Explore the full ebook collection and download it now at textbookfull.

com

Trusted Platform Modules Why When and How to Use

Them Ariel Segall

https://textbookfull.com/product/trusted-platform-modules-
why-when-and-how-to-use-them-ariel-segall/

OR CLICK HERE

DOWLOAD EBOOK

Browse and Get More Ebook Downloads Instantly at https://textbookfull.com

Click here to visit textbookfull.com and download textbook now
 Your digital treasures (PDF, ePub, MOBI) await
Download instantly and pick your perfect format...

Read anywhere, anytime, on any device!

The Herbal Alchemist s Handbook A Complete Guide to

Magickal Herbs and How to Use Them Karen Harrison

https://textbookfull.com/product/the-herbal-alchemist-s-handbook-a-
complete-guide-to-magickal-herbs-and-how-to-use-them-karen-harrison/

textbookfull.com

Marketing Plans How to prepare them how to profit from

them 8th Edition Malcolm Mcdonald

https://textbookfull.com/product/marketing-plans-how-to-prepare-them-
how-to-profit-from-them-8th-edition-malcolm-mcdonald/

textbookfull.com

The Illustrated Guide to Pigs How to Choose Them How to

Keep Them 1st Edition Celia Lewis

https://textbookfull.com/product/the-illustrated-guide-to-pigs-how-to-
choose-them-how-to-keep-them-1st-edition-celia-lewis/

textbookfull.com

Philosophy for Life Teach Yourself The Ideas That Shape

Our World and How To Use Them Mel Thompson

https://textbookfull.com/product/philosophy-for-life-teach-yourself-
the-ideas-that-shape-our-world-and-how-to-use-them-mel-thompson/

textbookfull.com
The Wealth Dragon Way: The Why, the When and the How to
Become Infinitely Wealthy John Lee

https://textbookfull.com/product/the-wealth-dragon-way-the-why-the-
when-and-the-how-to-become-infinitely-wealthy-john-lee/

textbookfull.com

Project Management A Z A Compendium of Project Management

Techniques and How to Use Them 1st Edition Alan Wren

https://textbookfull.com/product/project-management-a-z-a-compendium-
of-project-management-techniques-and-how-to-use-them-1st-edition-alan-
wren/
textbookfull.com

The Cat Behavior Answer Book Understanding How Cats Think

Why They Do What They Do and How to Strengthen Our
Relationships with Them Arden Moore
https://textbookfull.com/product/the-cat-behavior-answer-book-
understanding-how-cats-think-why-they-do-what-they-do-and-how-to-
strengthen-our-relationships-with-them-arden-moore/
textbookfull.com

Next Stop Mars The Why How and When of Human Missions 1st
Edition Giancarlo Genta (Auth.)

https://textbookfull.com/product/next-stop-mars-the-why-how-and-when-
of-human-missions-1st-edition-giancarlo-genta-auth/

textbookfull.com

Pruning and Training What When and How to Prune

Christopher Brickell

https://textbookfull.com/product/pruning-and-training-what-when-and-
how-to-prune-christopher-brickell/

textbookfull.com
IET PROFESSIONAL APPLICATIONS OF COMPUTING SERIES 13

Trusted Platform
Modules
Other volumes in this series:

Volume 1 Knowledge Discovery and Data Mining M.A. Bramer (Editor)

Volume 3 Troubled IT Projects: Prevention and turnaround J.M. Smith
Volume 4 UML for Systems Engineering: Watching the wheels, 2nd Edition J. Holt
Volume 5 Intelligent Distributed Video Surveillance Systems S.A. Velastin and
P. Remagnino (Editors)
Volume 6 Trusted Computing C. Mitchell (Editor)
Volume 7 SysML for Systems Engineering J. Holt and S. Perry
Volume 8 Modelling Enterprise Architectures J. Holt and S. Perry
Volume 9 Model-Based Requirements Engineering J. Holt, S. Perry and M. Bownsword
 Trusted Platform
Modules
Why, when and how to use them

Ariel Segall

The Institution of Engineering and Technology

Published by The Institution of Engineering and Technology, London, United Kingdom

The Institution of Engineering and Technology is registered as a Charity in England &

Wales (no. 211014) and Scotland (no. SC038698).

© The Institution of Engineering and Technology 2017

First published 2016

This publication is copyright under the Berne Convention and the Universal Copyright
Convention. All rights reserved. Apart from any fair dealing for the purposes of research
or private study, or criticism or review, as permitted under the Copyright, Designs and
Patents Act 1988, this publication may be reproduced, stored or transmitted, in any
form or by any means, only with the prior permission in writing of the publishers, or in
the case of reprographic reproduction in accordance with the terms of licences issued
by the Copyright Licensing Agency. Enquiries concerning reproduction outside those
terms should be sent to the publisher at the undermentioned address:

The Institution of Engineering and Technology

Michael Faraday House
Six Hills Way, Stevenage
Herts, SG1 2AY, United Kingdom

www.theiet.org

While the author and publisher believe that the information and guidance given in this
work are correct, all parties must rely upon their own skill and judgement when making
use of them. Neither the author nor publisher assumes any liability to anyone for any
loss or damage caused by any error or omission in the work, whether such an error or
omission is the result of negligence or any other cause. Any and all such liability
is disclaimed.

The moral rights of the author to be identified as author of this work have been
asserted by him in accordance with the Copyright, Designs and Patents Act 1988.

British Library Cataloguing in Publication Data

A catalogue record for this product is available from the British Library

ISBN 978-1-84919-893-6 (hardback)

ISBN 978-1-84919-894-3 (PDF)

Typeset in India by MPS Limited

Printed in the UK by CPI Group (UK) Ltd, Croydon
 Contents

Acknowledgments xiii
Glossary and acronym expansions xv

1 Introduction 1
1.1 About this book 1
1.1.1 The enterprise approach 1
1.1.2 User stories 2
1.2 What is trusted computing? 2
1.2.1 What do we mean by ‘trusted’? 3
1.2.2 A brief history of trusted computing 4
1.2.3 The Trusted Computing Group 4
1.3 TPMs at a high level 5
1.3.1 Roots of Trust 5
1.3.2 Chains of trust 7
1.3.3 The TPM threat model 7
1.3.4 What TPMs are good for 9
1.3.5 What TPMs aren’t good for 9
1.3.6 TPM versions 10
1.3.7 Common TPM myths 11
1.4 Where to find TPMs 14
1.5 TPM software options 15

2 When to use a TPM 17

2.1 Machine authentication examples 17
2.2 Data protection examples 18
2.3 Attestation examples 19
2.4 When not to use a TPM 20
2.4.1 When not to use: consumer DRM 20
2.4.2 When not to use: primary defence against physical threats 21
2.5 Complicating factors 21
2.5.1 Identifying TPMs 21
2.5.2 Enterprise PKI integration 22
2.5.3 Universal software support 23
vi Trusted platform modules: why, when and how to use them

3 TPM concepts and functionality 25

3.1 Ownership and authority 25
3.2 Root keys and primary seeds 26
3.2.1 TPM 1.2 root keys 27
3.2.2 TPM 2.0 primary seeds and hierarchies 27
3.3 Non-root keys 30
3.3.1 Root and non-root key relationships 31
3.3.2 Externally created keys and the TPM 32
3.4 Key certification 32
3.5 Roots of trust for measurement 32
3.6 Platform configuration registers 33
3.7 Quotes 34
3.8 NVRAM and key storage 35
3.9 Utility functions 35
3.10 Access control mechanisms 35
3.11 Cryptographic algorithms 36
3.12 Communicating securely with the TPM 36
3.13 The TPM in action 37
3.13.1 Possible TPM states 37
3.13.2 Reboots, and why they matter 37
3.13.3 Clearing: erasing your TPM 38
4 Programming introduction 39
4.1 TSS 1.2 code introduction 39
4.1.1 Categories of TSPI commands 42
4.1.2 TSS objects 43
4.1.3 Policies: providing passwords to the TPM 43
4.1.4 Object attributes 45
4.2 IBM TSS 2.0 code introduction 46
4.2.1 TPM 2.0 utilities sample code 48
4.2.2 File handling helper functions 48
5 Provisioning: getting the TPM ready to use 51
5.1 Provisioning: what it means, and why it matters 51
5.2 Basic steps of 1.2 TPM provisioning 51
5.2.1 Setting up a 1.2 TPM 52
5.2.2 Establishing trust in a 1.2 TPM 56
5.3 2.0 TPM provisioning and hierarchies 60
5.3.1 Changing hierarchy authorizations 61
5.3.2 Changing the hierarchy seeds 62
5.3.3 Creating primary keys and objects 62
5.4 Multiversion TPMs 63
5.5 TPM provisioning user stories 63
5.5.1 User stories: turning the TPM on 63
5.5.2 User stories: establishing trust in the TPM 64
5.5.3 User stories: taking ownership 66
 Contents vii

5.6 Remote verification of TPM keys 67

5.6.1 Certification: 1.2 TPM keys and PKI 67
5.6.2 Certification: the homegrown approach 68
5.7 Provisioning-time key certification user stories 69

6 First steps: TPM keys 71

6.1 TPM keys 71
6.1.1 Advantages and disadvantages of TPM keys 71
6.2 The basic types of TPM keys 72
6.2.1 TPM 1.2 key types 72
6.2.2 TPM 2.0 key attributes 74
6.3 Authorization options for TPM keys 75
6.4 Creating TPM keys 75
6.4.1 Parent keys 75
6.4.2 Key creation commands 77
6.5 Key creation user stories 82
6.6 Migratable and duplicatable keys 83
6.6.1 1.2 Normal migratable keys 83
6.6.2 1.2 Certifiable Migration Keys 87
6.6.3 2.0 Duplicatable keys 91
6.6.4 When to use migratable or duplicatable keys 93
6.7 Migratable key user stories 93
6.8 Loading TPM keys 94
6.8.1 Additional loading features in 2.0 95
6.9 Handles, names, and authorization: using TPM keys in other
commands 95
6.9.1 Key handles and security 95
6.9.2 Pre-defined handles 96
6.10 Authorization sessions 97
6.11 Certifying TPM keys 98
6.11.1 TPM 1.2: certifying identity keys 100
6.11.2 Certifying other TPM keys (1.2 and 2.0) 102
6.11.3 Retrieving public portions of TPM keys 105
6.12 Using keys created outside the TPM 107
6.13 The TPM’s access control models 108
6.13.1 Physical presence 108
6.13.2 TPM 1.2: user authentication, PCRs, and localities 109
6.13.3 TPM 2.0’s Enhanced Authorization 110
6.14 Key access control user stories 114
6.15 TSS 1.2 key management code examples 116
6.15.1 Background: using the SRK 116
6.15.2 Key creation 116
6.15.3 Creating identity keys 119
6.15.4 Key loading 121
6.15.5 Using public keys 123
viii Trusted platform modules: why, when and how to use them

6.16 TSS 2.0 key management code examples 125

6.16.1 Key creation 125
6.16.2 Key loading 128
6.16.3 Using public keys 129
6.16.4 Enhanced Authorization policies 130

7 Machine authentication 137

7.1 What is machine authentication? 137
7.1.1 Signing versus encryption 137
7.1.2 The limits of TPM-based machine authentication 138
7.1.3 What about user authentication? 138
7.2 Signing-based machine authentication 139
7.2.1 How it works 139
7.2.2 When to use it 140
7.2.3 The TPM and signing-based authentication 141
7.2.4 Nonces: why they matter and how to use them 144
7.2.5 Mitigating man-in-the-middle attacks 146
7.3 Encryption-based machine authentication 147
7.3.1 How it works 147
7.3.2 When to use it 149
7.4 User identification versus machine authentication 150
7.5 Machine authentication user stories 151
7.6 1.2 TSS machine authentication code examples 153
7.6.1 Setting a signature scheme 153
7.6.2 Signing and verifying hashed data 154
7.6.3 Encryption and decryption 154
7.7 TSS 2.0 machine authentication code examples 154
7.7.1 Signing 154
7.7.2 Verifying signatures 156
7.7.3 Encryption and decryption 157

8 Data protection 159

8.1 The pros and cons of TPMs for data storage 159
8.2 Basic TPM encryption features 161
8.2.1 Storage hierarchies and data protection 162
8.3 Disk encryption, bulk data protection, and secure backups 163
8.4 Small-scale data protection 163
8.4.1 Small-scale local encryption 164
8.5 Secure data transmission 166
8.5.1 Binding, legacy keys, and backwards compatibility 168
8.6 Alternate backup techniques 168
8.7 The TPM’s internal storage (NVRAM) 168
8.7.1 Using NVRAM in 1.2 170
8.7.2 Using NVRAM in 2.0 171
 Contents ix

8.8 Conditional data access 175

8.9 Data protection user stories 176
8.10 TSS 1.2 data protection code examples 179
8.10.1 Binding and unbinding 179
8.10.2 Sealing and unsealing 180
8.10.3 Using NVRAM 181
8.11 TSS 2.0 data protection code examples 184
8.11.1 Creating a sealed blob 184
8.11.2 Decrypting a sealed blob 186
8.11.3 Using NV storage 186
8.11.4 Reading NV contents and manufacturer certificates 190

9 Attestation 193
9.1 Machine state and the TPM 193
9.1.1 Measurement chains of trust 193
9.1.2 The Static Root of Trust for Measurement 194
9.1.3 The Dynamic Root of Trust for Measurement 195
9.2 Using the PCRs 200
9.2.1 Essential PCR operations 200
9.2.2 Measurement and PCRs 202
9.2.3 Beyond measurements: creative uses of PCRs 204
9.2.4 1.2 PCR design 206
9.2.5 2.0 PCR design 207
9.2.6 Choosing PCRs to use 209
9.2.7 PCRs beyond the PC 210
9.3 Basic attestation techniques 211
9.3.1 Quotes 211
9.3.2 Verifying quotes 214
9.3.3 Constrained key attestation 216
9.3.4 Direct anonymous attestation 216
9.4 Machine state measurement in theory and reality 221
9.5 Attestation user stories 221
9.6 TSS 1.2 attestation code examples 225
9.6.1 Reading PCR contents 225
9.6.2 Extending PCRs 225
9.6.3 Resetting PCRs 226
9.6.4 Creating and verifying a quote 227
9.7 TSS 2.0 attestation code examples 232
9.7.1 Creating a PCR selection 232
9.7.2 Reading PCR contents 233
9.7.3 Extending PCRs 233
9.7.4 Resetting PCRs 234
9.7.5 Creating and verifying quotes 235
x Trusted platform modules: why, when and how to use them

10 Other TPM features 237

10.1 The smorgasbord 237
10.2 Clearing the TPM 237
10.2.1 Revoking trust in an EK 239
10.2.2 Clearing user stories 239
10.3 Random number generation 239
10.3.1 Random number user stories 240
10.4 TPM configuration 241
10.4.1 Configuration in 1.2 241
10.4.2 Configuration in 2.0 242
10.4.3 Configuration user stories 247
10.5 Monotonic counters 248
10.5.1 Monotonic counter user stories 249
10.6 Storing extra keys in the TPM 250
10.6.1 Persistent key user stories 251
10.7 Command auditing 252
10.7.1 Command audit user stories 254
10.8 Field upgrades 254
10.9 1.2-exclusive features 255
10.9.1 Temporarily deactivating the TPM 255
10.9.2 Maintenance archives 255
10.9.3 Delegation 257
10.9.4 Tickstamps 260
10.10 2.0-exclusive features 262
10.10.1 Cryptographic primitives 262
10.10.2 Clocks and attesting to local time 265

11 Software, specifications, and more: Where to find other

TPM resources 269
11.1 1.2 Programming tools 269
11.1.1 1.2 Trusted/TCG software stacks (TSS) 269
11.1.2 Microsoft’s TBS 270
11.2 2.0 Programming tools 270
11.2.1 IBM TSS 2.0 270
11.2.2 2.0 TSS.Net and TSS.C++ 271
11.3 Books, courses, and other digested material 271
11.3.1 TPM 1.2 concepts 271
11.3.2 TPM 1.2 programming 271
11.3.3 TPM 2.0 272
11.3.4 Other trusted computing topics 272
11.4 Community 273
11.4.1 The TCG 273
11.4.2 TrouSerS-users mailing list 273
 Contents xi

11.5 1.2 Specifications 274

11.5.1 1.2 TSS specification 274
11.5.2 1.2 TPM specification 276
11.6 2.0 Specifications 279
11.6.1 TCG TSS (TPM Software Stack) specifications 279
11.6.2 2.0 TPM specifications 281
11.6.3 2.0 Supporting specifications 283
11.7 Platform specifications 285
11.7.1 1.2 Platform specifications 285
11.7.2 2.0 Platform specification 286
11.7.3 Specifications applying to multiple TPM versions 286
11.8 Other useful resources 286
11.8.1 The tpm-tools package 286
11.8.2 TPM manufacturers 287
11.8.3 TPM 2.0 simulators 287
11.8.4 Example open-source applications 288
11.8.5 Useful trusted computing tools 289
11.9 Commercial software 289

12 Troubleshooting 291
12.1 When all else fails 291
12.2 There’s no TPM in the BIOS menu 291
12.3 Trouble getting any software working 292
12.3.1 Linux-specific tips 292
12.4 TPM returning errors 292
12.5 TSS 1.2 code returning errors 293
12.6 Problems using TPM data structures 294

13 Conclusion and review 295

13.1 What the TPM is good for 295
13.2 Common TPM use cases 295
13.3 The potential (and peril) of the future 296
13.4 In conclusion 296

Appendix A Basic cryptographic concepts 299

A.1 The limitations of this appendix 299
A.2 Basic vocabulary 299
A.3 Symmetric cryptography 299
A.4 Asymmetric (public key) cryptography 300
A.5 Key derivation functions 301
A.6 Hashes 301
A.6.1 HMACs 301
A.7 Nonces 302
A.8 Zero-knowledge proofs 302
xii Trusted platform modules: why, when and how to use them

Appendix B Command equivalence and requirements charts 305

B.1 Key 305
B.2 TPM 1.2 command equivalence and requirements 306
B.3 TPM 2.0 command requirements 312

Appendix C Complete code samples 317

C.1 1.2 TSS code samples 317
C.1.1 Sealing and unsealing 317
C.1.2 Using NVRAM 321
C.2 2.0 TSS code samples 324
C.2.1 Creating objects 324
C.2.2 Retrieving the TPM’s internal time 342

Copyright Notices 351

Index 353
 Acknowledgments

This book would not have happened without the help of a vast number of people, to
whom I am eternally grateful: Xeno Kovah, who first asked me whether I’d consid-
ered teaching a class on TPMs; my many wonderful former colleagues at MITRE,
particularly Amy Herzog, Joshua Guttman, John Ramsdell, Paul Rowe, Justin Sheehy,
and Brian Sniffen; it’s amazing what you can learn in ten years of being steeped in a
subject while surrounded by smart people. Then there are also the great folks from
the IAD, particularly Grant Wagner, George Coker, and Pete Loscocco, who never
stopped asking really challenging questions; I’d never have figured half of this stuff
out without you. There are all of my test readers, in particular the exceptionally patient
Kevin Riggle and John Mainzer, who waded through multiple versions and sent exten-
sive commentary. And above all, my amazingly patient spouse, Andrew Menard, who
put up with a ridiculous amount of hassle and still never stopped telling me I could
do this.
 Glossary and acronym expansions

AIK Attestation Identity Key. Often simply called an identity key. A key that acts as
a certifiable pseudonym for a TPM.
AMD A company that manufactures CPUs and other low-level hardware.
API Application program interface. A set of function definitions for building software
applications.
Attestation The presentation of verifiable evidence about a system to another party
(the verifier, sometimes called the appraiser). Usually, the verifier is off-system:
we call this remote attestation. The attestation target is sometimes called the
attester.
Authorization value Password, although usually with many fewer constraints about
the contents than the sort of passwords users generally create. In a TPM context,
sometimes used to imply a value that’s been pre-hashed before transmission,
versus a password transmitted in its entirety to the TPM.
BIOS Basic Input/Output system, though the expansion is almost never used.
BIOS refers to the firmware which initially sets up a PC’s hardware during
boot. Although technically, BIOS and UEFI refer to entirely different firmware
approaches that perform similar functions, because they serve the same purpose
they are often lumped together under the BIOS umbrella. Most mentions of BIOS
in this book actually refer to either BIOS or UEFI.
Blob A TPM-produced data structure whose contents the user is not expected to make
individual use of; a black box.
Boot Loader Software that loads an operating system kernel as part of the boot
process.
CA Certificate Authority. A trusted party participating in a public key infrastructure
who certifies that certain keys can be trusted by anyone who trusts the authority.
Chain of Trust A trusted computing concept in which every component establishes
trust in the next component before handing over control, usually rooted in a Root
of Trust. Often comes up when discussing how measurements of a system state
are created, although other chains of trust exist.
Clear An operation that removes most of the data from the TPM. Intended for use
when a machine is sold or transferred to a new owner, so that old secrets are no
longer accessible.
CMK Certifiable Migration Key. A 1.2 key that can be migrated between machines
with the approval of a trusted authority, and can be certified for external verifiers.
CPU Central processing unit. The core of a modern computer.
CRTM Core Root of Trust for Measurement. Same as SRTM.
xvi Trusted platform modules: why, when and how to use them

CSR Certificate signing request. A request presented to a CA to ask that a particular

key be certified. Normally part of a PKI.
DAA Direct anonymous attestation. A complex form of attestation that can establish
trust in a system without revealing anything about the system’s identity.
DNSSec Domain Name System Security Extensions. A standard for adding security
to DNS, the system that resolves hostnames on networks.
DRM Digital Rights Management. An umbrella term describing technologies for
limiting unauthorized access to specific proprietary resources. Usually used in a
corporate or copyright context.
DRTM Dynamic Root of Trust for Measurement. A special set of CPU functions
designed to allow trust in a system’s software to be established after an untrusted
boot.
EA Enhanced Authorization. A new, very fine-grained, and very flexible approach
to access control, introduced in 2.0 TPMs.
ECC Elliptic Curve Cryptography. An approach to public key cryptography based
on finite field algebra.
EK Endorsement Key. The key on which all trust in a 1.2 TPM is based. In theory,
created and certified by the TPM manufacturer.
EPS Endorsement Primary Seed. The primary seed associated with the endorsement
hierarchy. The cryptographic material on which most remote trust in a 2.0 TPM
is based.
FAPI Feature API. Part of the TCG’s 2.0 TSS. Intended to provide a small subset of
TPM functionality that would be most useful to the majority of users.
FIPS Federal Information Processing Standards. US government standards for
computing, prominently including security.
GRUB A boot loader, popular on Linux.
Handle An identification value that uniquely identifies an object or resource in a
given context. The context might be TPM-specific, program-specific, or software
stack-specific.
Hierarchy In a TPM 2.0 context, hierarchies are sets of keys and other objects rooted
in a shared primary seed, and managed with a shared set of authorization values
and policies. Different hierarchies are intended for different uses, although there
are no constraints on what objects can be created in what hierarchies.
HMAC Hashed Message Authentication Code. A hash combining data with a sym-
metric key; the authenticity can be verified by anyone else with the symmetric
key.
IT Information Technology. IT departments are a common description for the people
who handle computing resources in companies and other large organizations.
IP Among other meanings, Internet Protocol. IP addresses are the standard way in
which machines connected to a network are identified.
KDF Key Derivation Function. Mathematical function for securely deriving a key
from some initial input, called a seed.
MAC Mandatory Access Control. A system where access control is always present
and enforced. Compare to Discretionary Access Control, where access control is
something imposed in individual instances as desired.
 Glossary and acronym expansions xvii

MAC Media Access Control, although almost no one uses the expansion. MAC
addresses are used to identify individual network interface hardware devices on
a network.
NV storage Non-volatile storage. Storage areas whose contents are not erased on a
reboot. Sometimes called NVRAM.
NVRAM Non-volatile Random-Access Memory. Sometimes called NV Storage.
OAEP Optimal Asymmetric Encryption Padding. A padding scheme often used with
TSA, to create safe input to the encryption function.
OIAP Object-Independent Authorization Protocol. An authorization session proto-
col used to securely transmit authorization data to the TPM.
OS Operating System.
OSAP Object-Specific Authorization Protocol. An authorization session protocol
used to securely transmit authorization data to the TPM.
Owner The person who is the local authority on how the TPM should be used (or
not used). Usually, the literal owner of the machine, either an individual or IT
department.
PC Although this stands for Personal Computer, in this context it actually refers to
the x86 family of computer architectures, including both desktops and servers.
PCA Privacy Certificate Authority. A CA that participates in the TCG-designed AIK
certification protocol.
PCRs Platform Configuration Registers. A set of registers in the TPM with highly
controlled behaviour, used to contain system measurements or user data. The
contents can be used to constrain access toTPM resources, or certified for external
verification with a quote.
PKCS One of the Public Key Cryptography Standards. Defines a programming
interface for using cryptographic hardware.
PKI Public Key Infrastructure. A distributed architecture for establishing trust in
public keys. Usually involves at least one CA.
PPS Platform Primary Seed. The primary seed associated with the platform
hierarchy.
Primary Seed A hidden value used to generate keys in 2.0 platforms. Each hierarchy
has its own primary seed. Serves the same trust role as the root keys in 1.2 TPMs.
Root Key A key that acts as a root of trust on a given platform with a 1.2 TPM.
RoT Root of Trust. A component which is inherently trusted, and which is used to
establish trust in other components.
RTM Root of Trust for Measurement. The system component that is trusted to take
an initial measurement of a system, allowing a chain of trust to be started.
RTR Root of Trust for Reporting. The key that all external trust in a given TPM (and
therefore system) is eventually rooted in. In 1.2 TPMs, the EK; in 2.0 TPMs,
manufacturer-certified primary keys based on the Endorsement Primary Seed.
RTS Root of Trust for Storage. The key that is trusted to protect secrets in a system,
directly or indirectly. In 1.2 TPMs, the SRK; in 2.0 TPMs, primary keys based
on the Storage Primary Seed.
RSA A widely used public key cryptosystem based on the difficulty of factoring the
products of two large prime numbers.
xviii Trusted platform modules: why, when and how to use them

SAPI System Level API. Part of the TCG’s 2.0 TSS.

SGX Software Guard Extensions. A set of new Intel CPU extensions providing
additional security functionality.
SHA-1/SHA-256 Members of the widely used Secure Hash Algorithm family of
hash functions. SHA-1 is being slowly phased out of use as of the end of 2015,
owing to discovered weaknesses. SHA-256 is the recommended replacement.
SPS Storage Primary Seed. The primary seed associated with the storage hierarchy.
SRK Storage Root Key. A 1.2 TPM key which serves as the Root of Trust for Storage.
SRTM Static Root of Trust for Measurement. Same thing as CRTM.
State A computing term referring to a program’s or system’s status and available
information at a given point in time.
SVM Secure Virtual Machine. A set of CPU technologies created and sold by AMD.
Tamper Resistance Tampering, in this context, refers to physical attacks against
hardware; anything from a novice with a screwdriver to expert nation-state spies
with acid, liquid nitrogen, and lasers. Tamper resistance generally refers to hard-
ware capable of resisting some amount of tampering. This is distinct from tamper
proofing, which implies an actual immunity to most forms of tampering. Tamper
proofing is usually found in very expensive hardware sold to governments, and
often contains explosives; you will rarely encounter it in consumer or corporate
contexts.
TBS Trusted Base Services. A Microsoft interface for using 1.2 TPMs.
TCG Trusted Computing Group. An industry coalition that creates most trusted
computing standards, including the TPM standards.
TCPA Trusted Computing Platform Association. An industry coalition that was a
precursor to the Trusted Computing Group.
TCSI TSS Core Service Interface. A mid-level layer of the 1.2 Trusted Software
Stack API.
TDDL TCG Device Driver Library. A low-level layer of the 1.2 Trusted Software
Stack API.
TPM Trusted Platform Module.
Trusted In a TPM context, something whose behaviour is predictable. This allows
individuals to make their own determination about which behaviour can be
trusted in a colloquial sense.
TSPI TSS Service Provider Interface. The layer of the 1.2 Trusted Software Stack
API intended for use primarily by applications.
TSS Trusted Software Stack or TPM Software Stack. A software layer to make using
the TPM easier.
TXT Trusted Execution Technology. A set of CPU technologies created and sold by
Intel.
UEFI Unified Extensible Firmware Interface. A modern, standardized replacement
for a BIOS.
X.509 A widely used standard that defines formats for public key certificates,
certificate signing requests, and revocation lists.
 Chapter 1
Introduction

1.1 About this book

One of the major problems with trusted computing adoption has been a lack of good
introductory information. People wondering what this technology is, why they should
care about it, or how they should get started using it have generally not had very many
resources to turn to. In this book, I will begin with the most basic questions of what the
technology is; talk about when this technology is most useful (and, equally important,
when it’s not); and then start introducing the technical details of why and how to use
the technology. If you’re still at the stage of wondering if this technology is relevant
to you, start with the first couple of chapters; there’s enough complexity here that a
classic engineer’s ‘jump in feet first’ approach is inefficient. If you’re familiar with
the basics of trusted computing technology already, Chapters 4 and up will provide
you with useful reference material, but you may also find new ideas for how trusted
computing can be applied in your environment in Chapter 2.
This book is intended for a technical audience, but not one with any particular
familiarity with trusted computing, hardware, or security concepts. If you need a
refresher on or introduction to the basic cryptographic vocabulary used in this book,
see Appendix A.
While this book does contain example code demonstrating how to use the func-
tionality described, it is not intended to be a comprehensive reference for programming
for the Trusted Platform Module (TPM). Instead, I provide background information
and examples which should allow those with some coding experience to use freely
available resources (primarily in the form of relevant specifications) to implement
whatever TPM-based functionality they need. Similarly, my primary goal for this
book is to teach system designers what the TPM can do and what they might want
to use it for, and provide all the information you’ll need to look up the details for
your own projects. A comprehensive book containing everything anyone could ever
possibly need would rapidly turn into an unusable tome, so I’m aiming instead to
provide you with everything you’ll need to work independently.

1.1.1 The enterprise approach

While there are some good use cases for trusted computing at an individual level,
mostly involving protection of sensitive data, many of the most powerful trusted
computing use cases need a large infrastructure to be most effective. All of the use
2 Trusted platform modules: why, when and how to use them

cases for machine authentication and attestation, for example, require that there be a
mechanism for one machine to recognize the keys belonging to another; a large public
key infrastructure (PKI) makes this feasible and scalable, but few individuals and no
existing trusted third parties want to bother with the overhead required. Additionally,
large enterprises – be they companies, government agencies, or other organizations –
are far more likely than most individuals to need to track machine identity and state
over a network. Therefore, this book has been written with a focus on enterprise use
cases and support infrastructure.
Of course, this isn’t to say that the book can’t be useful if you’re not in an enterprise
Information Technology (IT) department. Whether you’re a student, a hobbyist, or a
professional, this book should give you a solid grounding in what TPMs are capable
of, what they’re good for, and what they’re not. Just keep in mind while you’re reading
that if you’re not working in an enterprise context, you may have to think a little beyond
the printed use cases to see how they apply to your own scenarios.

1.1.2 User stories

Throughout this book, I will present short user stories featuring fictional characters,
intended to illustrate both a variety of use cases for this technology and the sorts of
decisions that might lead to choosing one approach over another. These examples will
be far from comprehensive; after all, part of the goal of this book is for you to gain
an understanding of how this technology might apply in your own situation. Instead,
they are meant to illustrate the concepts presented in each chapter in a practical
setting, and hopefully encourage you to think how your own decisions might be
similar or different from those made by Alice, Bob and their colleagues at Example,
Incorporated.

1.2 What is trusted computing?

‘Trusted computing’ is an umbrella term, with almost as many definitions as there
are people talking about it. The definition we’ll use in this book is a more formalized
version of the way the Trusted Computing Group (TCG) (see Section 1.2.3) uses
the term:
Trusted computing refers to computing systems which use hardware to provide security
support to software and to create systems with more predictable behaviour.
This covers a wide range of systems. Technologies which fall under the trusted
computing umbrella include:
Trusted Platform Modules: The focus of this book, TPMs are chips, usually
attached to a device’s motherboard, which provide assorted cryptographic
functions. I’ll be providing much more detail later.
Self-encrypting Drives: Fast hardware-supported cryptographic data protection,
built into a hard drive.
 Introduction 3

Secure CPU Modes: These include Intel’s TXT and SGX, as well as AMD’s SVM,
and provide functionality such as software measurement, code signature check-
ing, and secure execution, all in a remotely verifiable fashion.
Trusted Network Connect: A suite of networking protocols capable of integrating
information from platform-level trusted computing into network access decision-
making, but which can also be used without any secure hardware.
Multilevel Computing: In the government world, different classification levels of
information must be kept carefully segregated, often on distinct machines or net-
works. Multilevel computing systems combine hardware and software to create
a trustworthy whole capable of securely handling information at multiple, highly
separated, classification levels simultaneously.
You may notice that I’ve included here both hardware components and the sys-
tems which use that hardware. That’s because the various definitions of ‘trusted
computing’ vary so widely. However, it’s very common to see ‘trusted computing’
used as an alternative term for TPMs and systems which use them.
Why do I introduce a definition that’s so very hard to pin down? I do it simply to
familiarize you with a term you’ll encounter often in this field, used by people who
may not agree with each other. You may not always know exactly what it means, but
at least you’ll know to dig in a little further and find out what’s actually behind it in
a particular instance. And if a vendor tries to sell you something that uses ‘trusted
computing’ without providing details, that can be a warning sign that they don’t
understand the technology well enough to build a useful product.1

1.2.1 What do we mean by ‘trusted’?

To a layperson, ‘trusted’ usually means something close to ‘good’. Trusted computing
terminology employs the word slightly differently. According to the TCG (more on
them shortly) and researchers in this area:

A trusted component is one which is predictable.

Why do we use predictable, rather than good, as our baseline? On the face of
it, this seems nonsensical. A virus can be a trusted component according to this
definition, if I know what its attack pattern is and what files it will corrupt. A well-
known commercial OS may not be, despite a reputable manufacturer and good coding
practices, if its behaviour is so complex that I can’t determine what it may do in any
given situation.
The reason we take this approach is twofold. First, anything that is predictable
is much easier to evaluate. Either I can predict a component’s behavior in response
to certain stimuli, or I can’t; and if I can, I can make useful judgments about its
performance. Secondly, it’s universal. ‘Good’ means something very different on
a power station control panel (where the requirement of remaining in operation no

1
For example, I’ve seen vendors try to claim that their product should have the ‘trusted’ label because it
contained a TPM…which had never even been turned on, and was not being used in any way.
4 Trusted platform modules: why, when and how to use them

matter what is critical) from what it does in a high-security government workstation

(where it may be better that the system becomes inoperable than to have it leak secrets)
and again from what it means on a home computer. Predictability, on the other hand,
doesn’t change, whatever the situation.
Furthermore, this predictability-based definition of ‘trust’ is very powerful,
because it lets us build a more colloquial version of ‘trust’ on top of it. If I can
predict that this virus will behave badly, then I can take appropriate action, such as
not executing it. Different system owners can use the same trusted system information
and take the actions that reflect their own needs.
That said, the levels of predictability today’s systems give us is primitive. For
the computer science readers, no one in the field is claiming to have solved the
halting problem. Instead, we’re using reasonable approximations: if we can identify a
component, then we can evaluate it in other contexts, and decide whether it’s suitable
for our purposes. Most trusted computing technologies are designed, in the end, either
to allow a component to be identified, or to identify other related components, or both.

1.2.2 A brief history of trusted computing

For a long time, the only entities interested in trusted computing were governments,
who invested in custom-built systems and software for their high-security needs.
The Orange Book is a famous set of government guidelines from the mid-1980s for
evaluating trusted computer systems; it and others from the Rainbow Book series
on trusted systems, published by the US Department of Defense, are now available
online for the curious.
In the early 2000s, the Trusted Computing Platform Alliance (TCPA) was formed,
as a joint effort by several major consumer technology companies. The TCPA’s goals
were diverse and sometimes contradictory, including both increasing consumer trust in
home computing systems for purposes such as banking and financial applications and
increasing copyright-holders’trust in consumer systems for digital rights management
(DRM), as well as generally improving computer security for home and enterprise
systems. It drew up the first designs for what would eventually become TPMs. The
TCPA was replaced by the TCG in 2003.

1.2.3 The Trusted Computing Group

The TCG, an industry consortium featuring contributors from around the world, seeks
to provide standards for trusted computing technologies and to increase the use of
trusted computing. The technologies covered by the TCG are quite diverse, ranging
from self-encrypting drives and networking protocols to trusted cloud architectures
and speciality embedded systems. By producing common standards with contribu-
tions from manufacturers and consumers of these technologies, theTCG seeks to make
adoption easy at all levels, and thus improve the security of commercial computing
infrastructure. By making the standards open and vendor-neutral, the TCG hopes to
both lower the barrier to entry and reduce some of the fears of vendor lock-in and
anticonsumer conspiracies that dogged the early TCPA efforts.
 Introduction 5

Companies that wish to contribute to trusted computing standards or get early

access to the works in progress can join the TCG. Although full membership
(and a vote) costs money, they also accept some non-voting (and non-paying)
contributors, who participate in standards development.
The TCG’s website, with all of their publications (including released standards,
draft standards out for public review and comment, and a variety of supplemen-
tary materials) as well as contact information for those who wish to get involved, is
http://www.trustedcomputinggroup.org.

1.3 TPMs at a high level

Trusted Platform Modules, or TPMs, are small, inexpensive chips which provide a
limited set of security functions. They are most commonly found as a motherboard
component on laptops and desktops aimed at the corporate or government markets,
but can also be found on many consumer-grade machines and servers, or can be pur-
chased as independent components. Their role is to serve as a Root of Trust—a highly
trusted component from which we can bootstrap trust in other parts of our system.
TPMs can be used to bootstrap trust: in secrets, particularly cryptographic keys; in
a platform’s identity; and, when combined with related technologies, called Roots of
Trust for Measurement, in a system’s software state.
TPMs provide the following features, which we’ll be discussing in more detail
throughout this book:

● A Root of Trust for Reporting

● A Root of Trust for Storage
● Limited internal storage
– Platform Configuration Registers (PCRs)
– Key storage
– Data storage
● Random number generation (RNG)
● Highly constrained cryptographic functions

Figure 1.1 shows a high-level diagram of the TPM subcomponents which support
these features, although individual implementations vary.

1.3.1 Roots of Trust

You may notice that we’ve now encountered the phrase ‘Roots of Trust’ quite a few
times. So, what are they?
Roots of trust are just that: roots, the pieces at the very bottom of the system.
These are the components on which all other trust is based, and which themselves
are trusted inherently (Figure 1.1). An important aspect of a root of trust is that it is
fundamentally unverifiable; after all, if I have a proposed root of trust, and another
6 Trusted platform modules: why, when and how to use them

TPM

Nonvolatile memory Cryptographic coprocessor

Volatile memory Execution engine (processor)

Random number generator

Figure 1.1 A high-level illustration of a TPM’s component parts

component which I’m using to verify it, then that second component is really the root
of trust, and the originally proposed root is above2 it in the trust hierarchy.
Now, this inherent trust can (and should!) be based on out-of-band assumptions.
I may not be able to verify that this chip is actually correct, but I can (hopefully) verify
that it came from a reliable vendor, which I can reasonably assume means that it was
built according to a standard which I can evaluate. But it’s important to remember
that that chain of logic is built on a set of assumptions: that the chip really came from
the vendor I think it came from, that the vendor really did implement the standard,
that there aren’t any bugs in the implementation or weaknesses in the standard, and
so forth; and to remember that if this chip we are identifying as a root of trust has a
problem, we’re going to have problems trusting anything built on top of it. This is one
reason that enterprises with very strict security needs should pay careful attention
to their supply chain when purchasing root of trust components; if your roots are
good, you’ll have a good chance of noticing problems above them, but if your root is
compromised, the rest of the system can’t be trusted.
Another important point is that trust is not generic! I trust my electrician to repair
the wires in my house, but not to access my bank account; I trust my bank to keep my
money secure, but not to keep my house from burning down. Similarly, I trust my TPM
to keep my keys secure, but not to keep my antivirus up to date. Therefore, whenever
we talk about a root of trust, we need to specify what kind of trust we’re talking about.
In PCs, we commonly run into the following roots of trust:
● Root of Trust for Storage (RTS): A component that protects secrets. Responsible
for maintaining both secrecy and integrity of those secrets. Some trusted systems
break this down into separate roots for confidentiality and integrity.
● Root of Trust for Reporting (RTR): A component that provides accurate report-
ing on data stored inside it. In the PC context, this more specifically applies to
accurate reporting of stored system state data. Note that the RTR is not responsible

2
Because of the root metaphor, trust hierarchies are sometimes presented in the opposite orientation to
other hierarchies, where ‘below’ is usually indicative of less power.
 Introduction 7

for creating the data, just for honestly informing the rest of the world about the
data’s content.
● Root of Trust for Measurement (RTM): A component that measures other soft-
ware and stores those measurements in a secure location. In the PC context, the
RTM is normally part of the boot process – see Section 9.1.1 for details – which
stores measurements in the TPM.
Other trusted computing systems, which I won’t be discussing in this book, but
which you may encounter if you’re working with phones, cars, or in other non-PC
scenarios, may contain different roots of trust, such as:
● Root of Trust for Verification: A component that verifies an integrity measure-
ment against a policy. Normally found in systems such as some embedded or
mobile devices, where the device manufacturer also defines some approved
software.
● Root of Trust for Update: A component that verifies the legitimacy of an update,
usually by checking an authorized signature. Most commonly used for firmware
updates.

1.3.2 Chains of trust

Merely trusting our lowest-level components isn’t sufficient for real-world use, where
we often need to establish trust in a wide range of software, keys, and other data.
Chains of trust allow us to bootstrap from the low-level root of trust to a higher-level
trusted object, by using our trust in the root to establish trust in secondary objects, and
then our trust in the secondary objects to establish trust in tertiary objects, and so forth.
The chains of trust that we’ll be referring to most frequently in this book are
measurement chains of trust (Figure 1.2) (sometimes called boot chains of trust
because they’re triggered most frequently during system boot), which let us bootstrap
from the Root of Trust for Measurement (RTM) to measurements of higher-level
software; and storage chains of trust (Figure 1.3), which let us bootstrap from the
Root of Trust for Storage (RTS) to trust in the security of other data and keys. We’ll
cover measurement chains of trust in much more detail in Chapter 9, and storage
chains of trust in Chapter 6.

1.3.3 The TPM threat model

The primary threat TPMs are intended to protect against is software-based attacks
aimed to steal information, such as keys, or to modify the system without the user’s
consent. TPMs also provide some protection against simple hardware attacks; being
inexpensive consumer chips, they are not designed to defend against a sophisticated
attacker, but the built-in tamper resistance provides some protection against casual
thieves.
TPMs also provide some protection against well-meaning but inexpert users and
developers. The TPM’s cryptographic functions are dramatically more constrained
than would be necessary if it functioned merely as a cryptographic coprocessor, run-
ning encryption and decryption operations on command. The TPM’s sometimes very
8 Trusted platform modules: why, when and how to use them

Root of trust for measurement

Measure Launch

Trusted component A

Measure Launch

Trusted component B

Measure Launch

Figure 1.2 An abstract measurement chain of trust. Each component in the chain
measures the next component before handing off control to it, placing
those measurements into the TPM. We can trust the measurement of
component A because we trust the root. If the measurement of
component A corresponds to a piece of software we trust, we can then
trust the measurement of component B, and so on until all trusted
components have been measured and launched. The TPM provides us
with a safe place to store these measurements

Storage key Signing key

Identity key Storage key Signing key

Storage root key

Figure 1.3 A 1.2 storage chain of trust. The Storage Root Key encrypts the secret
data of several other keys, including another storage key. That storage
key, in turn, can be used to encrypt the secret data of more keys. Our
trust in the security of all of the keys relies, in the end, on our trust in
the Storage Root Key
 Introduction 9

complex limitations on the use of keys or commands act as safeguards against poten-
tially dangerous actions. For example, the limitations in 1.2 TPMs against the same
key being used for both signing and decryption operations directly prevent an entire
class of attacks which can result in unintentionally signed data, accidentally decrypted
secrets, or the loss of key material. Without those constraints, it would be easy for
an uninformed user or software bug to take actions with very severe unnoticed and
unintended consequences. It is important to note, however, that many actions which
would be limited in an ideal perfect-security world are essential for the smooth oper-
ation of real-world systems. TPMs therefore have plenty of compromises in their
design; places where they will allow common (but dangerous) operations, or where
they will inconveniently prevent such an operation even if that makes compatibility
difficult. Some of the biggest differences in TPM versions (see Section 1.3.6) result
from changing opinions about which compromises are necessary.

1.3.4 What TPMs are good for

Protecting Cryptographic Keys: The keys a TPM creates are either stored inside
the TPM, in its internal protected storage, or encrypted with other protected keys
for secure storage outside the TPM. These keys never exist unencrypted outside
the TPM, and are thus protected from software-based theft of the key material.
Protected Cryptographic Functions: TPMs can perform both generic and special-
ized cryptographic functions internally, ensuring that key material is safe even
during use.
Protected State Registers: TPMs can be used to track system state and other data
recorded by software, in registers that are easy to add data to but very difficult
to forge. In combination with TPM-aware software, these can be used to create
verifiable records of software on the system.
Trustworthy Reporting: The TPM has several functions that allow a remote party
to verify parts of the TPM’s internal state, including keys and register contents.
Used in combination with external state reporting tools, this can be used for
remote attestation of the system’s state.
Cheap Tamper Resistance: TPMs aren’t designed for protecting high-security data
against expert attackers, but they do provide hardware-level protection more than
adequate for defence against casual thieves, for a very low cost.
Through the course of this book, we’ll talk about how these simple advantages
can be turned into powerful real-world functionality. TPMs can be used to identify
machines, protect data from theft, and allow verification of a machine’s software.
They are very powerful building blocks for inexpensive system security today.

1.3.5 What TPMs aren’t good for

Fast, frequent cryptography: Commercial TPMs are built to be inexpensive, not
fast. Don’t try using them for operations requiring high speed and volume, such
as packet encryption.
10 Trusted platform modules: why, when and how to use them

System monitoring: While TPMs can be used to support system-monitoring soft-

ware and provide reliable cryptography for reporting on the results of such
monitoring, a TPM does not perform any monitoring itself. All system measure-
ments are provided by external components. (See Section 9.1.1.) The external
components available today are primarily useful for boot-time state verification,
rather than runtime system monitoring.
Bulk Encryption: This is particularly true for 1.2 TPMs (see Section 1.3.6), which,
in addition to being small and inexpensive chips, do not support the symmetric
encryption algorithms that are best for large-scale encryption.
System control: TPMs have no ability to control the system they’re installed in;
they cannot prevent bad software from booting, shut down a system if malware
is detected, or otherwise change the state of software. They are entirely passive
devices.

1.3.6 TPM versions

There are three versions of PC TPMs that you may see references to. The version
numbers here refer to the version of the TPM specification implemented.
● 1.1 TPMs were the first on to the market. Rare even at the time, these were
replaced by the new version in the mid-2000s; you’re unlikely ever to encounter
one unless you’re using some rather unusual and now-obsolete hardware. We
won’t be covering them in this book, although many of the same principles apply.
● 1.2 TPMs are very common; as of the end of 2015, almost all commercially
available TPMs are 1.2 TPMs. They use RSA for encryption and signatures, and
SHA1 for hashes. Their functionality is highly constrained, to make safe usage
of keys, data, and cryptography more likely, and because the older technology
could not support a multitude of features at the desired cost point. Software for
using 1.2 TPMs exists on Windows and Linux platforms. (Apple devices do not
have TPMs as of the end of 2015.)
● 2.0 TPMs arrived on the market in late 2014, although as of the end of 2015
they were still being sold primarily to platform manufacturers rather than con-
sumers. 2.0 TPMs support both the older RSA and SHA1 algorithms and the
newer elliptic curve cryptography (ECC) and SHA256 hashing; in addition, they
now support symmetric cryptography, which was previously not included owing
to cryptographic export regulations. 2.0 TPMs are more compliant with external
standards such as X.509, are highly configurable, and support extremely powerful
and flexible authentication mechanisms, but a higher level of skill is required to
use them safely. As of the end of 2015, there is only a small amount of software
support for 2.0 TPMs, although Application Program Interfaces (APIs) have been
released.
● Some TPMs are 1.2/2.0 TPMs, and can be used in either a 1.2 or a 2.0 mode,
although they may have reduced 1.2 command sets. These chips are designed
to be compatible with today’s 1.2-focused infrastructures, while providing future
proofing against a day when the 1.2 algorithms are no longer considered secure,
or when enough 2.0-compatible TPMs have entered the market for enterprises to
Exploring the Variety of Random
Documents with Different Content
"What can be done?" said Mrs. Hill, who looked firmer than ever. "He
seems to be afraid of something. What it is I don't know--the illness
is mental, and you can't minister to a mind diseased. Perhaps you
can tell me what this all means, Allen."

"I'll tell you what I know," said Allen wearily, for the anxiety was
wearing out his nerves, and he thereupon related all that had taken
place since he left Wargrove. Mrs. Hill listened in silence.

"Of course, unless your father speaks we can do nothing," she said
at last; "do you think he is in his right mind, Allen?"

"No. He has always been eccentric," said the son, "and now, as he is
growing old he is becoming irresponsible. I am glad he has given
everything over to you, mother, and has made his will."

"Mr. Mask induced him to do that," said Mrs. Hill thankfully; "if he
had remained obstinately fixed about the money I don't know what I
should have done. But now that everything is in my hands I can
manage him better. Let him stay in his rooms and amuse himself,
Allen. If it is necessary that he should see the doctor I shall insist on
his doing so. But at present I think it is best to leave him alone."

"Well, mother, perhaps you are right. And in any case Parkins and I
will not trouble him or you much. I'll introduce him to Mrs. Palmer,
and she'll take him off our hands."

"Of course she will," said Mrs. Hill rather scornfully; "the woman's a
born flirt. So you don't know yet who killed Eva's father, Allen?"

"No," said he, shaking his head. "I must see Eva and tell her of my
bad fortune."

No more was said at the time, and life went on fairly well in the
house. Under Mrs. Hill's firm sway the management of domestic
affairs was much improved, and the servants were satisfied, which
they had never been, when Lawrence Hill was sole master. Parkins
was much liked by Mrs. Hill, and easily understood that Mr. Hill,
being an invalid, could not see him. She put it this way to save her
husband's credit. She was always attending to him, and he clung to
her like a frightened child to its mother. There was no doubt that the
fright over the parcel had weakened a mind never very strong.

Allen and Parkins walked, rode, golfed on the Shanton Links, and
paid frequent visits to Mrs. Palmer's place. Allen took the American
there within a couple of days of his return, and the widow forthwith
admired Parkins. "A charming giant," she described him, and Horace
reciprocated. "I like her no end," he confided to Allen; "she's a
clipper. Just the wife for me."

Eva laughed when Allen told her this, and remarked that if things
went on as they were doing there was every chance that Mrs.
Palmer would lose her heart.

"But that's ridiculous, Eva," said Allen, "they have known each other
only five days."

"Well, we fell in love in five minutes," said Eva, smiling, which

provocative remark led to an exchange of kisses.

The two were seated in the drawing-room of the villa. They had
enjoyed a very good dinner, and had now split into couples. Allen
and Eva remained in the drawing-room near the fire, while Parkins
and Mrs. Palmer played billiards. It was a chill, raw evening, but the
room looked bright and cheerful. The lovers were very happy being
together again, and especially at having an hour to themselves. Mrs.
Palmer was rather exacting, and rarely let Eva out of her sight.

"But she is really kind," said Eva, turning her calm face to Allen; "no
one could be kinder."

"Except me, I hope," said Allen, crossing the hearth-rug and seating
himself by her side. "I want to speak seriously, Eva."
"Oh dear," she said in dismay; "is it about our marriage?"

"Yes. I have arranged the money business with Horace Parkins, and
it is necessary I should go to South America as soon as possible. If I
don't, the mine may be sold to some one else."

"But can't Mr. Mark Parkins buy it?"

"Well, he could, but Horace wants to go out, so as to be on the spot,

and I must go with him. It's my one chance of making a fortune, for
the mine is sure to turn out a great success. As I want to marry you,
Eva, I must make money. There's no chance, so far as I can see, of
your getting that forty thousand pounds Lord Saltars spoke of."

"Then you really think, Allen, that there is money?"

"I am certain of it--in the form of diamonds. But we'll talk of that
later. Meantime I want to say that, as you wish it, we'll put off our
marriage for a year. You can stay here with Mrs. Palmer, and I'll go
next month to South America with Horace Parkins."

"But what about my father's death?"

"I hope that we'll learn the truth within the next three weeks," said
Allen. "Everything turns on this boy Butsey. He knows the truth."

"But will he tell it?"

"I think he will. The lad is clever but venomous. The way in which he
has been treated by his father and Don has made him bitter against
them. Also, after the false alarm he gave the other night to get
Parkins and me out of the mess, he can't very well go back to that
place. The old man would murder him; and I don't fancy the poor
little wretch would receive much sympathy from his father."

"What do you think of him, Allen?"

"My dear, I don't know enough about him to speak freely. From what
the philanthropist in Whitechapel says, I think the boy is very clever,
and that his talents might be made use of. He is abominably treated
by the brutes he lives with--why, his eye was put out by his father.
But the boy has turned on the gang. He burnt his boats when he
raised that alarm, and I am quite sure in his own time, he will come
down here and turn King's evidence."

"About what?"

"About the murder. The boy knows the truth. It's my opinion that
Red Jerry killed your father, Eva."

"How do you make that out?" she asked anxiously.

"Well, Red Jerry knew of your father in Africa and knew that he was
buying diamonds." Allen suppressed the fact of Strode's being an I.
D. B. "He followed him home in the Dunoon Castle., and then went
to tell Foxy and Father Don at Whitechapel. They came down to
Westhaven and tracked your father to the Red Deeps, and there shot
him. I can't understand why they did not take the wooden hand
then, though."

"Who did take the hand?" asked Eva.

"My father. Yes," said Allen sadly, "you may look astonished and
horrified, Eva, but it was my unhappy father. He is not in his right
mind, Eva, for that is the only way to account for his strange
behaviour;" and then Allen rapidly told Eva details.

"Oh," said the girl when he finished, "he must be mad, Allen. I don't
see why he should act in that way if he was not. Your father has
always been an excitable, eccentric man, and this trouble of my
father's death has been too much for him. I quite believe he
intended to kill my father, and thank God he did not--that would
have parted us for ever. But the excitement has driven your father
mad, so he is not so much to blame as you think."
"I am glad to hear you say so, darling," said the poor young fellow,
"for it's been like a nightmare, to think that my father should behave
in such a manner. I dreaded telling you, but I thought it was best to
do so."

"I am very glad you did," she replied, putting her arms round him;
"oh, don't worry, Allen. Leave my father's murder alone. Go out to
Bolivia, buy this mine, and when you have made your fortune come
back for me. I'll be waiting for you here, faithful and true."

"But you want to know who killed Mr. Strode?"

"I've changed my mind," she answered quickly, "the affair seems to

be so mysterious that I think it will never be solved. Still I fancy you
are right: Red Jerry killed my father for the sake of the diamonds."

"He did not get them if he did," said Allen, "else he and Father Don
would not have gone to see Mask and thus have risked arrest. No,
my dear Eva, the whole secret is known to Butsey. He can tell the
truth. If he keeps his promise, and comes here we shall know all: if
he does not, we'll let the matter alone. I'll go to Bolivia about this
business, and return to marry you."

"And then we'll bury the bad old past," said Eva, "and begin a new
life, darling. But, Allen, do you think Miss Lorry knows anything?"

"What, that circus woman? I can't say. It was certainly queer she
should have been in that den. What a woman for your cousin to
marry."

"I don't know if he will marry after all," said Eva.

"I believe old Lady Ipsen will stop the marriage."

"How do you know?"

"Because she wrote to say she was coming to see me. She says she
will come unexpectedly, as she has something to tell me."

Allen coloured. He hoped to avoid old Lady Ipsen as he did not

forget that she had accused his mother of stealing the Delham
heirloom. However, he merely nodded and Eva went on: "Of course I
am willing to be civil to her and shall see her. But she's a horrid old
woman, Allen, and has behaved very badly to me. I am her
granddaughter, and she should have looked after me. I won't let her
do so now. Well, Allen, that's one piece of news I had to tell you.
The next is about Giles Merry."

"What about him?"

"I received a letter from Shanton written by Miss Lorry. That was
when you were away. She sent it over by Butsey."

"What! Was that boy here?"

"Yes. When you were away. He delivered it at the door and went. I
only knew it was Butsey from the description, and by that time the
boy was gone. Had I seen him I should have asked Wasp to keep
him here, till you came back."

"I understand," said Allen thoughtfully. "Miss Lorry sent for Butsey.
He was told to return to Perry Street, Whitechapel, within a certain
time and did not. For that, Father Don shut him up in the attic and
fed him on bread and water. The treatment made Butsey rebellious.
But what had Miss Lorry to say?"

"She wrote that if Giles Merry worried me I was to let her know and
she'd stop him doing so."

Allen looked astonished. "Why should Giles worry you?" he asked

indignantly.
"I can't say. He hasn't come to see me yet, and if he does, of course
I would rather you dealt with him than Miss Lorry. I want to have
nothing to do with her."

"Still, she's not a bad sort," said Allen after a pause, "she saved our
lives on that night by sending Butsey to get us out of the den.
Humph! If she met Butsey on that night I wonder if she asked him
to return what he'd stolen?"

"What was that?" asked Eva.

"I don't know. Horace Parkins and I overheard her complaining, that
Butsey, when down seeing her, had stolen something. She refused to
say what it was and then bolted when she saw me. But what has
Giles Merry to do with her?"

"Cain told me that Giles was the 'strong man' of Stag's Circus."

"Oh, and Miss Lorry knows him as a fellow artiste. Humph! I daresay
she is aware of something queer about him. From the sending of
that parcel, I believe Giles is mixed up with Father Don's lot, and by
Jove, Eva, I think Miss Lorry must have something to do with them
also! We've got to do with a nice lot, I must say. And they're all after
the diamonds. I shouldn't wonder if Butsey had them, after all. He's
just the kind of young scamp who would get the better of the elder
ruffians. Perhaps he has the diamonds safely hidden, and is leaving
the gang, so as to turn respectable. He said he wanted to cut his old
life. Yes"--Allen slapped his knee--"Eva, I believe Butsey has the
diamonds. For all I know he may have shot your father."

"Oh, Allen," said Eva, turning pale, "that lad."

"A boy can kill with a pistol as surely as if he were a man, and
Butsey has no moral scruples. However, we'll wait till he comes and
then learn what we can. Once I get hold of him he shan't get away
until I know everything. As to Merry, if he comes, you let me know
and I'll break his confounded neck."
"I believe Nanny would thank you if you did," said Eva; the poor
woman is in a terrible fright. "He wrote saying he was coming to see
her."

"She needn't have anything to do with him."

"I told her so. But she looks on the man as her husband, bad as he
is, and has old-fashioned notions about obeying him. If he wasn't
her husband she wouldn't mind, but as it is----" Eva shrugged her
shoulders.

They heard the sound of footsteps approaching the door. Shortly the
footman entered. "There's a woman to see you, miss," he said to
Eva, holding the door open. "Mrs. Merry, miss."

"What!" cried Eva; "show her in."

"She won't come, miss. She's in the hall."

"Come, Allen," said the girl, and they went out into the hall, where
Mrs. Merry with a scared face was sitting. She rose and came
forward in tears, and with sopping clothes, owing to her walk
through the heavy rain.

"I ran all the way", Miss Eva. "I'm in such sorrow. Giles has come."

"What, your husband?" said Allen.

"Yes, and worse. I found this on the doorstep." She drew from under
her shawl the wooden hand!

CHAPTER XX
 AN AMAZING CONFESSION

Mr. and Mrs. Merry were seated the next day in the kitchen having a
long chat. It was not a pleasant one, for Mrs. Merry was weeping as
usual, and reproaching her husband. Giles had been out to see his
old cronies in the village, and consequently had imbibed sufficient
liquor to make him quarrelsome. The first thing he did, when he
flung himself into a chair, was to grumble at the kitchen.

"Why should we sit here, Selina?" he asked; "it's a blamed dull hole,
and I'm accustomed to drawing-rooms."

"You can't go into the drawing-room," said Mrs. Merry, rocking and
dabbing her red eyes with the corner of her apron. "Miss Eva is in
there with a lady. They don't want to be disturbed."

"Who is the lady?" demanded Signor Antonio, alias Mr. Merry.

"Lady Ipsen. She's Miss Eva's grandmother and have called to see
her. What about, I'm sure I don't know, unless it's to marry her to
Lord Saltars, not that I think much of him."

"Lady Ipsen--old Lady Ipsen?" said Giles slowly, and his eyes
brightened; "she's an old devil. I knew her in the days when I and
Hill and Strode enjoyed ourselves."

"And bad old days they were," moaned Mrs. Merry; "you'd have
been a better man, Giles, if it hadn't been for that Strode. As for the
jelly-fish, he was just a shade weaker than you. Both of you were
under the thumb of Strode, wicked man that he was, and so cruel to
his wife, just as you are, Giles, though you mayn't think so. But if I
die----"

"You will, if you go on like this," said Merry, producing his pipe; "this
is a nice welcome. Old Lady Ipsen," he went on, and laughed in so
unpleasant a manner, that his wife looked up apprehensively.

"What wickedness are you plotting now?" she asked timidly.

"Never you mind. The marriage of Lord Saltars," he went on with a

chuckle. "Ho! he's going to marry Miss Lorry."

"So they say. But I believe Lady Ipsen wants to stop that marriage,
and small blame to her, seeing what a man he----"

"Hold your jaw, Selina. I can't hear you talking all day. You get me
riz and you'll have bad time, old girl. So go on rocking and crying
and hold that red rag of yours. D'ye hear?"

"Yes, Giles--but Lord Saltars----"

"He's going to marry Miss Lorry, if I let him."

Mrs. Merry allowed the apron to fall from her eyes in sheer
amazement. "If you let him?" she repeated; "lor', Giles, you can't
stop his lordship from----"

"I can stop her.," said Merry, who seemed determined never to let
his wife finish a sentence; "and I've a mind to, seeing how nasty
she's trying to make herself." He rose. "I'll see Miss Eva and make
trouble."

"If you do, Mr. Allen will interfere," said Mrs. Merry vigorously. "I
knew you'd make trouble. It's in your nature. But Miss Lorry wrote to
Miss Eva and said she'd interfere if you meddled with what ain't your
business."

Giles shook off the hand his wife had laid on his arm, and dropped
into a chair. He seemed dumfoundered by the information. "She'll
interfere, will she?" said he, snarling, and with glittering eyes. "Like
her impudence. She can't hurt me in any way----"
"She may say you killed Strode," said Mrs. Merry.

Giles raised a mighty fist with so evil a face, that the woman
cowered in her chair. Giles smiled grimly and dropped his arm.

"You said before, as I'd killed Strode. Well then, I didn't."

"How do I know that?" cried his wife spiritedly; "you can strike me,
but speak the truth I will. Bad as you are, I don't want to see you
hanged, and hanged you will be, whatever you may say. I heard
from Cain that you talked to Strode on the Wednesday night he was
killed. You met him at the station, when he arrived by the six-thirty,
and----"

"What's that got to do with the murder?" snapped Giles savagely. "I
talked to him only as a pal."

"Your wicked London friends were there too," said Mrs. Merry; "oh,
Cain told me of the lot you're in with; Father Don, Foxy, and Red
Jerry--they were all down at Westhaven, and that boy Butsey too, as
lied to me. You sent him here to lie. Cain said so."

"I'll break Cain's head if he chatters. What if my pals were at

Westhaven? what if I did speak to Strode----?"

"You was arranging to have him shot," said Mrs. Merry, "and shot
him yourself for all I know."

Signor Antonio leaped, and taking his wife by the shoulders, shook
her till her head waggled. "There," he said, while she gasped, "you
say much more and I'll knock you on the head with a poker, you
poll-parrot. I was doing my turn at the circus at the time Strode was
shot, if he was shot at nine on Wednesday as the doctor said. I saw
the evidence in the paper. You can't put the crime on me."

"Then your pals did it."

"No, they didn't. They wanted the diamonds, it's true----"

"They struck him down and robbed him."

"You said they shot him just now," sneered Giles with an evil face,
"don't know your own silly mind, it seems. Gar'n, you fool, there was
nothing on him to rob. If my pals had shot him, they'd have collared
the wooden hand. That was the token to get the diamonds, as Red
Jerry said. But Mask hasn't got them, and though Father Don did
open the hand he found nothing."

"Open the hand?" questioned Mrs. Merry curiously.

"Yes. We found out--I found out, and in a way which ain't got
nothing to do with you, that the hand could be opened. It was quite
empty. Then Father Don put it aside, and that brat Butsey prigged it.
Much good may it do him."

"The wooden hand was put on the doorstep last night," said Mrs.
Merry, "and I gave it to Miss Eva."

The man's face grew black. "Oh, you did, did you," he said, "instead
of giving it to your own lawful husband? I've a mind to smash you,"
he raised his fist again, and his poor wife winced; then he changed
his mind and dropped it. "But you ain't worth a blow, you white-
faced screeching cat. I'll see Miss Eva and make her give up the
hand myself. See if I don't."

"Mr. Allen will interfere."

"Let him," snarled Merry; "I know something as will settle him. I
want that hand, and I'm going to have it. Get those diamonds I will,
wherever they are. I believe Butsey's got 'em. He's just the sort of
little devil as would have opened that hand, and found the paper
inside, telling where the diamonds were."

"But did he have the hand?"

"Yes, he did. He dug up the hand--never mind where--and brought it
to me. It was empty then. Yes, I believe Butsey has the diamonds,
so the hand will be no go. Miss Eva can keep it if she likes, or bury it
along with that infernal Strode, who was a mean cuss to round on
his pals the way he did."

"Ah! he was a bad man," sighed Mrs. Merry; "and did he----?"

"Shut up and mind your own business," said Giles in surly tones. He
thought he had said too much. "It's that Butsey I must look for. He
stole the hand from Father Don and left it on your doorstep, for Miss
Eva, I suppose. He must be in the place, so I'll look for him. I know
the brat's playing us false, but his father's got a rod in pickle for him,
and----"

"Oh, Giles, Giles, you'll get into trouble again. That Wasp----"

"I'll screw his neck if he meddles with me," said the strong man
savagely; "see here, Selina, I'm not going to miss a chance of
making a fortune. Those diamonds are worth forty thousand pounds,
and Butsey's got them. I want money to hunt him down and to do--
other things," said Giles, hesitating, "have you got five hundred?"

"No," said Mrs. Merry with spirit, "and you shouldn't have it if I had.
You're my husband, Giles, worse luck, and so long as you behave
yourself, I'll give you roof and board, though you are not a nice man
to have about the house, but money you shan't have. I'll see Mr.
Mask first. He's looking after my property, and if you----"

"I'll do what I like," said Giles, wincing at the name of Mask; "if I
wasn't your husband, you'd chuck me, I 'spose."

"I would," said Mrs. Merry, setting her mouth, "but you're married to
me, worse luck. I can't get rid of you. See here, Giles, you go away
and leave me and Cain alone, and I'll give you five pounds."
"I want five hundred," said Giles, "I'll stop here as long as I like. I'm
quite able to save myself from being accused of Strode's murder. As
to Cain," Giles chuckled, "he's taken up with a business you won't
like, Selina?"

"What is it?--oh, what is it?" gasped Mrs. Merry, clasping her hands.

"The Salvation Army."

"What! Has he joined the Salvation Army?"

"Yes," sneered the father; "he chucked the circus at Chelmsford, and
said it was a booth of Satan. Now he's howling about the street in a
red jersey, and talking pious."

Mrs. Merry raised her thin hands to heaven. "I thank God he has
found the light," she said solemnly, "I'm Methodist myself, but I hear
the Army does much good. If the Army saves Cain's immortal soul,"
said the woman, weeping fast, "I'll bless its work on my bended
knees. I believe Cain will be a comfort to me after all. Where are you
going, Giles--not to the drawing-room?"

"As far as the door to listen," growled Merry. "I'm sick of hearing you
talk pious. I'll come and stop here, and twist Cain's neck if he prays
at me."

"Trouble--trouble," wailed Mrs. Merry, wringing her hands, "I wish

you'd go. Cain and me would be happier without you, whatever you
may say, Giles, or Signor Antonio, or whatever wickedness you call
yourself. Oh, I was a fool to marry you!"

Giles looked at her queerly. "Give me five hundred pounds, and I

won't trouble you again," he said, "meanwhile"--he moved towards
the door. Mrs. Merry made a bound like a panther and caught him.

"No," she said, "you shan't listen."

Giles swept her aside like a fly, and she fell on the floor. Then with a
contemptuous snort he left the kitchen and went into the passage
which led to the front. On the right of this was the door of the
drawing-room, and as both walls and door were thin, Mr. Merry had
no difficulty in overhearing what was going on within. Could his eyes
have seen through a deal board, he would have beheld an old lady
seated in the best arm-chair, supporting herself on an ebony crutch.
She wore a rich black silk, and had white hair, a fresh complexion, a
nose like the beak of a parrot, and a firm mouth. The expression of
the face was querulous and ill-tempered, and she was trying to bring
Eva round to her views on the subject of Saltars' marriage. The girl
sat opposite her, very pale, but with quite as determined an
expression as her visitor.

"You're a fool," said Lady Ipsen, striking her crutch angrily on the
ground. "I am your grandmother, and speak for your good."

"It is rather late to come and speak for my good, now," said Eva
with great spirit; "you have neglected me for a long time."

"I had my reasons," said the other sharply. "Jane, your mother,
married Strode against my will. He was of good birth, certainly, but
he had no money, and besides was a bad man."

"There is no need to speak evil of the dead."

"The man's being dead doesn't make him a saint, Eva. But I'll say no
more about him, if you'll only listen to reason."

"I have listened, and you have my answer," said Eva quietly; "I am
engaged to Allen Hill, and Allen Hill I intend to marry."

"Never, while I have a breath of life," said the old woman angrily.
"Do you think I am going to let Saltars marry this circus woman? No!
I'll have him put in gaol first. He shall not disgrace the family in this
way. Our sons take wives from theatres and music-halls," said Lady
Ipsen grimly, "but the sawdust is lower than either. I shan't allow the
future head of the house to disgrace himself."

"All this has nothing to do with me," said Eva.

"It has everything to do with you," said Lady Ipsen quickly; "don't I
tell you that Saltars, since he saw you at that Mrs. Palmer's, has
taken a fancy to you? It would take very little for you to detach him
from this wretched Miss Lorry."

"I don't want to, Lady Ipsen!"

"Call me grandmother."

"No. You have never been a grandmother to me. I will be now,"

Lady Ipsen tried to soften her grim face; "I wish I'd seen you
before," she added, "you're a true Delham, with very little of that
bad Strode blood in you, unless in the obstinacy you display. I'll take
you away from this Mrs. Palmer, Eva----"

"I have no wish to leave Mrs. Palmer."

"You must. I won't have a granddaughter of mine remain in a

situation with a common woman."

"Leave Mrs. Palmer alone, Lady Ipsen. She is a good woman, and
when my relatives forsook me she took me up. If you had ever loved
me, or desired to behave as you should have done, you would have
come to help me when my father was murdered. And now," cried
Eva, rising with flashing eyes, "you come when I am settled, to get
me to help you with your schemes. I decline."

The old woman, very white and with glittering eyes, rose. "You
intend then to marry Allen Hill?"

"Yes, I do."
"Well then, you can't," snapped the old woman; "his mother isn't
respectable."

"How dare you say that?" demanded Eva angrily.

"Because I'm accustomed to speak my mind," snapped Lady Ipsen,

glaring; "it is not a chit like you will make me hold my peace. Mrs.
Hill was in our family as a governess before your father married my
daughter Jane."

"What of that?"

"Simply this: a valuable diamond necklace was lost--an heirloom. I

believe Mrs. Hill stole it."

Eva laughed. "I don't believe that for one moment," she said
scornfully. "Mrs. Hill is a good, kind, sweet lady."

"Lady she is, as she comes of good stock. Sweet I never thought
her, and kind she may be to you, seeing she is trying to trap you into
marrying her miserable son----"

"Don't you call Allen miserable," said Eva, annoyed; "he is the best
man in the world, and worth a dozen of Lord Saltars."

"That would not be difficult," said Lady Ipsen, sneering; "Saltars is a

fool and a profligate."

"And you expect me to marry him?"

"To save him from disgracing the family."

"The Delham family is nothing to me," said Eva proudly; "look after
the honour of the family yourself, Lady Ipsen. As to this talk about
Mrs. Hill, I don't believe it."

"Ask her yourself, then."

"I shall do so, and even, if what you say is true, which I don't
believe, I shall still marry Allen."

"Eva," the old lady dropped into her seat, "don't be hard on me. I
am old. I wish you well. It is true what I say about Mrs. Hill. You
can't marry her son."

"But I can, and I intend to."

"Oh, this marriage--this disgraceful marriage!" cried the old woman

in despair, "how can I manage to stop it. This Miss Lorry will be
married to Saltars soon, if I can't put an end to his infatuation."

Eva shrugged her shoulders. "I can give you no help."

"You might plead with Saltars."

"No. I can't do that. It is his business, not mine. Why don't you offer
Miss Lorry a sum of money to decline the match?"

"Because she's bent upon being Lady Saltars, and will stop at
nothing to achieve her end. I would give five hundred--a thousand
pounds to stop the marriage. But Miss Lorry can't be bribed."

It was at this point that Giles opened the door softly and looked in.
"Make it fifteen hundred, your ladyship, and I'll stop the marriage,"
he said impudently.

"Giles," cried Eva, rising indignantly, "how dare you----?"

"Because I've been listening, and heard a chance of making money."

Mrs. Merry burst in at her husband's heels. "And I couldn't stop him
from listening, Miss Eva," she said, weeping; "he's a brute. Don't
give him the money, your ladyship; he's a liar."

"I'm not," said Giles coolly, "for fifteen hundred pounds I can stop
this marriage. I have every reason to hate Miss Lorry. She's been
playing low down on me, in writing to you, Miss Strode, and it's time
she learned I won't be put on. Well, your ladyship?"

The old woman, who had kept her imperious black eyes fixed on
Giles, nodded. "Can you really stop the marriage?"

"Yes I can, and pretty sharp too."

"Then do so and you'll have the fifteen hundred pounds."

"Will you give me some writing to that effect?"

"Yes," said Lady Ipsen, becoming at once a business woman; "get

me some ink and paper, Eva."

"Stop," said Giles politely--so very politely that his poor wife stared.
"I don't doubt your ladyship's word. Promise me to send to this
address," he handed a bill containing the next place where Stag's
Circus would perform, "one thousand five hundred in notes, and I'll
settle the matter."

"I'll bring the money myself," said Lady Ipsen, putting away the bill;
"you don't get the money till I know the truth. How can you stop the
marriage? Tell me now."

"Oh, I don't mind that," said Giles, shrugging. "I'm sure you won't
break your word, and even if you were inclined to you can't, if you
want to stop the marriage. You can't do without me."

"Speak out, man," said Lady Ipsen sharply.

"Well then----" began Giles and then hesitated, as he looked at poor

faded Mrs. Merry in her black stuff dress. "Selina, you give me
fifteen hundred pounds and I'll not speak."

"What have I got to do with it?" asked his wife, staring.

"It will be worth your while to pay me," said Merry threateningly.
"I can't and I won't, whatever you may say. Tell Lady Ipsen what
you like. Your wickedness hasn't anything to do with me."

"You'll see," he retorted, turning to the old lady. "I've given you the
chance. Lady Ipsen, I accept your offer. Lord Saltars can't marry
Miss Lorry, because that lady----"

"Well, man--well."

"That lady," said Giles, "is married already."

"Who to?" asked Eva, while Lady Ipsen's eyes flashed.

"To me," said Merry; "I married her years ago, before I met Selina."

"Then I am free--free," cried Eva's nurse; "oh, thank heaven!" and

she fell down on the floor in a faint, for the first and last time in her
life.

CHAPTER XXI

THE DIAMONDS

At seven o'clock that same evening Allen and his American friend
were walking to Mrs. Palmer's to dine. As yet, Allen knew nothing of
what had transpired at Misery Castle, for Eva was keeping the story
till they met. But as the two men passed the little inn they saw Giles
Merry descend from a holiday-making char-à-banc.. Two or three
men had just passed into the inn, no doubt to seek liquid
refreshment. Allen knew Merry's face, as Mrs. Merry had shown him
a photograph of Signor Antonio in stage dress, which she had
obtained from Cain. The man was a handsome and noticeable
blackguard, and moreover his good looks were reproduced in Cain.
Therefore young Hill knew him at once, and stepped forward.

"Good evening, Mr. Merry," he said; "I have long wished to meet
you."

Giles looked surly. "My name is Signor Antonio, monsieur," he said.

"Oh," mocked Allen, "and being Italian you speak English and French
badly?"

"What do you want?" demanded Giles savagely, and becoming the

English gipsy at once. "I've no time to waste?"

"Why did you send that cross to Mr. Hill?"

Giles grinned. "Just to give him a fright," he said. "I knew he was a
milk-and-water fool, as I saw a lot of him in the old days, when I did
Strode's dirty work."

"You dug up the wooden hand?"

"No, I didn't. Butsey, who was on the watch, saw Hill plant it, and
dug it up. He brought it to me, and I gave it to Father Don. Then
Butsey stole it back, and passed it along to that young woman
you're going to marry."

"I guess," said Horace at this point, "you'd best speak civil of Miss
Strode. I'm not taking any insolence this day."

Allen nodded approval, and Giles cast a look over the big limbs of
the American. Apparently, strong man as he was, he thought it
would be best not to try conclusions with such a giant. "I wish I'd
met you in Father Don's den," he said. "I'd have smashed that
handsome face of yours."
"Two can play at that game," said Allen quietly; "and now, Mr. Merry,
or Signor Antonio, or whatever you choose to call yourself, why
shouldn't I hand you over to Wasp?"

"You can't bring any charge against me."

"Oh, can't I? You know something about this murder----"

"I was playing my turn at the circus in Westhaven when the shot
was fired," said Giles coolly.

"I didn't say you shot the man yourself; but you know who did."

"No, I don't," said Merry, his face growing dark; "if I did know the
man, I'd make him a present. I'd like to have killed Strode myself.
He played me many a dirty trick, and I said I'd be even with him.
But some one else got in before me. As to arrest," he went on
sneeringly, "don't you think I'd be such a fool as to come down here,
unless I was sure of my ground. Arrest me indeed!"

"I can on suspicion. You're in with the Perry Street gang."

Giles cast a look towards the inn and laughed. "Well, you've got to
prove that I and the rest have done wrong, before you can run us all
in."

"The wooden hand----"

"Oh, we know all about that, and who stole it," said Giles meaningly.

Allen started. He saw well enough that he could not bring Giles to
book without mentioning the name of his father. Therefore he
changed his mind about calling on Wasp to interfere, and contented
himself with a warning. "You'd best clear out of this by to-morrow,"
said he angrily. "I shan't have you, troubling your wife."
"My wife! Ha--ha!" Merry seemed to find much enjoyment in the
remark.

"Or Miss Strode either."

"Oh," sneered the man insolently, "you'd best see Miss Strode. She
may have something interesting to tell you. But I can't stay talking
here for ever. I'm going back to Shanton to-night. Come round at
eleven," he said to the driver of the char-à-banc.. "We'll drive back in
the moonlight."

"I think you'd better," said Allen grimly; "you stop here to-morrow,
and whatever you may know about a person, whose name need not
be mentioned, I'll have you run in."

"Oh, I'll be gone by to-morrow," sneered Merry again, and took his
cap off with such insolence that Horace longed to kick him, "don't
you fret yourself. I'm a gentleman of property now, and intend to cut
the sawdust and go to South Africa--where the diamonds come
from," he added with an insolent laugh, and then swung into the
inn, leaving Allen fuming with anger. But there was no use in making
a disturbance, as the man could make things unpleasant for Mr. Hill,
so Allen walked away with Horace to Mrs. Palmer's.

It would have been wiser had he entered the inn, for in the coffee-
room were three men, whom he might have liked to meet. These
were Father Don smartly dressed as a clergyman, Red Jerry as a
sailor, and Foxy in a neat suit of what are known as hand-me-downs.
The trio looked most respectable, and if Jerry's face was somewhat
villainous, and Foxy's somewhat sly, the benevolent looks of Father
Don were above suspicion. Giles sat down beside these at a small
table, and partook of the drinks which had been ordered. The
landlord was under the impression that the three men were over on
a jaunt from Shanton, and intended to return in the moonlight.
Merry had met them at the door, and now came in to tell them his
plans.
"I've arranged matters," he said in a low voice to Father Don, "the
groom Jacobs is courting some young woman he's keeping company
with, and the women servants have gone to a penny reading the
vicar is giving."

"What of young Hill and his friend?"

"They are dining with Mrs. Palmer. The house is quite empty, and
contains only Mr. and Mrs. Hill. I have been in the house before, and
know every inch of it. I'll tell you how to get in."

"You'll come also?" said Foxy suspiciously.

"No," replied Giles. "I'll stop here. I've done enough for the money.
If you're fools enough to be caught, I shan't be mixed up in the
matter."

"We won't be caught," said Father Don with a low laugh; "Jerry will
keep guard at the window, and Foxy and I will enter."

"How?" asked the sharp-faced man.

"By the window," said Giles. "I explained to Father Don here, in
London. Hill has taken up his quarters in a Japanese room on the
west side of the house, just over the wall. There are French windows
opening on to the lawn. You can steal up and the grass will deaden
the sound of footsteps. It goes right up to the window. That may be
open. If not, Jerry can burst it, and then you and Don can enter."

"But if Hill isn't alone?"

"Well then, act as you think best. Mrs. Hill's twice the man her
husband is. She might give the alarm. But there's no one in the
house, and she'll have to sing out pretty loudly before the alarm can
be given to the village."
"There won't be any alarm," said Father Don calmly. "I intend to
make use of that paper I got from you. Where did you get it,
Merry?"

"From Butsey. I found him with Strode's blue pocket-book, and made
a grab at it. I saw notes. But Butsey caught those and bolted. I got
the book and some papers. The one I gave you, Don, will make Hill
give up the diamonds, if he has them."

"He must have them," said Don decidedly, "we know from the letter
sent to Mask, and which was left at his office by Butsey, that the
hand could be opened. I did open it and found nothing. I believe
that Strode stored the diamonds therein. If Hill stole the hand, and
took it home, he must have found the diamonds, and they are now
in his possession. I expect he looked for them."

"No," said Merry grimly, "he was looking for that paper you intend to
show him. He'll give up the diamonds smart enough, when he sees
that. Then you can make for Westhaven----"

"What of the charry-bang?" asked Jerry in heavy tones.

"That's a blind. It will come round at eleven, but by that time we will
all be on our way to Westhaven. If there is pursuit, Wasp and his
friend will follow in the wrong direction. Then Father Don can make
for Antwerp, and later we can sell the diamonds. But no larks," said
Merry, showing his teeth, "or there will be trouble."

"Suppose young Hill and his friend tell the police?"

"Oh," said Giles, grinning, "they will do so at the risk of the contents
of that paper being made public. Don't be a fool, Don, you've got
the whole business in your own hands. I don't want a row, as I have
to meet a lady in a few days," Giles grinned again, when he thought
of Lady Ipsen, "and we have to do business."
So the plan was arranged, and after another drink Father Don and
stroll in the village to "see the venerable church in the moonlight,"
as the pseudo clergyman told the landlord. But when out of sight,
the trio changed the direction of their walk, and made for "The
Arabian Nights" at the end of the village. Departing from the high-
road they stole across a large meadow, and, in a dark corner,
climbed the wall. Father Don was as active as any of them, in spite
of his age. When the three rascals were over the wall and standing
on a smoothly-shaven lawn, they saw the range of the Roman
pillars, but no light in the windows. "It's on the west side," said Don
in a whisper; "come along, pals."

The three crept round the black bulk of the house and across the
drive. All was silent and peaceful within the boundary of the wall.
The moonlight silvered the lawns and flower-beds and made
beautiful the grotesque architecture of the house. A few steps taken
in a cat-like fashion brought the thieves to the west side. They here
saw a light glimmering through three French windows which opened
on to a narrow stone terrace. From this, the lawn rolled smoothly to
the flower-beds, under the encircling red brick wall. Father Don
pointed to the three windows.

"The middle one," he said quietly; "see if it's open, Foxy. If not, we'll
have to make a certain noise. And look inside if you can."

Foxy stole across the lawn and terrace and peered in. After a time,
he delicately tried the window and shook his head. He then stole
back to report, "Hill is lying on the sofa," he said, "and his wife is
seated beside him. He's crying about something."

"We'll give him something to cry about soon," said Father Don,
feeling for the paper which he had received from Giles. "Smash the
middle window in, Jerry."

Without the least concealment the huge man rushed up the slope
and hurled his bulk against the window. The frail glass gave way and
he fairly fell into the centre of the room. With a shrill cry of terror,
Hill sprang from the sofa, convulsively clutching the hand of his wife,
while Mrs. Hill, after the first shock of alarm, faced the intruders
boldly. By this time Father Don with Foxy behind him was bowing to
the disturbed couple. Jerry took himself out of the room, and
guarded the broken window.

"Who are you? what do you want?" demanded Mrs. Hill. "If you
don't go I'll ring for the servants."

"I am afraid you will give yourself unnecessary trouble," said Don
suavely. "We know the servants are out."

"What do you want?"

"We'll come to that presently. Our business has to do with your

husband, Mr. Hill"--Father Don looked at the shivering wretch.

"I never harmed you--I don't know you," mumbled Hill. "Go away--
leave me alone--what do you want?"

"We'll never get on in this way.--No, you don't," added Don, as Mrs.
Hill tried to steal to the door, "Go and sit down by your good
husband," and he enforced this request by pointing a revolver.

"I am not to be frightened by melodrama," said Mrs. Hill scornfully.

"Sit down, Sarah--sit down," said Hill, his teeth chattering.

The woman could not help casting a contemptuous look on the

coward, even though she fancied, she owed so much to him. But, as
she was a most sensible woman, she saw that it would be as well to
obey. "I am ready to hear," she said, sitting by Hill, and putting her
strong arm round the shivering, miserable creature.

"I'll come to the point at once," said Don, speaking to Hill, "as we
have not much time to lose. Mr. Hill, you have forty thousand
pounds' worth of diamonds here. Give them up!"

Hill turned even paler than he was. "How do you know that?" he
asked.

"It can't be true," put in Mrs. Hill spiritedly. "If you are talking of Mr.
Strode's diamonds, my husband hasn't got them."

"Your husband stole the wooden hand from the dead," said Foxy,
with his usual snarl. "He took it home and opened it."

"I did not know it contained the diamonds," babbled Hill.

"No. You thought it contained a certain document," said Don, and

produced a paper from his pocket, "a blue paper document, not very
large--of such a size as might go into a wooden hand, provided the
hand was hollow as it was. Is this it?"

Hill gave a scream and springing up bounded forward. "Give it to

me--give it!' he cried.

"For the diamonds," said Father Don, putting the paper behind him.

"You shall have them. I hid them in this room--I don't want them,
but that paper--it is mine."

"I know that--signed with your name, isn't it? Well, bring out the
diamonds, and, when you hand them over----"

"You'll give me the paper?"

Foxy shook his head as Father Don looked inquiringly at him. "No,
we must keep that paper, so as to get away--otherwise you'll be
setting the police on our track."

"I swear I won't--I swear----" Hill dropped on his knees, "I swear----"
His wife pulled him to his feet. "Try and be a man, Lawrence," she
said. "What is this document?"

"Nothing--nothing--but I must have it," cried Hill jerking himself

away. He ran across the room, and fumbled at the lock of a cabinet.
"See--see--I have the diamonds! I found them in the hand--I put
them into a canvas bag--here--here--" his fingers shook so that he
could hardly open the drawer. Foxy came forward and kindly helped
him. Between the two, the drawer was opened. Hill flung out a mass
of papers, which strewed the floor. Then from beneath these, he
hauled a small canvas bag tied at the mouth and sealed. "All the
diamonds are here," he said, bringing this to Don and trying to open
it. "Forty thousand pounds--forty--for God's sake--" he broke off
hysterically--"the paper, the paper I signed!"

Don took possession of the bag and was about to hand over the
document, when Foxy snatched it. "We'll send this from the
Continent," he said, "while we have this, you won't be able to set
the peelers on us."

Hill began to cry and again fell on his knees, but Father Don took no
notice of him. He emptied the contents of the bag on the table and
there the jewels flashed in the lamp-light, a small pile of very fine
stones. While he gloated over them, Mrs. Hill laid her hand on Foxy's
arm: "What is in that paper?" she asked sternly.

"Don't tell her--don't tell her!" cried Hill.

"Lawrence!"

But he put his hands to his ears and still cried and grovelled. "I shall
go mad if you tell her! I shall--ah--oh--ugh--!" he suddenly clutched
at his throat and reeled to the sofa.

Mrs. Hill took little notice of him. "Read me the document," she said.
"I can almost repeat it from memory," said Foxy, putting the paper
into his pocket; "it's simply a confession by your husband that he
stole a certain necklace belonging to----"

"The Delham heirloom!" cried Mrs. Hill, turning grey, and recoiling.

"Yes, and also a promise to withdraw from seeking to marry Lady

Jane Delham, and to marry you."

"Oh!" Mrs. Hill turned such a withering look on her miserable

husband, that he shrank back and covered his eyes. "So this is the
real reason of your chivalry?"

"Yes," said Father Don, who had placed the diamonds again in his
bag, and stood up, "I heard some of the story from Giles Merry, and
read the rest in the signed document. It was Hill who stole the
necklace. He took the key from the schoolroom, where it had been
left by Lady Ipsen. He opened the safe, and collared the necklace.
Near the door, he left a handkerchief of yours, Mrs. Hill, so that, if
there was danger, you might be accused. Strode found the
handkerchief, and knowing Hill had possessed it, made him confess.
Then he made Hill sign the confession that he had stolen the
necklace, and also made him promise to marry you."

Mrs. Hill sank down with a stern, shamed look, "So this was your
chivalry," she said, looking again at her husband, "you stole the
necklace--you let me bear the shame--you tried to incriminate me--
you pretended to wed me to save me from starvation, and--oh, you-
-you shameless-creature!" she leaped, and made as though she
would have struck Hill; the man cowered with a cry of alarm like a
trapped rabbit.

"What became of the necklace?" she asked Don sharply.

"Strode made Hill sell it, and they divided the profits."
"Eva's father also," moaned Mrs. Hill, covering her face, "oh, shame-
-shame--shall I ever be able to look on this man's face again!"

Hill attempted to excuse himself, "I didn't get much money," he

wailed. "I let Strode take the lot. He carried the confession in his
wooden hand--that's why I took it. I stole the hand and opened it--
but the confession wasn't in it--I found the diamonds, and I have
given them to you--let me have the paper!" he bounded to his feet,
and snatching a dagger from a trophy of arms on the wall made for
Foxy, "I'll kill you if you don't give it to me!"

Father Don dodged behind a chair, while Foxy, who was right in the
centre of the room, ran for the window, and, bursting past Jerry,
raced down the lawn with Hill after him, the dagger upraised. Round
and round they went, while Mrs. Hill stood on the terrace, looking on
with a deadly smile. Had Hill been struck down, she would have
rejoiced. Don twitched the arm of Jerry.

"Let's cut," he said; "I've got the swag, Foxy can look after himself,"
and these two gentlemen left the house hurriedly.

Mrs. Hill saw them disappear without anxiety. The blow she had
received seemed to have benumbed her faculties. To think that she
had been so deceived and tricked. With a stony face she watched
Foxy flying round the lawn, with the insane man--for Hill appeared to
be mad--after him. Foxy, in deadly terror of his life, seeing his pals
disappear, tore the document from his pocket, threw it down, and
ran panting towards the wall. While he scaled it, Hill picked up the
paper and tore it, with teeth and hands, into a thousand shreds. The
three scoundrels had disappeared, and Mrs. Hill looked down coldly
on her frantic husband. Hill danced up to the terrace, and held out
his hands. "Happiness--happiness, I am safe."

"Coward," she said in a terrible voice. Her husband looked at her,

and then began to laugh weirdly. Then with a cry, he dropped.

"I hope he is dead," said Mrs. Hill, looking down on him with scorn.
 CHAPTER XXII

BUTSEY'S STORY

There was no excitement in Wargrove next day over the burglars

who had entered "The Arabian Nights," for the simple reason that
the village knew nothing about the matter. But a rumour was
current, that Mr. Hill had gone out of his mind. No one was
astonished, as he had always been regarded as queer. Now, it
appeared, he was stark, staring mad, and no longer the harmless
eccentric the village had known for so long. And the rumour was
true.

"It is terrible to think of the punishment which has befallen him,

Allen," said Mrs. Hill the next morning; "but can we call it
undeserved?"

"I suppose not," answered her son gloomily. "I wish I had remained
at home last night, mother."

"Things would have been worse, had you remained. There would
have been a fight."

"I would have saved Eva's diamonds, at all events."

"Let the diamonds go, Hill," chimed in Parkins, who formed a third in
the conversation, "they were come by dishonestly, and would have
brought no luck. You come out to Bolivia, and fix up the mine. Then
you can make your own coin, and marry Miss Strode."
"But you forget, Mr. Parkins," said Mrs. Hill, "I am now rich, and
Allen need not go to America."

"No, mother," said Allen hastily, "I'll go. You will do much more good
with my father's money than I can. Besides----" he hesitated, and
looked at Horace. The American interpreted the look.

"Guess you want a little private conversation," he said; "well I'll light
out and have a smoke. You can call me when you want me again,"
and Mr. Parkins, producing his pipe, left the room.

"My poor mother," said Allen, embracing her, "don't look so sad. It is
very terrible and----

"You can't console me, Allen," said the poor woman bitterly, "so do
not try to. To think that I should have believed in that man all these
years. He was a thief--doubly a thief; he not only robbed the
Delhams of the necklace, but robbed the dead, and me of my good
name."

"I almost think the dead deserved to be robbed," said Allen; "I begin
to believe, mother, that Strode was my father's evil genius as he said
he was. Why should my father steal this necklace, when he had
plenty of money?"

"He had not at the time. I think his father kept him short. He took
the necklace, I expect, under the strong temptation of finding the
key in the schoolroom."

"I believe Strode urged him to steal it," said Allen, "and at all events
Strode was not above profiting by the theft. And it was Strode who
brought about the marriage----"

"By threats," said Mrs. Hill grimly, "I expect, Strode swore he would
reveal the truth, unless Lawrence married me. And I thought
Lawrence acted so, out of chivalry."
"But if Strode had revealed the truth he would have incriminated
himself."

"Ah, but, as I learn, he waited till after I was married before he

disposed of the necklace. Then he sold it through Father Don, who
was his associate in villainy. However, Strode is dead and your father
is mad. I wonder what fate will befall Merry and those wretches he
associates with?"

"Oh, their sins will come home to them, never fear," said Allen, in a
prophetic vein. "I suppose it is best to let the matter rest."

"Certainly. Father Don and his two associates have got away. What
about Merry?"

"He went almost at once to Shanton, and did not pay for the char-à-
banc.. The owner is in a fine rage and drove back to Shanton at
midnight, vowing to summons Merry, who was responsible for its
ordering."

"Well, they are out of our life at last," said his mother, "we now
know the secret which caused your unhappy father to try and
murder Strode, and did make him steal the hand. The confession
has been destroyed, so no one can say anything. Merry will not
speak----"

"No; that's all right. Merry is going to receive money from old Lady
Ipsen, for stopping the marriage of Saltars with Miss Lorry. I expect
he will go to Africa as he says. He'll hold his tongue and so will the
others. But they have the diamonds, and poor Eva receives nothing."

"I agree with Mr. Parkins," said Mrs. Hill quickly, "the jewels were
come by dishonestly, and would have brought no good fortune. Will
you tell Eva anything, Allen?"

"No. I'll tell her as little as possible. No one, but you, I, and Parkins,
know of the events of last night. My poor father has been reported ill
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

textbookfull.com