BATTLE OF SKM AND IUM
blackhat2015
blackhat2015
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
INBOX TRUSTLET IDS <strong>AND</strong> INSTANCE GUIDS<br />
• Trustlet ID 0 is the Secure Kernel Process, which hosts Device Guard<br />
• Trustlet ID 1 is LSAISO.EXE, which hosts Credential Guard<br />
• Trustlet ID 2 is VMSP.EXE which hosts the Virtual TPM (vTPM) on the Host Side<br />
• Uses the Instance GUID of the Hyper-V partition it is associated with to pull TPM secrets<br />
• Trustlet ID 3 is the vTPM provisioning tool<br />
• Uses the Instance GUID of the Hyper-V partition it is associated with to push TPM secrets<br />
• Enables Guarded Fabric feature