TPM behavior is determined by specifications issued by the Trusted Computing Group. TPM should behave exactly as directed, so you cannot change the functionality of a properly implemented TPM. TPM manufacturers have limited ability to update their products after shipment. For example, Infineon provides firmware updates for its devices.
Intel TPMs, however, may be different. Some chipsets included emulation / software TPM instead of real hardware TPM. These TPMs can be updated with a BIOS update. But in this case, the update must be provided by Intel. Recent boards, such as the DQ67SW, have standalone hardware TPMs not made by Intel.
So, the answer to your second question: No, you cannot program / define cryptographic algorithms . TPM uses.
As for your first question: yes, you can determine what to store in persistent storage to some extent. This area of ββmemory is called non-volatile memory or NV . First you need to define some space using the TPM_NV_DefineSpace command. After that, you can read and write from / to the location using TPM_NV_ReadValue and TPM_NV_WriteValue . Defining reserves for a certain amount of memory in NV, as well as setting security attributes for this location. These commands are low-level TPM commands, so it is highly recommended that you use Trusted Software Stack (TSS) to interact with TPM. You can use jTSS with jTpmTools or TrouSerS .
Some notes regarding NV:
- NV has very limited space, but the exact amount depends on the vendor (usually less than 5 KB). The minimum amount for a PC platform is 2048 bytes.
- TPM is a passive device; it cannot do anything without a command issued to it. If you want to save something in TPM, you must have an active part (BIOS, Software, Chipset, CPU) that issues these commands.
- Even the most cryptographic keys are not stored in TPM. There is a key hierarchy, and only the root key (Storage Root Key - SRK) is stored in TPM. All other keys are stored outside in an encrypted manner.