µTSS: a simplified trusted software stack

The TCG Software Stack (TSS) specifies the software layer for application developers to use functions provided by a Trusted Platform Module (TPM). However, the current TSS interface is highly complex, which makes its usage very difficult and error-prone, and the high complexity makes it unsuitable for embedded devices or security kernels. We present a simplified TSS design and implementation (µTSS) providing a lightweight and intuitive programming interface for developers based on the TPM main specification. The major principles of the µTSS design are a reduced complexity, obtaining type safety, object encapsulation, and a simple error handling. These principles ensure that the resulting µTSS is maintainable and easy to use. Moreover, the modular architecture of the µTSS allows using only a subset of the provided functionality as it is required, e.g., for embedded systems, mobile devices, or in the context of a security kernel. This paper discusses experiences with the µTSS, based on several projects such as the TCG TPM compliance test suite and a Mobile Trusted Module (MTM) implementation.