Академический Документы
Профессиональный Документы
Культура Документы
What is TPM
The TPM hardware along with its supporting software and firmware provides the platform root of trust.
It is able to extend its trust to other parts of the platform by building a chain of trust, where each link extends its trust to the next one.
Allows
Remote attestation
creates a hash key for summary of the hardware and software.
Depends on the encryption software
This allows a third party to verify that the software has not been changed.
Allows (2)
Sealing
encrypts data in such a way that it may be decrypted only if the TPM releases the right decryption key,
which it only does if the exact same software is present as when it encrypted the data.
Binding
encrypts data using the TPM's endorsement key, a unique RSA key burned into the chip during its production, or another trusted key.
Allows (3)
Authentication of hardware devices.
Since each TPM chip has a unique and secret RSA key burned in during the production, it is capable of performing platform authentication. For example
it can be used to verify that the system seeking the access is the expected system. So we can verify the correct computer is attempting to access something.
Vista
With Ultimate and Enterprise editions
Includes BitLocker software.
File Encryption
A file can be encrypted using a standard RSA key pair, stored by the TPM. And again The file can be encrypted using the TPM chips unique and secret RSA key.
Now the file can only be decrypted by the system that encrypted it. Bonded to that system.
Problems?
Issues with the File Encryption? Issues with Updates?
General issues of privicy?
References
http://en.wikipedia.org/wiki/Trusted_Platform_Mod ule http://buytough.com/tb_pdf/TPM_WP.pdf http://www.techworld.com/storage/features/index.cf m?featureid=1777 https://www.trustedcomputinggroup.org/faq/TPMF AQ/ http://www.microsoft.com/whdc/system/platform/h wsecurity/default.mspx http://www.msnbc.msn.com/ID/10441443/
Q&A