TPM@wiki
TPM Work Group
Generally, pushing the security down to the hardware level in conjunction with software is a better solution than just using software that can be compromised by an attacker.
Trusted Platform Module is a hardware chip embedded on the motherboard that can be used to authenticate a hardware device. Since each TPM chip is unique to a particular device, it is capable of performing platform authentication. It can be used to verify that the system seeking the access is the expected system.
In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a microcontroller that can store secured information, as well as the general name of implementations of that specification.
Remote attestation creates an unforgeable summary of the software on a computer, allowing a third party (such as a digital music store) to verify that the software has not been compromised.
Sealing encrypts data in such a way that it may be decrypted only in the exact same state (that is, it may be decrypted only on the computer it was encrypted running the same software).
Binding data using the TPM Endorsement Key (a unique RSA key put in the chip during its production) or another 'trusted' key .
The first feature is seen as a potential threat to privacy by many, while the second and the third are often seen as a herald to Digital Rights Management systems of unprecedented restrictiveness. Direct anonymous attestation improves privacy, but is still considered insufficient by some.
Microsoft's new desktop operating system Windows Vista will use this technology as part of the feature BitLocker Drive Encryption. Available only in Ultimate and Enterprise editions of Windows Vista, BitLocker will encrypt the computer's boot volume and provide integrity authentication for a trusted boot pathway (i.e. BIOS, boot sector, etc.).
TPM Work Group
Generally, pushing the security down to the hardware level in conjunction with software is a better solution than just using software that can be compromised by an attacker.
Trusted Platform Module is a hardware chip embedded on the motherboard that can be used to authenticate a hardware device. Since each TPM chip is unique to a particular device, it is capable of performing platform authentication. It can be used to verify that the system seeking the access is the expected system.
In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a microcontroller that can store secured information, as well as the general name of implementations of that specification.
What it does:
A Trusted Platform Module offers facilities for secure generation of cryptographic keys, the abilities to limit the use of keys (to either signing / verification or encryption / decryption), as well as a hardware Random Number Generator. Its three most controversial features are remote attestation, binding, and sealing.Remote attestation creates an unforgeable summary of the software on a computer, allowing a third party (such as a digital music store) to verify that the software has not been compromised.
Sealing encrypts data in such a way that it may be decrypted only in the exact same state (that is, it may be decrypted only on the computer it was encrypted running the same software).
Binding data using the TPM Endorsement Key (a unique RSA key put in the chip during its production) or another 'trusted' key .
The first feature is seen as a potential threat to privacy by many, while the second and the third are often seen as a herald to Digital Rights Management systems of unprecedented restrictiveness. Direct anonymous attestation improves privacy, but is still considered insufficient by some.
Uses...ahan.....
Microsoft's new desktop operating system Windows Vista will use this technology as part of the feature BitLocker Drive Encryption. Available only in Ultimate and Enterprise editions of Windows Vista, BitLocker will encrypt the computer's boot volume and provide integrity authentication for a trusted boot pathway (i.e. BIOS, boot sector, etc.).
Windows....
Future Windows versions are expected to have increased TPM and BitLocker support for additional cryptographic features and expanded volume encryption. BitLocker requires two NTFS-formatted drive volumes. One for Windows boot code and BitLocker operational code, and the other containing the boot volume (i.e. the volume where the operating system is stored). It should also be noted that contrary to it's official name of BitLocker Drive Encryption, BitLocker only encrypts logical volumes (which may or may not be an entire drive).Linux... la...la...laa...
The Enforcer is a Linux Security Module designed to improve integrity of a computer running Linux by ensuring no tampering of the file system. It can interact with 'trusted' hardware to provide higher levels of assurance for software and sensitive data. The Enforcer can also work with the TPM to store the secret to an encrypted loopback file system, and unmount this file system when a tampered file is detected; the secret will not be accessible to mount the loopback file system until the machine has been rebooted with untampered files. This allows sensitive data to be protected from an attacker.