Wikipedia

Trusted Computing: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Capi (talk | contribs)
464 edits
Citation bot (talk | contribs)
Bots
5,864,538 edits
Added bibcode. Removed URL that duplicated identifier. Removed parameters. | Use this bot. Report bugs. | Suggested by Headbomb | Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox | #UCB_webform_linked 748/967
 
Line 1:
{{Short description|Technology developed and promoted by the Trusted Computing Group}}
'''Trusted computing''' (TC) refers to a family of [[specification]]s from the [[Trusted Computing Platform Alliance|TCPA]], which extend the behavior of a [[personal computer]] or [[server]] to offer particular cryptographic security services. These features are promoted to computer users as offering improved [[computer security]], protection from [[computer virus]]es, and the like. However, many computer security experts disapprove of them, because they allow computer manufacturers and software authors to monitor and control what users may do with their computers.
{{Distinguish|Trusted computing base|Trustworthy computing}}
'''Trusted Computing''' ('''TC''') is a technology developed and promoted by the [[Trusted Computing Group]].<ref name="mitchell">{{cite book|author=Chris Mitchell|title=Trusted Computing|url=https://books.google.com/books?id=9iriBw2AuToC|year=2005|publisher=IET|isbn=978-0-86341-525-8}}</ref> The term is taken from the field of [[trusted system]]s and has a specialized meaning that is distinct from the field of [[confidential computing]].<ref name="ccc">{{cite web |title=What is the Confidential Computing Consortium? |url=https://confidentialcomputing.io/ |website=Confidential Computing Consortium |access-date=20 May 2022}}</ref> With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by [[computer hardware]] and [[software]].<ref name="mitchell" /> Enforcing this behavior is achieved by loading the hardware with a unique [[encryption key]] that is inaccessible to the rest of the system and the owner.
 
TC is controversial as the hardware is not only secured for its owner, but also against its owner, leading opponents of the technology like [[free software]] activist [[Richard Stallman]] to deride it as "treacherous computing",<ref name=Stallman13>{{cite web|last=Stallman|first=Richard|title=Can You Trust Your Computer?|url=https://www.gnu.org/philosophy/can-you-trust.html|work=gnu.org|access-date=12 August 2013}}</ref><ref>{{Cite web |last=scl-paullauria |date=2017-01-23 |title=Trust me, I'm a computer |url=https://www.scl.org/3835-trust-me-i-m-a-computer/ |access-date=2024-04-03 |website=Society for Computers & Law |language=en-GB}}</ref> and certain scholarly articles to use [[scare quotes]] when referring to the technology.<ref name="anderson2">{{Cite book|volume=12|url=https://doi.org/10.1007/1-4020-8090-5_3|title=Cryptography and Competition Policy - Issues with 'Trusted Computing', in Economics of Information Security|first=Ross|last=Anderson|editor-first1=L. Jean|editor-last1=Camp|editor-first2=Stephen|editor-last2=Lewis|date=November 15, 2004|publisher=Springer US|pages=35–52|via=Springer Link|doi=10.1007/1-4020-8090-5_3}}</ref><ref>{{Cite web|url=http://www.cl.cam.ac.uk/~fms27/papers/2003-stajano-shifting.pdf|title=F. Stajano, "Security for whom? The shifting security assumptions of pervasive computing", ''Lecture notes in computer science'', vol. 2609, pp. 16-27, 2003.}}</ref>
== Synopsis ==
 
Trusted Computing proponents such as [[International Data Corporation]],<ref>{{cite web | access-date = 2007-02-07 | first = Shane | last = Rau | url = https://www.trustedcomputinggroup.org/news/Industry_Data/IDC_448_Web.pdf | title = The Trusted Computing Platform Emerges as Industry's First Comprehensive Approach to IT Security | work = IDC Executive Brief | publisher = International Data Corporation |date=February 2006}}</ref> the Enterprise Strategy Group<ref>{{cite web | title = Trusted Enterprise Security: How the Trusted Computing Group (TCG) Will Advance Enterprise Security | work = White Paper | publisher = Enterprise Strategy Group | first = Jon | last = Oltsik |date=January 2006 | url = https://www.trustedcomputinggroup.org/news/Industry_Data/ESG_White_Paper.pdf | access-date = 2007-02-07 }}</ref> and Endpoint Technologies Associates<ref>{{cite web | url = https://www.trustedcomputinggroup.org/news/Industry_Data/Implementing_Trusted_Computing_RK.pdf | title = How to Implement Trusted Computing: A Guide to Tighter Enterprise Security | first = Roger L. | last = Kay |year=2006 | publisher = Endpoint Technologies Associates | access-date = 2007-02-07 }}</ref> state that the technology will make computers safer, less prone to [[Computer virus|viruses]] and [[malware]], and thus more reliable from an end-user perspective. They also state that Trusted Computing will allow [[computers]] and [[Server (computing)|server]]s to offer improved [[computer security]] over that which is currently available. Opponents often state that this technology will be used primarily to enforce [[digital rights management]] policies (imposed restrictions to the owner) and not to increase computer security.<ref name=Stallman13 /><ref name="Anderson"/>{{Rp|23|date=May 2009}}
The basic system concepts in trusted computing are:
# Unique machine/CPU is identified using [[Public key certificate|certificates]];
# Encryption is performed in the hardware;
# Data can be signed with the machine's identification;
# Data can be encrypted with the machine's secret key.
 
Chip manufacturers [[Intel]] and [[AMD]], hardware manufacturers such as [[Hewlett-Packard|HP]] and [[Dell]], and [[operating system]] providers such as [[Microsoft]] include Trusted Computing in their products if enabled.<ref>{{cite web | quote = TPMs [Trusted Platform Modules] from various semiconductor vendors are included on enterprise desktop and notebook systems from Dell and other vendors | title = Enhancing IT Security with Trusted Computing Group standards | work = Dell Power Solutions |date=November 2006 | url = http://www.dell.com/downloads/global/power/ps4q06-20070160-tcg.pdf | page = 14 | access-date = 2006-02-07 }}</ref><ref>{{cite web | quote = Windows Vista provides a set of services for applications that use TPM technologies. | url = http://www.microsoft.com/whdc/system/platform/pcdesign/TPM_secure.mspx | title = Trusted Platform Module Services in Windows Vista | date = 2005-04-25 | work = Windows Hardware Development Central | access-date = 2007-02-07 | publisher = [[Microsoft]] |archive-url = https://web.archive.org/web/20070515072944/http://www.microsoft.com/whdc/system/platform/pcdesign/TPM_secure.mspx <!-- Bot retrieved archive --> |archive-date = 2007-05-15}}</ref> The [[U.S. Army]] requires that every new PC it purchases comes with a [[Trusted Platform Module]] (TPM).<ref>{{cite news | url = http://www.securityfocus.com/brief/265 | title = U.S. Army requires trusted computing | publisher = Security Focus | date = 2006-07-28 | first = Robert | last = Lemos | access-date = 2007-02-07 }}</ref><ref>{{cite web | url = http://www.army.mil/ciog6/news/500Day2006Update.pdf | archive-url = https://web.archive.org/web/20061018034556/http://www.army.mil/ciog6/news/500Day2006Update.pdf | url-status = dead | archive-date = October 18, 2006 | quote = Strategic goal n. 3, 'deliver a joint netcentric information that enables warfighter decision superiority' |date=October 2006 | title = Army CIO/G-6 500-day plan | publisher = [[U.S. Army]] | access-date = 2007-02-07 }}</ref> As of July 3, 2007, so does virtually the entire [[United States Department of Defense]].<ref>[http://iase.disa.mil/policy-guidance/dod-dar-tpm-decree07-03-07.pdf encryption of unclassified data] {{Webarchive|url=https://web.archive.org/web/20070927060332/http://iase.disa.mil/policy-guidance/dod-dar-tpm-decree07-03-07.pdf |date=2007-09-27 }}</ref>
=== The nature of trust ===
 
==Key concepts==
Trust means something different to security experts than the meaning laypersons often assign. For example, the [[United States Department of Defense|United States Department of Defense's]] definition of a trusted system is one that can break your security policy; i.e., ''"a system that you are forced to trust because you have no choice."'' Cryptographer [[Bruce Schneier ]] observes ''"A 'trusted' computer does not mean a computer that is trustworthy."'' According to those definitions a [[video card]] is ''trusted'' by its users to correctly display images. ''Trust'' in security parlance is always a kind of compromise or weakness&mdash;sometimes inevitable, but never desirable as such. As another analogy, your best friend cannot share your medical records, since he or she does not have them. On the other hand, your doctor does, and can (legal issues with doing so aside). It is possible that you trust your doctor and think he or she is a great person; it's equally possible that there is only one doctor in your town, so you are forced to trust him or her.
Trusted Computing encompasses six key technology concepts, of which all are required for a fully Trusted system, that is, a system compliant to the TCG specifications:
# Endorsement key
# Secure input and output
# Memory curtaining / protected execution
# Sealed storage
# Remote attestation
# [[Trusted third party|Trusted Third Party]] (TTP)
 
==={{anchor|ENDORSEMENT-KEY}}Endorsement key===
The main controversy around trusted computing is around this meaning of ''trust''. Critics characterize a ''trusted system'' as a system you are ''forced to trust'' rather than one which is particularly trust''worthy.''
The endorsement key is a 2048-bit [[RSA (algorithm)|RSA]] public and private key pair that is created randomly on the chip at manufacture time and cannot be changed. The private key never leaves the chip, while the public key is used for attestation and for encryption of sensitive data sent to the chip, as occurs during the TPM_TakeOwnership command.<ref>{{cite web | author = Safford, David | url = http://www.linuxjournal.com/article/6633 | title = Take Control of TCPA | date = 2003-08-01 | access-date = 2007-02-07 | work = Linux Journal | author-link = David Safford }}</ref>
 
This key is used to allow the execution of secure transactions: every Trusted Platform Module (TPM) is required to be able to sign a random number (in order to allow the owner to show that he has a genuine trusted computer), using a particular protocol created by the Trusted Computing Group (the [[direct anonymous attestation]] protocol) in order to ensure its compliance of the TCG standard and to prove its identity; this makes it impossible for a software TPM emulator with an untrusted endorsement key (for example, a self-generated one) to start a secure transaction with a trusted entity. The TPM should be{{vague|date=March 2015}} designed to make the extraction of this key by hardware analysis hard, but [[tamper resistance]] is not a strong requirement.
Critics of trusted computing are further concerned that they are not able to look inside trusted computing hardware to see if it is properly implemented or if there are [[Back_door|backdoors]] which poses a serious risk to national security, company secrets, and privacy. The trusted computing specifications are open and available for anyone to review, but the actual implementations are not. As well, many are concerned that cryptographic designs and algorithms become obsolete. This may result in the forced obsolescence of TC-enabled computers. For example, recent versions of ''trusted computing'' specifications added, and require, the [[AES]] encryption algorithm.
 
===Memory curtaining===
While proponents claim that ''trusted computing'' increases security, critics counter that not only will security not be helped, but ''trusted computing'' will facilitate mandatory [[digital rights management]] (DRM), harm privacy, and impose other restrictions on users. Trusting networked computers to controlling authorities rather than to individuals may create [[digital imprimatur|digital imprimaturs]]. Contrast ''trusted computing'' with [[secure computing]] in which [[anonymity]], not disclosure, is the main concern. Advocates of ''secure computing'' argue that the additional security can be achieved without relinquishing control over computer from users to [[superuser|superusers]].
Memory curtaining extends common [[memory protection]] techniques to provide full isolation of sensitive areas of memory—for example, locations containing cryptographic keys. Even the [[operating system]] does not have full access to curtained memory. The exact implementation details are vendor specific.
 
==={{anchor|SEALED-STORAGE}}Sealed storage===
Proponents of trusted computing argue that privacy complaints are baseless since consumers will retain a choice between systems, based on their individual needs. Moreover, trusted computing advocates claim that some needs require changes to the current systems at the hardware level to enable a computer to act as a [[trusted client]].
Sealed storage protects private information by binding it to platform configuration information including the software and hardware being used. This means the data can be released only to a particular combination of software and hardware. Sealed storage can be used for DRM enforcing. For example, users who keep a song on their computer that has not been licensed to be listened will not be able to play it. Currently, a user can locate the song, listen to it, and send it to someone else, play it in the software of their choice, or back it up (and in some cases, use circumvention software to decrypt it). Alternatively, the user may use software to modify the operating system's DRM routines to have it leak the song data once, say, a temporary license was acquired. Using sealed storage, the song is securely encrypted using a key bound to the trusted platform module so that only the unmodified and untampered music player on his or her computer can play it. In this DRM architecture, this might also prevent people from listening to the song after buying a new computer, or upgrading parts of their current one, except after explicit permission of the vendor of the song.
 
==={{anchor|REMOTE-ATTESTATION}}Remote attestation===<!-- This section is linked from [[Trusted Computing]] -->
=== Related terms ===
Remote attestation allows changes to the user's computer to be detected by authorized parties. For example, software companies can identify unauthorized changes to software, including users modifying their software to circumvent commercial digital rights restrictions. It works by having the hardware generate a certificate stating what software is currently running. The computer can then present this certificate to a remote party to show that unaltered software is currently executing. Numerous remote attestation schemes have been proposed for various computer architectures, including Intel,<ref>{{cite book |last1=Johnson |first1=Simon |title=Intel Software Guard Extensions: EPID Provisioning and Attestation Services |date=2016 |publisher=Intel |url=https://software.intel.com/content/dam/develop/public/us/en/documents/ww10-2016-sgx-provisioning-and-attestation-final.pdf |access-date=14 May 2021}}</ref> [[RISC-V]],<ref>{{cite conference |last1=Shepherd |first1=Carlton |last2=Markantonakis |first2=Konstantinos |last3=Jaloyan |first3=Georges-Axel| title=LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices |date=2021 |conference=IEEE Security and Privacy Workshops |publisher=IEEE |arxiv=2102.08804 }}</ref> and ARM.<ref>{{cite conference |last1=Abera |first1=Tigist |title=C-FLAT: Control-Flow Attestation for Embedded Systems Software |series=CCS '16 |date=2016 |pages=743–754 |publisher=ACM |doi=10.1145/2976749.2978358 |isbn=9781450341394 |s2cid=14663076 |url=https://dl.acm.org/doi/abs/10.1145/2976749.2978358 |access-date=14 May 2021|url-access=subscription }}</ref>
 
Remote attestation is usually combined with public-key encryption so that the information sent can only be read by the programs that requested the attestation, and not by an eavesdropper.
The TCG project is known by a number of names. ''Trusted computing'' was the original one, and is still used by the [[Trusted Computing Group]] (TCG) and IBM. The hardware device they developed is called the [[Fritz-chip|TPM]], the ''Trusted Platform Module''. Microsoft calls it ''trustworthy computing''. Intel has started calling it ''safer computing''. Prior to May 2004, the TCG was known as the TCPA. [[Richard Stallman]] of the [[FSF]] and others have adopted the name ''Treacherous computing''.
 
To take the song example again, the user's music player software could send the song to other machines, but only if they could attest that they were running an authorized copy of the music player software. Combined with the other technologies, this provides a more restricted path for the music: encrypted I/O prevents the user from recording it as it is transmitted to the audio subsystem, memory locking prevents it from being dumped to regular disk files as it is being worked on, sealed storage curtails unauthorized access to it when saved to the hard drive, and remote attestation prevents unauthorized software from accessing the song even when it is used on other computers. To preserve the privacy of attestation responders, [[Direct Anonymous Attestation]] has been proposed as a solution, which uses a group signature scheme to prevent revealing the identity of individual signers.
== Background ==
 
[[Proof of space]] (PoS) have been proposed to be used for malware detection, by determining whether the L1 cache of a processor is empty (e.g., has enough space to evaluate the PoSpace routine without cache misses) or contains a routine that resisted being evicted.<ref name="JakobssonStewart13">{{cite conference |last1=Jakobsson|first1=Markus|last2=Stewart|first2=Guy|title=Mobile Malware: Why the Traditional AV Paradigm is Doomed, and How to Use Physics to Detect Undesirable Routines|conference=Black Hat USA|year=2013}}</ref><ref>Markus Jakobsson [https://eprint.iacr.org/2018/031.pdf Secure Remote Attestation] ''Cryptology ePrint Archive.'' Retrieved January 8, 2018.</ref>
A variety of controversial initiatives fall under the heading of trusted computing: [[Microsoft]] is working on a project called [[NGSCB]]. An industry consortium including [[Microsoft]], [[Intel]], [[IBM]], [[HP]] and [[AMD]], have formed the [[Trusted Computing Platform Alliance]] (TCPA), which has a [[Trusted Computing Group]] (TCG), designing a [[trusted platform module]] (TPM). [[Intel]] is working on a form called [[LaGrande Technology]] (LT), while [[AMD]]'s is called [[Secure Execution Mode]] (SEM) or also known as Presidio. But essentially, there are proposals for four new features provided by new hardware, which would require new software (including new operating systems and applications) to be taken advantage of. Each feature has a different reason, although they can be used together. The features are:
 
===Trusted third party===
# Secure I/O
{{Main|Trusted third party}}
# Memory curtaining
# Sealed storage
# Remote attestation
 
===Known Secure I/O =applications==
The Microsoft products [[Windows Vista]], [[Windows 7]], [[Windows 8]] and [[Windows RT]] make use of a Trusted Platform Module to facilitate [[BitLocker Drive Encryption]].<ref name="bitlocker">{{cite web | url=http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf | title=AES-CBC + Elephant: A Disk Encryption Algorithm for Windows Vista | publisher = Microsoft TechNet |date=August 2006 | author = Ferguson, Niels | access-date = 2007-02-07 | author-link= Niels Ferguson}}</ref> Other known applications with runtime encryption and the use of secure enclaves include the [[Signal (messaging app)|Signal messenger]]<ref>{{Cite web|title=Scaling secure enclave environments with Signal and Azure confidential computing|url=https://customers.microsoft.com/en-us/story/1374464612401582154-signal-nonprofit-azure-security|access-date=2022-02-09|website=Microsoft Customers Stories|language=en}}</ref> and the [[Electronic prescribing|e-prescription]] service ("E-Rezept")<ref>{{Cite web|last=Mutzbauer|first=Julia|title=Confidential Computing soll Patientendaten schützen|url=https://www.healthcare-computing.de/confidential-computing-soll-patientendaten-schuetzen-a-996680/|access-date=2022-02-09|website=www.healthcare-computing.de|date=2 February 2021 |language=de}}</ref> by the German government.
 
==Possible applications==
Secure input and output ([[Input/output|I/O]]) is attested to by using [[checksum]]s to verify that the software used to do the I/O has not been tampered with. Malicious software injecting itself in this path could be identified.
===Digital rights management===
Trusted Computing would allow companies to create a digital rights management (DRM) system which would be very hard to circumvent, though not impossible. An example is downloading a music file. Sealed storage could be used to prevent the user from opening the file with an unauthorized player or computer. Remote attestation could be used to authorize play only by music players that enforce the record company's rules. The music would be played from curtained memory, which would prevent the user from making an unrestricted copy of the file while it is playing, and secure I/O would prevent capturing what is being sent to the sound system. Circumventing such a system would require either manipulation of the computer's hardware, capturing the analogue (and thus degraded) signal using a recording device or a microphone, or breaking the security of the system.
 
New business models for use of software (services) over Internet may be boosted by the technology. By strengthening the DRM system, one could base a business model on renting programs for a specific time periods or "pay as you go" models. For instance, one could download a music file which could only be played a certain number of times before it becomes unusable, or the music file could be used only within a certain time period.
This would not be able to defend against a hardware based attack such as a key capture device physically between the user's keyboard and the computer.
 
===Preventing cheating in online games===
=== Memory curtaining ===
Trusted Computing could be used to combat [[cheating in online games]]. Some players modify their game copy in order to gain unfair advantages in the game; remote attestation, secure I/O and memory curtaining could be used to determine that all players connected to a server were running an unmodified copy of the software.<ref>{{cite book|author=Bin Xiao|title=Autonomic and Trusted Computing: 4th International Conference, ATC 2007, Hong Kong, China, July 11-13, 2007, Proceedings|url=https://books.google.com/books?id=cUhpq98Zb8AC&pg=PA124|year=2007|publisher=Springer Science & Business Media|isbn=978-3-540-73546-5|page=124}}</ref>
 
===Verification of remote computation for grid computing===
Memory curtaining has the hardware keep programs from reading or writing each other's memory (the space where the programs store information they're currently working on). Even the operating system doesn't have access to curtained memory, so the information would be secure from an intruder who took control of the OS.
Trusted Computing could be used to guarantee participants in a [[grid computing]] system are returning the results of the computations they claim to be instead of forging them. This would allow large scale simulations to be run (say a climate simulation) without expensive redundant computations to guarantee malicious hosts are not undermining the results to achieve the conclusion they want.<ref>{{cite web | url = http://www.hpl.hp.com/personal/Wenbo_Mao/research/tcgridsec.pdf | title = Innovations for Grid Security From Trusted Computing | author = Mao, Wenbo Jin, Hai and Martin, Andrew | date = 2005-06-07 | access-date = 2007-02-07 |archive-url = https://web.archive.org/web/20060822043633/http://www.hpl.hp.com/personal/Wenbo_Mao/research/tcgridsec.pdf <!-- Bot retrieved archive --> |archive-date = 2006-08-22}}</ref>
 
==Criticism==
Something very similar can be achieved with new software, but doing it in hardware can be more elegant and reliable. It can also make certain methods of debugging impossible.
 
The [[Electronic Frontier Foundation]] and the [[Free Software Foundation]] criticize that trust in the underlying companies is not deserved and that the technology puts too much power and control into the hands of those who design systems and software. They also state that it may cause consumers to lose anonymity in their online interactions, as well as mandating technologies Trusted Computing opponents say are unnecessary. They suggest Trusted Computing as a possible enabler for future versions of [[mandatory access control]], [[copy protection]], and DRM.
=== Sealed storage ===
 
Some security experts, such as [[Alan Cox (computer programmer)|Alan Cox]]<ref>{{cite news | title = Trusted Computing comes under attack | url = https://www.zdnet.com/article/trusted-computing-comes-under-attack/ | work = ZDNet | first = Ingrid | last = Marson | date = 2006-01-27 | access-date = 2021-09-12 }}</ref> and [[Bruce Schneier]],<ref name = "Schneier">{{cite news | url = http://www.schneier.com/crypto-gram-0208.html#1 | title = Palladium and the TCPA | date = 2002-08-15 | work = Crypto-Gram Newsletter | author = Schneier, Bruce | access-date = 2007-02-07 | author-link = Bruce Schneier }}</ref> have spoken out against Trusted Computing, believing it will provide computer manufacturers and software authors with increased control to impose restrictions on what users are able to do with their computers. There are concerns that Trusted Computing would have an [[Anti-competitive practices|anti-competitive]] effect on the IT market.<ref name = "Anderson"/>
Sealed storage protects private information by allowing it to be encrypted using a key derived from the software and hardware being used. This means the data can be read only by the same combination of software and hardware. For example, users who keep a private diary on their computer do not want other programs or other computers to be able to read it. Currently, a virus can search for the diary, read it, and send it to someone else. The [[Sircam]] [[computer virus|virus]] did something similar to this. Even if the diary were protected by a password, the virus might run a [[dictionary attack]]. Alternately the virus might modify the user's diary software to have it leak the text once he unlocked his diary. Using sealed storage, the diary is securely encrypted so that only the unmodified diary program on his computer can read it.
 
There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the [[Trusted Platform Module]], which is the ultimate hardware system where the core 'root' of trust in the platform has to reside.<ref name = "Anderson"/> If not implemented correctly, it presents a security risk to overall platform integrity and protected data. The specifications, as published by the [[Trusted Computing Group]], are open and are available for anyone to review. However, the final implementations by commercial vendors will not necessarily be subjected to the same review process. In addition, the world of cryptography can often move quickly, and that hardware implementations of algorithms might create an inadvertent obsolescence. Trusting networked computers to controlling authorities rather than to individuals may create [[digital imprimatur]]s.
=== Remote attestation ===
 
Cryptographer [[Ross J. Anderson|Ross Anderson]], University of Cambridge, has great concerns that:<ref name = "Anderson">{{cite web | url = http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html | title = 'Trusted Computing' Frequently Asked Questions: TC / TCG / LaGrande / NGSCB / Longhorn / Palladium / TCPA Version 1.1 |date=August 2003 | author = Anderson, Ross | access-date = 2007-02-07 | author-link = Ross J. Anderson }}</ref>
Remote attestation allows changes to the user's computer to be detected by him and others. That way, he can avoid having private information sent to or important commands sent from a compromised or insecure computer. It works by having the hardware generate a certificate stating what software is currently running. The user can present this certificate to a remote party to show that their computer hasn't been tampered with.
 
<blockquote>TC can support remote censorship [...] In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored [...] So someone who writes a paper that a court decides is defamatory can be compelled to censor it — and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticize political leaders.</blockquote>
Remote attestation is usually combined with public-key encryption so that the information sent can only be read by the programs that presented and requested the attestation, and not by an eavesdropper.
 
He goes on to state that:
To take the diary example again, the user's diary software could send the diary to other machines, but only if they could attest that they were running a secure copy of the diary software. Combined with the other technologies, this provides a more secured path for the diary: secure I/O protects it as it's entered on the keyboard and displayed on the screen, memory curtaining protects it as it's being worked on, sealed storage protects it when it's saved to the hard drive, and remote attestation protects it from unauthorized software even when it is used on other computers.
 
<blockquote>[...] software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor. [...]</blockquote>
== Drawbacks ==
 
<blockquote>The [...] most important benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as [[OpenOffice.org|OpenOffice]]). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices.</blockquote>
Opponents of trusted computing point out that the security features that protect computers from viruses and attackers also restrict the actions of their owners. This makes new [[Coercive monopoly|anti-competitive]] techniques possible, eventually hurting people who buy trusted computers.
 
Anderson summarizes the case by saying:
The acclaimed Cambridge cryptographer [[Ross Anderson]] has great concerns that "TC can support remote censorship. In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored (as at present). So someone who writes a paper that a court decides is defamatory can be compelled to censor it&mdash;and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress . . . writings that criticise political leaders."
He goes on to state that:
 
<blockquote>The fundamental issue is that whoever controls the TC infrastructure will acquire a huge amount of power. Having this single point of control is like making everyone use the same bank, or the same accountant, or the same lawyer. There are many ways in which this power could be abused.</blockquote>
:''" . . . software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing word processor.''
 
===Digital rights management===
:''"The . . . most important, benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as OpenOffice). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices."''
One of the early motivations behind trusted computing was a desire by media and software corporations for stricter DRM technology to prevent users from freely sharing and using potentially copyrighted or private files without explicit permission.
An example could be downloading a music file from a band: the band's record company could come up with rules for how the band's music can be used. For example, they might want the user to play the file only three times a day without paying additional money. Also, they could use remote attestation to only send their music to a music player that enforces their rules: sealed storage would prevent the user from opening the file with another player that did not enforce the restrictions. Memory curtaining would prevent the user from making an unrestricted copy of the file while it is playing, and secure output would prevent capturing what is sent to the sound system.
 
===Users unable to modify software===
Anderson summarizes the case by saying "The fundamental issue is that whoever controls the TC infrastructure will acquire a huge amount of power. Having this single point of control is like making everyone use the same bank, or the same accountant, or the same lawyer. There are many ways in which this power could be abused."
A user who wanted to switch to a competing program might find that it would be impossible for that new program to read old data, as the information would be "[[vendor lock-in|locked in]]" to the old program. It could also make it impossible for the user to read or modify their data except as specifically permitted by the software.
 
=== Users can'tunable to changeexercise softwarelegal rights===
The law in many countries allows users certain rights over data whose copyright they do not own (including text, images, and other media), often under headings such as [[fair use]] or [[public interest]]. Depending on jurisdiction, these may cover issues such as [[whistleblowing]], production of evidence in court, quoting or other small-scale usage, [[backup]]s of owned media, and making a copy of owned material for personal use on other owned devices or systems. The steps implicit in trusted computing have the practical effect of preventing users exercising these legal rights.<ref name=Stallman13 />
In the diary example, sealed storage protects the diary from malicious programs like viruses, but it doesn't distinguish between those and useful programs, like ones that might be used to convert the diary to a new format, or provide new methods for searching within the diary. A user who wanted to switch to a competing diary program might find it would be impossible for that new program to read the old diary, as the information would be "locked in" to the old program. It could also make it impossible for the user to read or modify his diary except as specifically permitted by the diary software. If he were using diary software with no edit or delete option then it could be impossible to change or delete previous entries.
 
===Users vulnerable to vendor withdrawal of service===
Remote attestation could cause other problems. Currently web sites can be visited using a number of web browsers, though certain websites may be formatted (intentionally or not) such that some browsers cannot decipher their code. Some browsers have found a way to get around that problem by [[emulation|emulating]] other browsers. For example, when Microsoft's MSN website briefly refused to serve pages to non-Microsoft browsers, users could access those sites by instructing their browsers to emulate a Microsoft browser. Remote attestation could make this kind of emulation irrelevant, as sites like MSN could demand a certificate stating the user was actually running an [[Internet Explorer]] browser.
A service that requires external validation or permission - such as a music file or game that requires connection with the vendor to confirm permission to play or use - is vulnerable to that service being withdrawn or no longer updated. A number of incidents have already occurred where users, having purchased music or video media, have found their ability to watch or listen to it suddenly stop due to vendor policy or cessation of service,<ref name="ms_drm">{{cite web|last=Cheng |first=Jacqui |url=https://arstechnica.com/information-technology/2008/04/drm-sucks-redux-microsoft-to-nuke-msn-music-drm-keys/ |title=DRM sucks redux: Microsoft to nuke MSN Music DRM keys |website=Ars Technica |date=2008-04-22 |access-date=2014-05-31}}</ref><ref>{{cite web|url=http://www.fudzilla.com/home/item/3495-yahoo-drm-servers-going-away?tmpl=component&print=1 |title=Yahoo! DRM servers going away |publisher=Fudzilla.com |date=2008-07-29 |access-date=2014-05-31}}</ref><ref>{{cite web|last=Fisher |first=Ken |url=https://arstechnica.com/tech-policy/2007/08/google-selleth-then-taketh-away-proving-the-need-for-drm-circumvention/ |title=Google selleth then taketh away, proving the need for DRM circumvention |website=Ars Technica |date=2007-08-13 |access-date=2014-05-31}}</ref> or server inaccessibility,<ref>{{cite web|last=Fister |first=Mister |url=http://www.shacknews.com/article/62995/ubisoft-offers-free-goodies-as |title=Ubisoft Offers Free Goodies as Compensation f - Video Game News, Videos and File Downloads for PC and Console Games at |date=26 March 2010 |publisher=Shacknews.com |access-date=2014-05-31}}</ref> at times with no compensation.<ref>{{cite web|last=Bangeman |first=Eric |url=https://arstechnica.com/uncategorized/2007/11/major-league-baseballs-drm-change-strikes-out-with-fans/ |title=Major League Baseball's DRM change strikes out with fans |website=Ars Technica |date=2007-11-07 |access-date=2014-05-31}}</ref> Alternatively in some cases the vendor refuses to provide services in future which leaves purchased material only usable on the present -and increasingly obsolete- hardware (so long as it lasts) but not on any hardware that may be purchased in future.<ref name="ms_drm" />
 
=== Users don't control information theyunable receiveto override===
Some opponents of Trusted Computing advocate "owner override": allowing an owner who is confirmed to be physically present to allow the computer to bypass restrictions and use the secure I/O path. Such an override would allow remote attestation to a user's specification, e.g., to create certificates that say Internet Explorer is running, even if a different browser is used. Instead of preventing software change, remote attestation would indicate when the software has been changed without owner's permission.
One of the early motivations behind trusted computing was a desire by media and software corporations for stricter [[Digital Rights Management]] (DRM): technology to prevent users from freely sharing and using potentially copyrighted or private files without explicit permission. Microsoft has announced a DRM technology that it says will make use of trusted computing.
 
[[Trusted Computing Group]] members have refused to implement owner override.<ref>{{cite magazine | url = http://www.linuxjournal.com/article/7055 | title = Give TCPA an Owner Override | magazine = Linux Journal | author = Schoen, Seth | date = 2003-12-01 | access-date = 2007-02-07 | author-link = Seth Schoen }}</ref> Proponents of trusted computing believe that owner override defeats the trust in other computers since remote attestation can be forged by the owner. Owner override offers the security and enforcement benefits to a machine owner, but does not allow them to trust other computers, because their owners could waive rules or restrictions on their own computers. Under this scenario, once data is sent to someone else's computer, whether it be a diary, a DRM music file, or a joint project, that other person controls what security, if any, their computer will enforce on their copy of those data. This has the potential to undermine the applications of trusted computing to enforce DRM, control cheating in online games and attest to remote computations for [[grid computing]].
Trusted computing can be used for DRM. An example could be downloading a music file from a band: the band could come up with rules for how their music can be used. For example, they might want the user to play the file only three times a day without paying additional money. Also, they could use remote attestation to only send their music to a music player that enforces their rules: sealed storage would prevent the user from opening the file with another player that did not enforce the restrictions. Memory curtaining would prevent the user from making an unrestricted copy of the file while it's playing, and secure output would prevent capturing what is sent to the sound system.
 
===Loss of anonymity===
Once digital recordings are converted to analog signals, that (perhaps degraded) signal could be recorded by conventional means, such as by connecting an audio recorder, instead of speakers, to the card, or by recording the produced sound with a microphone.
Because a Trusted Computing equipped computer is able to uniquely attest to its own identity, it will be possible for vendors and others who possess the ability to use the attestation feature to zero in on the identity of the user of TC-enabled software with a high degree of certainty.
 
Such a capability is contingent on the reasonable chance that the user at some time provides user-identifying information, whether voluntarily, indirectly, or simply through inference of many seemingly benign pieces of data. (e.g. search records, as shown through simple study of the AOL search records leak<ref>{{cite news | url = https://www.nytimes.com/2006/08/09/technology/09aol.html?pagewanted=all&_r=0 | title = A Face Is Exposed for AOL Searcher No. 4417749 | date = 2006-08-09 | access-date = 2013-05-10 | newspaper = The New York Times }}</ref>). One common way that information can be obtained and linked is when a user registers a computer just after purchase. Another common way is when a user provides identifying information to the website of an affiliate of the vendor.
Without remote attestation, this problem would not exist. The user could simply download the song with a player that did not enforce the band's restrictions, or one that lets him convert the song to a normal "unrestricted" format such as [[MP3]].
 
While proponents of TC point out that online purchases and credit transactions could potentially be more secure as a result of the remote attestation capability, this may cause the computer user to lose expectations of anonymity when using the Internet.
=== Users don't control their data ===
If a user upgrades her computer, sealed storage could prevent her from moving her music files to the new computer. It could also enforce spyware, with music files only given to users whose machines attest to telling the artist or record company every time the song is played. In a similar vein, a news magazine could require that to download their news articles, a user's machine would need to attest to using a specific reader. The mandated reader software could then be programmed not to allow viewing of original news stories to which changes had been made on the magazine's website. Such "newest version" enforcement would allow the magazine to "rewrite history" by changing or deleting articles. Even if a user saved the original article on his computer, the software might refuse to view it once a change had been announced.
 
Critics point out that this could have a [[chilling effect]] on political free speech, the ability of journalists to use anonymous sources, whistle blowing, political blogging and other areas where the public needs protection from retaliation through anonymity.
=== Loss of Internet Anonymity ===
 
The TPM specification offers features and suggested implementations that are meant to address the anonymity requirement. By using a third-party Privacy Certification Authority (PCA), the information that identifies the computer could be held by a trusted third party. Additionally, the use of [[direct anonymous attestation]] (DAA), introduced in TPM v1.2, allows a client to perform attestation while not revealing any personally identifiable or machine information.
Because a TC-equipped computer is able to uniquely attest to its own identity, it will be possible for vendors and others who possess the ability to use the attestation feature to zero-in on the identity of the user of TC-enabled software with a high degree of certainty.
 
The kind of data that must be supplied to the TTP in order to get the trusted status is at present not entirely clear, but the TCG itself admits that "attestation is an important TPM function with significant privacy implications".<ref>TPM version 1.2 specifications changes, 16.04.04</ref> It is, however, clear that both static and dynamic information about the user computer may be supplied (Ekpubkey) to the TTP (v1.1b),<ref name="ReferenceA">TPM v1.2 specification changes, 2004</ref> it is not clear what data will be supplied to the “verifier” under v1.2. The static information will uniquely identify the endorser of the platform, model, details of the TPM, and that the platform (PC) complies with the TCG specifications . The dynamic information is described as software running on the computer.<ref name="ReferenceA"/> If a program like Windows is registered in the user's name this in turn will uniquely identify the user. Another dimension of privacy infringing capabilities might also be introduced with this new technology; how often you use your programs might be possible information provided to the TTP. In an exceptional, however practical situation, where a user purchases a pornographic movie on the Internet, the purchaser nowadays, must accept the fact that he has to provide credit card details to the provider, thereby possibly risking being identified. With the new technology a purchaser might also risk someone finding out that he (or she) has watched this pornographic movie 1000 times. This adds a new dimension to the possible privacy infringement. The extent of data that will be supplied to the TTP/Verifiers is at present not exactly known, only when the technology is implemented and used will we be able to assess the exact nature and volume of the data that is transmitted.
Such a capability is contingent on the reasonable chance that the user at some time provides user-identifying information, whether voluntarily or indirectly. One common way that information can be obtained and linked is when a user registers a computer just after purchase. Another common way is when a user provides identifying information to the website of an affiliate of the vendor.
 
===TCG specification interoperability problems===
While proponents of TC point out that online purchases and credit transactions could potentially be more secure as a result of the remote attestation capability, this may cause the computer user to lose expectations of anonymity when using the Internet.
Trusted Computing requests that all software and hardware vendors will follow the technical specifications released by the [[Trusted Computing Group]] in order to allow interoperability between different trusted software stacks. However, since at least mid-2006, there have been interoperability problems between the TrouSerS trusted software stack (released as open source software by [[IBM]]) and [[Hewlett-Packard]]'s stack.<ref>{{cite web | work = TrouSerS FAQ | url = https://trousers.sourceforge.net/faq.html#1.7 | title = 1.7 - I've taken ownership of my TPM under another OS... | access-date = 2007-02-07 }}</ref> Another problem is that the technical specifications are still changing, so it is unclear which is the standard implementation of the trusted stack.
 
===Shutting out of competing products===
Critics point out that this could have a chilling effect on political free speech, the ability of journalists to use anonymous sources, whistleblowing, political blogging and other areas where the public needs protection from retaliation through anonymity.
People have voiced concerns that trusted computing could be used to keep or discourage users from running software created by companies outside of a small industry group. [[Microsoft]] has received a great deal{{vague|date=March 2015}} of bad press surrounding their [[NGSCB|Palladium]] software architecture, evoking comments such as "Few pieces of vaporware have evoked a higher level of fear and uncertainty than Microsoft's Palladium", "Palladium is a plot to take over cyberspace", and "Palladium will keep us from running any software not personally approved by Bill Gates".<ref>{{cite journal |last1=Felten |first1=E.W. |title=Understanding trusted computing: will its benefits outweigh its drawbacks? |journal=[[IEEE Security & Privacy]] |date=May 2003 |volume=1 |issue=3 |pages=60–62 |doi=10.1109/MSECP.2003.1203224 |bibcode=2003ISPri..99c..60F }}</ref> The concerns about trusted computing being used to shut out competition exist within a broader framework of consumers being concerned about using [[Product bundling|bundling]] of products to obscure prices of products and to engage in [[anti-competitive practices]].<ref name="anderson2"/> Trusted Computing is seen as harmful or problematic to independent and [[Open-source software|open source]] software developers.<ref>{{Cite journal|doi=10.1109/MSP.2005.40 |s2cid=688158 |title=Does Trusted Computing Remedy Computer Security Problems? |date=2005 |last1=Oppliger |first1=R. |last2=Rytz |first2=R. |journal=IEEE Security & Privacy |volume=3 |issue=2 |pages=16–19 |bibcode=2005ISPri...3b..16O }}</ref>
 
===Trust===
=== Proposed owner override for TC ===
In the widely used [[public-key cryptography]], creation of keys can be done on the local computer and the creator has complete control over who has access to it, and consequentially their own [[security policy|security policies]].<ref>[http://grouper.ieee.org/groups/1363/ "IEEE P1363: Standard Specifications For Public-Key Cryptography", Retrieved March 9, 2009.] {{Webarchive|url=https://web.archive.org/web/20141201024245/http://grouper.ieee.org/groups/1363/ |date=December 1, 2014 }}</ref> In some proposed encryption-decryption chips, a private/public key is permanently embedded into the hardware when it is manufactured,<ref>{{Cite web|url=https://doi.org/10.1145/945445.945464|title=Terra: a virtual machine-based platform for trusted computing|first1=Tal|last1=Garfinkel|first2=Ben|last2=Pfaff|first3=Jim|last3=Chow|first4=Mendel|last4=Rosenblum|first5=Dan|last5=Boneh|date=October 19, 2003|publisher=Association for Computing Machinery|pages=193–206|via=ACM Digital Library|doi=10.1145/945445.945464|s2cid=156799 }}</ref> and hardware manufacturers would have the opportunity to record the key without leaving evidence of doing so. With this key it would be possible to have access to data encrypted with it, and to authenticate as it.<ref>These are the functions of the private key in [http://www.di-mgt.com.au/rsa_alg.html the RSA algorithm]</ref> It is trivial for a manufacturer to give a copy of this key to the government or the software manufacturers, as the platform must go through steps so that it works with authenticated software.
All these problems come up because trusted computing protects programs against everything, even the owner. A simple solution to this is to let the owner of the computer override these protections. This is called Owner Override, and it is only currently outlined as a suggested fix.
 
Therefore, to trust anything that is authenticated by or encrypted by a TPM or a Trusted computer, an [[end user]] has to trust the company that made the chip, the company that designed the chip, the companies allowed to make software for the chip, and the ability and interest of those companies not to compromise the whole process.<ref>{{cite web |last1=Sullivan |first1=Nick |title=Deploying TLS 1.3: the great, the good and the bad (33c3) |url=https://www.youtube.com/watch?time_continue=1533&v=0opakLwtPWk |website=media.ccc.de |date=27 December 2016 |publisher=YouTube |access-date=30 July 2018}}</ref> A security breach breaking that chain of trust happened to a [[SIM card]] manufacturer [[Gemalto]], which in 2010 was infiltrated by US and British spies, resulting in compromised security of cellphone calls.<ref>{{Cite web |url = https://firstlook.org/theintercept/2015/02/19/great-sim-heist |title = The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle |date = 2015-02-19 |access-date = 2015-02-27 |website = firstlook.org}}</ref>
When you activate Owner Override, the computer will use the secure I/O path to make sure that you are physically present and actually the owner. Then it will bypass the protections. So, with remote attestation, you can force the computer to generate false attestations — certificates that say you're running Internet Explorer, when you're really running [[Opera web browser|Opera]]. Instead of saying when your software has been changed, remote attestation will say when the software has been changed ''without your permission''.
 
It is also critical that one be able to trust that the hardware manufacturers and software developers properly implement trusted computing standards. Incorrect implementation could be hidden from users, and thus could undermine the integrity of the whole system without users being aware of the flaw.<ref name="schoen-promise-risk">[http://pascal.case.unibz.it/handle/2038/871 Seth Schoen, "Trusted Computing: Promise and Risk", ''COSPA Knowledge Base: Comparison, selection, & suitability of OSS'', April 11th, 2006.] {{Webarchive|url=https://web.archive.org/web/20090319043100/http://pascal.case.unibz.it/handle/2038/871 |date=2009-03-19 }}</ref>
While it would seem that the idea of Owner Override would be met with praise, some Trusted Computing Group members have instead heralded it as the biggest potential downfall of the TC movement. Owner Override defeats the entire idea of being able to trust other people's computers, remote attestation. Owner Override continues to offer all of the security and enforcement benefits to an owner on his own machine, but loses any ability to ensure another owner cannot waive rules or restrictions on his own computer. Once data is sent to someone else's computer, whether it is a diary, a DRM music file, or a joint project, that person controls what security, if any, their computer will enforce on their copy of that data.
 
==Hardware and software support==
== External links ==
{{cleanup list|section|date=July 2014}}
*[https://www.trustedcomputinggroup.org/home Trusted Computing Group] (TCG) — Trusted computing standards body, previously known as the TCPA.
Since 2004, most major manufacturers have shipped systems that have included [[Trusted Platform Module]]s, with associated [[BIOS]] support.<ref name="tpmvendors">{{cite web | url = http://www.tonymcfadden.net/tpmvendors_arc.html | title = TPM Matrix | author = Tony McFadden | date = March 26, 2006 | access-date = 2006-05-05 | url-status = dead | archive-url = https://web.archive.org/web/20070426034219/http://www.tonymcfadden.net/tpmvendors_arc.html | archive-date = April 26, 2007 }}</ref> In accordance with the TCG specifications, the user must enable the Trusted Platform Module before it can be used.
*[http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html 'Trusted Computing' Frequently Asked Questions] — Anti-TC FAQ by Cambridge University security director and professor [[Ross Anderson]].
 
*[http://trousers.sourceforge.net/ TrouSerS - The open-source TCG Software Stack] with a good [http://trousers.sourceforge.net/faq.html FAQ]
Processor manufacturers have included secure enclaves in their design such as [[ARM TrustZone]], [[Intel Management Engine]] with [[Software Guard Extensions|SGX]] and [[AMD PSP]] with [[Secure Encrypted Virtualization]].<ref>{{Cite web|date=2021-07-08|title=Cryptography and privacy: protecting private data|url=https://www.ericsson.com/en/blog/2021/7/cryptography-and-privacy-protecting-private-data|access-date=2022-02-09|website=www.ericsson.com|language=en}}</ref>
*[http://www.research.ibm.com/gsal/tcpa/ TCPA Misinformation Rebuttal and Linux drivers] from the IBM Watson Research - Global Security Analysis Lab
 
*[http://www.cs.dartmouth.edu/~sws/abstracts/mswm03.shtml Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear. Technical Report TR2003-476, CS, Dartmouth College. December 2003.] and the [http://enforcer.sourceforge.net/ "Enforcer" Linux Security Module]
The [[Linux kernel]] has included trusted computing support since version 2.6.13, and there are several projects to implement trusted computing for Linux. In January 2005, members of [[Gentoo Linux]]'s "crypto herd" announced their intention of providing support for TC—in particular support for the Trusted Platform Module.<ref name="lwntc">{{cite web | url=https://lwn.net/Articles/121386/ | title = Trusted Gentoo | date = January 31, 2005 | access-date=2006-05-05 | work = Gentoo Weekly Newsletter }}</ref> There is also a TCG-compliant software stack for Linux named [https://trousers.sourceforge.net/ TrouSerS], released under an open source license. There are several open-source projects that facilitate the use of confidential computing technology, including [https://github.com/edgelesssys/ego EGo], EdgelessDB and MarbleRun from [[Edgeless Systems]], as well as Enarx, which originates from security research at [[Red Hat]].
*[http://www.microsoft.com/resources/ngscb/default.mspx Next-Generation Secure Computing Base (NGSCB)] — Microsoft's trusted computing architecture
 
*[http://www.schneier.com/crypto-gram-0208.html Palladium and the TCPA] — from Bruce Schneier's Crypto-Gram newsletter.
Some limited form of trusted computing can be implemented on current versions of [[Microsoft Windows]] with third-party software. Major cloud providers such as [[Microsoft Azure]],<ref>{{Cite web |title=Azure Confidential Computing – Protect Data-In-Use {{!}} Microsoft Azure |url=https://azure.microsoft.com/en-us/solutions/confidential-compute/ |access-date=2022-02-09 |website=azure.microsoft.com |language=en}}</ref> [[Amazon Web Services|AWS]]<ref>{{Cite web |title=What is AWS Nitro Enclaves? - AWS |url=https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html |access-date=2022-02-09 |website=docs.aws.amazon.com}}</ref> and [[Google Cloud Platform]]<ref>{{Cite web |title=Confidential Computing |url=https://cloud.google.com/confidential-computing |access-date=2022-02-09 |website=Google Cloud |language=en}}</ref> have virtual machines with trusted computing features available.
*[http://www.againsttcpa.com/ Against-TCPA]
 
*[http://invisiblog.com/1c801df4aee49232/article/0df117d5d9b32aea8bc23194ecc270ec Interesting Uses of Trusted Computing]
The Intel [[Classmate PC]] (a competitor to the [[One Laptop Per Child]]) includes a Trusted Platform Module.<ref name="classmatepc">{{cite web | url=http://download.intel.com/intel/worldahead/pdf/classmatepc_productbrief.pdf?iid=worldahead+ac_cmpc_pdf | title = Product Brief: Classmate PC | author = Intel | date = December 6, 2006 | access-date = 2007-01-13 }}</ref>
*[http://www.gnu.org/philosophy/can-you-trust.html Can you trust your computer?] — essay by the FSF
 
*[http://tech.blogs.eff.org/archives/000218.html Technically Speaking blog's "Microsoft Meeting" article] -- Explains "sealed storage" in more depth than this article, yet without going into all the mathematics
[[PrivateCore]] vCage software can be used to attest [[x86]] servers with TPM chips.
*[http://www.p2pnet.net/trusted1.html Trust Computing: Promise and Risk], a paper by EFF (Electronic Frontier Foundation) staff technologist Seth Schoen.
 
*[http://comment.zdnet.co.uk/other/0,39020682,39215921,00.htm Microsoft's Machiavellian manoeuvring (ZDNet UK)] by [[Bruce Schneier]]
Google enforces [[Play Integrity API]] to Android devices with their bootloader unlocked.
*[http://www.lafkon.net/tc/ LAFKON - A movie about Trusted Computing.] Video opposed to Trusted Computing
 
Mobile T6 secure operating system simulates the TPM functionality in mobile devices using the [[ARM TrustZone]] technology.<ref>{{cite web|url=http://www.trustkernel.org|title=T6: TrustZone Based Trusted Kernel|access-date=2015-01-12}}</ref>
 
[[Samsung]] smartphones come equipped with [[Samsung Knox]] that depend on features like Secure Boot, TIMA, [[Mobile Device Management|MDM]], TrustZone and [[SE Linux]].<ref>{{cite web|url=https://news.samsung.com/global/editorial-protecting-your-mobile-with-samsung-knox|title=Samsung Newsroom|access-date=2018-03-07}}</ref>
 
== See also ==
 
{{Div col|colwidth=22em}}
* [[:wikt:Transwiki:Glossary of legal terms in technology|Glossary of legal terms in technology]]
* [[Next-Generation Secure Computing Base]] (formerly known as Palladium)
* [[Trusted Network Connect]]
* [[Trusted Platform Module]]
* {{slink|Unified Extensible Firmware Interface|Secure Boot}}
* [[Web Environment Integrity]]
{{div col end}}
 
==References==
{{Reflist|30em}}
 
==External links==
* {{Official website|http://www.trustedcomputinggroup.org|Trusted Computing Group website}}
 
[[Category:Cryptography]]
[[Category:Copyright law]]
[[Category:DigitalTrusted rightscomputing| management]]
[[Category:BusinessMicrosoft lawWindows security technology]]
 
[[it:Trusted Computing]]
Retrieved from "https://en.wikipedia.org/wiki/Trusted_Computing"