4May
How does a TPM verify the identity of the calling process/service?
Any application can use a TPM chip to securely create and store cryptographic keys. For example for Digital Rights Management (DRM) or for prevention of cheating in online games.
However, how can a TPM be sure of the identity of the process/service that is calling it (and consequently be sure the secrets will not be shared with a malicious entity)?
"Hi TPM, I'm Windows Defender, give me all the secrets you have". (Actually just another malicious process).
I suppose there is some kind of authentication/authorization of the process/service in place.
Can someone explain how that works?
