasho TPM2 PolicyNameHasho TPM2 PolicyDuplicationSelecto TPM2 PolicyAuthorizeo TPM2 PolicyAuthValueo TPM2 PolicyPasswordo TPM2 PolicyGetDigesto TPM2 PolicyNvWrittenHierarchy Commandso TPM2 CreatePrimaryo TPM2 HierarchyControlo TPM2 SetPrimaryPolicyo TPM2 ChangePPSo TPM2 ChangeEPSo TPM2 Clearo TPM2 ClearControlo TPM2 HierarchyChangeAuthDictionary Attack Functionso TPM2 DictionaryAttackLockReseto TPM2 DictionaryAttackParametersMiscellaneous Management Functionso TPM2 PP Commands 2020 Microsoft. All Rights ReservedPage 16 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPM o TPM2 SetAlgorithmSetField Upgradeo TPM2 FieldUpgradeStarto TPM2 FieldUpgradeDatao TPM2 FirmwareReadContext Managemento TPM2 ContextSaveo TPM2 ContextLoado TPM2 FlushContexto TPM2 EvictControlClocks and Timerso TPM2 ReadClocko TPM2 ClockSeto TPM2 ClockRateAdjustCapability Commandso TPM2 GetCapabilityo TPM2 TestParmsNon-volatile Storageo TPM2 NV DefineSpaceo TPM2 NV UndefineSpaceo TPM2 NV UndefineSpaceSpecialo TPM2 NV ReadPublico TPM2 NV Writeo TPM2 NV Incremento TPM2 NV Extendo TPM2 NV SetBitso TPM2 NV WriteLocko TPM2 NV GlobalWriteLocko TPM2 NV Reado TPM2 NV ReadLocko TPM2 NV ChangeAutho TPM2 NV Certify3.1.5 VTpmSetCancelFlagVTpmSetCancelFlag() is an exported VTPM function to set or reset the cancel flag. When the cancel flagis set, the TPM library will opportunistically abort the command being executed.3.1.6 VTpmGetRuntimeStateVTpmGetRuntimeState() is a function exported by VTPM to return the VTPM current run-time state. Thecaller passes a pointer to the buffer to receive the run-time state and a pointer to the variablecontaining the buffer size. The return code S OK means the function was successful. Any other return 2020 Microsoft. All Rights ReservedPage 17 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPMcode indicates failure. Includes a memory reference to the runtime state for the Virtual TPM, whichincludes the vTPM’s CSPs.3.2 Control Input InterfaceThe Control Input Interface for VTPM consists of the export functions. Options for control operations arepassed as input parameters to the export functions.3.3 Status Output InterfaceThe Status Output Interface for VTPM also consists of the export functions. The status information isreturned to the caller as the return value of each function or to log files.3.4 Data Input InterfaceThe Data Input Interface for VTPM also consists of the export functions. Data and options are passed tothe interface as input parameters to the export functions. Data Input is kept separate from Control Inputby passing Data Input in separate parameters from Control Input.3.5 Data Output InterfaceThe Data Output Interface for VTPM also consists of the export functions. Data is returned to thefunction’s caller via output parameters.3.6 Non-Security Relevant InterfacesMany TPM 2.0 commands are not cryptographic functions. For details, see the TPM 2.0 libraryspecification.4 Roles, Services and Authentication4.1 RolesVTPM exposes all interfaces to the user launching the application that loaded the module.FIPS 140 validations define formal “User” and “Cryptographic Officer” roles. Both roles can use anyVTPM service.4.2 ServicesVirtual Trusted Platform Module services are described below:1. TPM 2.0 Services - The list of exported VTPM functions and TPM 2.0 commands in SectionCryptographic Module Ports and Interfaces describes the TPM services offered by this module.2. Show Status – The module provides a show status service that is automatically executed by themodule to provide the status response of the module either via output to the computer monitoras the return value of each function or to log files.3. Self-Tests - The module provides a power-up self-tests service that is automatically executedwhen the module is loaded into memory. 2020 Microsoft. All Rights ReservedPage 18 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPM4. Zeroizing Cryptographic Material - This service is executed as part of the module shutdown. SeeKey Zeroization.The list of exported VTPM functions and TPM 2.0 commands in Section Cryptographic Module Ports andInterfaces contains all the services available to an operator.4.2.1 Mapping of Services, Algorithms, and Critical Security ParametersThe following table maps the services to their corresponding algorithms and critical security parameters(CSPs).ServiceStart-up Commands (TPM 2.0Services)Testing Commands (Self-Tests)AlgorithmsNoneCSPsNoneSee Section Self-Tests for thelist of algorithmsAES, RSA, ECC,ECDAA / EC Schnorr [nonApproved], SP 800-133Cryptographic Key Generation6,SP 800-56B RSA-OAEPAES-256 CTR DRBGAES CFB key import [nonApproved]XOR [non-Approved]NoneObject Commands (TPM 2.0Services)AES, RSA, ECC, HMAC, SP800108 KDF, ECDAA / EC Schnorr[non-Approved], SP 800-133Cryptographic Key Generation7,SP 800-56B RSA-OAEPAES-256 CTR DRBGAES CFB key import [nonApproved]MGF1 [non-Approved]Duplication Commands (TPM2.0 Services)AES, HMAC, SP 800-56B RSAOAEPSymmetric KeysSymmetric Keys (for HMAC)Asymmetric RSA Public KeysAsymmetric RSA Private KeysAsymmetric ECDSA Public keysAsymmetric ECDSA Private keysStorage Root Key (SRK)Hierarchy ProofsHierarchy Authorization/PolicykeysAES-CTR DRBG SeedAES-CTR DRBG Entropy InputAES-CTR DRBG VAES-CTR DRBG KeySymmetric KeysSymmetric Keys (for HMAC)Session Commands (TPM 2.0Services)67Symmetric KeysAsymmetric RSA Public KeysAsymmetric RSA Private KeysAsymmetric ECDSA Public keysAsymmetric ECDSA Private keysAES-CTR DRBG SeedAES-CTR DRBG Entropy InputAES-CTR DRBG VAES-CTR DRBG KeyGenerated directly from the output of a DRBG.Generated directly from the output of a DRBG. 2020 Microsoft. All Rights ReservedPage 19 of 35This Security Policy is non-proprietary and may be reproduced only in its original entirety (without revision).
Virtual TPMAsymmetric Primitives (TPM 2.0Services)Symmetric Primitives (TPM 2.0Services)Random Number Generator(TPM 2.0 Services)AES CFB key import [nonApproved]MGF1 [non-Approved]RSA, ECDH, ECC, RSADP,ECDAA / EC Schnorr [nonApproved], SP 800-133Cryptographic Key Generation8,SP 800-56B RSA-OAEPAES-256 CTR DRBGMGF1 [non-Approved]AES (CTR, OFB, CBC, CFB, ECB)and HMACAES CFB key import [nonApproved]AES-256 CTR DRBGAsymmetric RSA Public KeysAsymmetric RSA Private KeysAsymmetric RSA Publi
Windows 10 version 1809 and Windows Server 2019 build 10.0.17763 Note: The software version for the Virtual TPM is the Windows 10 build number. 1.2 Validated Platforms The Windows editions covered by this validation are: Microsoft Windows 10 Pro Edition (64-bit version) Microsoft
