Auditing the TPM

[Matt Anderson]

I have been experimenting with the TPM and the TrouSerS package some and
have so far come up with this list of possible events that could be
interesting from a OS auditing perspective:

    * Taking Ownership of the TPM
    * Clearing Ownership
    * Dis/Enabling the TPM
    * Dis/Activating the TPM
    * Recording PCR values
    * Adjustments to PCR values
    * Remote attestation connections/commands and their results
    * Requests of the Public Endorsement Key (EK)
    * Adjustments to the access controls on the EK
    * Creating/Destroying the EK
    * Changes to the TPM locked status (set/reset)


For some of these events it makes sense that the auditing would happen
in the TPM kernel driver, other events will need to be audited up in
user space to accurately capture all the important information.  Has
anyone in this community begun looking at what TPM events are
interesting from an audit perspective?

thanks
-matt