pcr bank:
A Platform Configuration Register (PCR) is a memory location in the
TPM that has some unique properties. The size of the value that can be
stored in a PCR is determined by the size of a digest generated by an
associated hashing algorithm. A SHA-1 PCR can store 20 bytes – the
size of a SHA-1 digest. Multiple PCRs associated with the same hashing
algorithm are referred to as a PCR bank.
EK certificate:
Every TPM ships with a unique asymmetric key, called the Endorsement
Key (EK), burned by the manufacturer. We refer to the public portion
of this key as EKPub and the associated private key as EKPriv. Some
TPM chips also have an EK certificate that is issued by the
manufacturer for the EKPub. We refer to this cert as EKCert.
理解:制造商签过名的EK公钥,可以用来检测EK或直接说TPM是否是该AC发行的
sha256与sha1:
其实是同一种哈希算法
SHA-1是160位的哈希值,而SHA-2是组合值,有不同的位数,其中最受欢迎的是256位。
RSA与ECC:
均为加密算法。ECC更加优秀,有取代RSA的趋势。现在来说RSA更为普遍。