Differences Between TPM 1.2 and TPM 2.0

With the release of wolfTPM, it may be useful to understand the differences and benefits of TPM 1.2 and TPM 2.0. The table below outlines some of the differences/similarities between TPM 1.2 and TPM 2.0 in a side-by-side comparison.

TPM 1.2	TPM 2.0
One-size-fits-all specification consists of three parts Required algorithms: RSA-1024, RSA-2048; SHA-1 (hashing and HMAC) Optional algorithms: AES-128, AES-256 Required crypto primitives: RNG, key generation, a public-key crypto algorithm, a crypto hash function, a mask generation function, digital signature generation and verification, direct anonymous attestation Optional crypto primitives: Symmetric-key algorithms, XOR One hierarchy level (storage) One root key (SRK RSA-2048) HMAC, PCR, locality, and physical presence for authorization NV RAM: unstructured data	Specification varies based on platform being used Required algorithms: RSA-2048, ECC-P256, ECC-BN256; AES-128; SHA-1, SHA-2 (hashing and HMAC) Optional algorithms: RSA-1024; AES-256 Required crypto primitives: RNG, key generation and key derivation functions, public-key crypto algorithms, crypto hash functions, symmetric-key algorithms, digital signature generation and verification, mask generation functions, XOR, ECC-based direct anonymous attestation (using the Barreto-Naehrig 256-bit curve) Optional crypto primitives: none TThree hierarchy levels (platform, storage, and endorsement) Multiple root keys and algorithms per hierarchy Password, HMAC, and policy for authorization NV RAM: unstructured data, counter, bitmap, extend

TPM 1.2

TPM 2.0

One-size-fits-all specification consists of three parts
Required algorithms: RSA-1024, RSA-2048; SHA-1 (hashing and HMAC)
Optional algorithms: AES-128, AES-256
Required crypto primitives: RNG, key generation, a public-key crypto algorithm, a crypto hash function, a mask generation function, digital signature generation and verification, direct anonymous attestation
Optional crypto primitives: Symmetric-key algorithms, XOR
One hierarchy level (storage)
One root key (SRK RSA-2048)
HMAC, PCR, locality, and physical presence for authorization
NV RAM: unstructured data

Specification varies based on platform being used
Required algorithms: RSA-2048, ECC-P256, ECC-BN256; AES-128; SHA-1, SHA-2 (hashing and HMAC)
Optional algorithms: RSA-1024; AES-256
Required crypto primitives: RNG, key generation and key derivation functions, public-key crypto algorithms, crypto hash functions, symmetric-key algorithms, digital signature generation and verification, mask generation functions, XOR, ECC-based direct anonymous attestation (using the Barreto-Naehrig 256-bit curve)
Optional crypto primitives: none
TThree hierarchy levels (platform, storage, and endorsement)
Multiple root keys and algorithms per hierarchy
Password, HMAC, and policy for authorization
NV RAM: unstructured data, counter, bitmap, extend

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

References: https://en.wikipedia.org/wiki/Trusted_Platform_Module