ISO IEC 11889-1-2015 (2016) PDF

Full title and description

Information technology — Trusted platform module library — Part 1: Architecture. This part of ISO/IEC 11889 (TPM 2.0 library) defines the architectural elements, security concepts and high-level behaviours of the Trusted Platform Module (TPM) used to establish platform trust, protect keys and perform attestation functions.

Abstract

ISO/IEC 11889-1:2015 describes the TPM architecture and how a TPM contributes to platform trust. It explains TPM concepts both in the context of the TPM device itself and in the context of platform interactions, illustrates TPM security and privacy techniques using cryptography, and defines general TPM requirements (integrity protection, isolation, confidentiality) without prescribing specific assurance levels or detailed cryptographic strength guidance. (Corrected English version: March 2016).

General information

• Status: Published (International Standard; confirmed on review).
• Publication date: 2015 (Edition 2, August 2015; corrected English version March 2016).
• Publisher: ISO/IEC (published under ISO/IEC JTC 1).
• ICS / categories: 35.030 (Information technology — security techniques / trusted computing).
• Edition / version: Edition 2 (ISO/IEC 11889-1:2015).
• Number of pages: 257 pages (published file size and page count as listed by standards webstores).

Scope

Defines the architectural elements of the TPM library (TPM 2.0): the TPM’s role within a platform, roots of trust, protected storage and access controls, PCRs (Platform Configuration Registers), cryptographic subsystems (hash/HMAC, asymmetric/symmetric operations, RNG), authorization and session models, non-volatile memory and operational states. The standard is limited to TPM requirements and does not provide cryptographic algorithm selection guidance or assurance-level prescriptions.

Key topics and requirements

• TPM architecture and operational states (power, initialization, self-test, failure modes).
• Roots of Trust: definitions and roles (Measurement, Storage, Reporting).
• Cryptography subsystem: hash functions, HMAC, asymmetric signatures, symmetric encryption, key generation/derivation and RNG.
• Integrity measurement and reporting using PCRs; extend and PCR semantics.
• Protected/shielded locations and non-volatile (NV) storage semantics and access controls.
• Authorization model, sessions, object and handle management, ownership lifecycle and lockout controls.
• Guidance on platform interaction with TPM (how TPM supports secure boot, attestation and protected storage) without dictating platform-specific profiles.

Typical use and users

Used by TPM silicon and firmware developers, platform and motherboard architects, security architects and engineers implementing attestation, secure boot and hardware-backed key protection, OEMs integrating TPMs into devices, and system integrators and enterprise security teams adopting hardware root-of-trust mechanisms. The Trusted Computing Group (TCG) TPM Library specification maps to these ISO/IEC parts and is a primary reference for implementers.

Related standards

ISO/IEC 11889 is a multi-part standard (TPM 2.0 library). Closely related parts are: Part 2 — Structures (ISO/IEC 11889-2:2015), Part 3 — Commands (ISO/IEC 11889-3:2015) and Part 4 — Supporting Routines (ISO/IEC 11889-4:2015). The 2015 editions of these parts correspond to the Trusted Computing Group TPM 2.0 Library specification. Earlier editions (for example ISO/IEC 11889-1:2009) were superseded by the 2015 edition.

Keywords

Trusted Platform Module, TPM 2.0, TPM library, architecture, root of trust, PCR, attestation, protected storage, NV memory, RNG, platform integrity.

FAQ

Q: What is this standard?

A: ISO/IEC 11889-1:2015 (TPM Library — Part 1: Architecture) is the International Standard that defines the architecture and high-level behaviours of the Trusted Platform Module (TPM) family (TPM 2.0 library).

Q: What does it cover?

A: It covers TPM architectural elements and concepts — roots of trust, cryptographic subsystems, PCRs, NV memory and access controls, authorization and session models, and TPM operational states — and explains how the TPM supports platform trust. It does not prescribe specific cryptographic strengths or platform profiles.

Q: Who typically uses it?

A: TPM hardware and firmware vendors, platform designers, security architects, OEMs, integrators and organisations implementing attestation, secure boot, key protection and other hardware-backed security features.

Q: Is it current or superseded?

A: The edition referenced is ISO/IEC 11889-1:2015 (Edition 2). The English corrected version was issued March 2016; the standard was reviewed and confirmed (most recent ISO entry notes confirmation during periodic review), so the 2015 edition remains the current published edition unless a later edition or amendment has been published. Users should verify if any newer amendments or a later edition exist before relying on the text for compliance.

Q: Is it part of a series?

A: Yes — ISO/IEC 11889 is published in multiple parts covering the TPM library (Part 1 Architecture; Part 2 Structures; Part 3 Commands; Part 4 Supporting Routines). These parts together define the TPM 2.0 library specification.

Q: What are the key keywords?

A: Trusted Platform Module, TPM 2.0, architecture, root of trust, attestation, PCR, NV memory, authorization, cryptography, RNG.