Trusted Platform Module

Hey where is my editiongs. The Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It also includes capabilities such as remote attestation and sealed storage. "Remote attestation" creates a nearly unforgeable hash key summary of the hardware and software configuration. The extent of the summary of the software is decided by the program encrypting the data. This allows a third party to verify that the software has not been changed. "Binding" encrypts data using the TPM endorsement key, a unique RSA key burned into the chip during its production, or another trusted key descended from it.^[3] "Sealing" encrypts data similar to binding, but in addition specifies a state in which the TPM must be in order for the data to be decrypted (unsealed).^[4]

A Trusted Platform Module can be used to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. For example, it can be used to verify that a system seeking access is the expected system.

Generally, pushing the security down to the hardware level in conjunction with software provides more protection than a software-only solution. However even where a TPM is used, a key is still vulnerable while a software application that has obtained it from the TPM is using it to perform encryption/decryption operations, as has been illustrated in the case of a cold boot attack.

The primary scope of a TPM (in combination with other TCG implementations) is to assure the integrity of a platform. In this context "integrity" means "behave as intended" and a "platform" is generically any computer platform - not limited to PCs or just Windows: Start the power-on boot process from a trusted condition and extend this trust until the OS has fully booted and applications running.

Together with the BIOS, the TPM forms a Root of Trust: The TPM contains several PCRs (Platform Configuration Registers) that allow a secure storage and reporting of security relevant metrics. These metrics can be used to detect changes to previous configurations and derive decisions how to proceed. A good example can be found in Microsoft's BitLocker Drive Encryption (see below).

Therefore the BIOS and the Operating System have the primary responsibility to utilize the TPM to assure platform integrity. Only then applications and users running on that platform can rely on its security characteristics such as secure I/O "what you see is what you get", uncompromised keyboard entries, memory and storage operations.

Full disk encryption applications, such as the BitLocker Drive Encryption feature of Microsoft's Windows Vista Ultimate, Windows Vista Enterprise, Windows Server 2008, and the Windows 7 Enterprise and Windows 7 Ultimate operating systems, can use this technology to protect the keys used to encrypt the computer's hard disks and provide integrity authentication for a trusted boot pathway (i.e. BIOS, boot sector, etc.). A number of third party full disk encryption products also support the TPM chip.

Access to keys, data or systems is often protected and requires authentication by presenting a password. If the authentication mechanism is implemented in software only, the access typically is prone to 'dictionary attacks'. Since the TPM is implemented in a dedicated hardware module, a dictionary attack prevention mechanism was built in, which effectively prevents from guessing or automated dictionary attacks, while still allowing the user for a sufficient and reasonable number of tries. With this hardware based dictionary attack prevention, the user can opt for shorter or weaker passwords which are more memorable. Without this level of protection, only passwords with high complexity would provide sufficient protection.

Almost any encryption-enabled application can in theory make use of a TPM, including:

• Digital rights management
• Software license protection & enforcement

These potential other uses have given rise to privacy concerns. The "physical presence" feature of the TPM addresses some of these concerns by requiring that a human sitting at the computer authorize changes to the configuration of the TPM, so that these changes cannot be performed silently and unnoticed by software.^[5] Human confirmation is mandatory for operations such as activating, deactivating, clearing or changing ownership of the TPM.^[5][6] Future operating systems are expected to have increased TPM support for additional cryptographic features.

The TPM was sardonically dubbed the "Fritz chip" by Professor Ross Anderson, Security Engineering Professor at the University of Cambridge Computer Laboratory, in reference to the former United States Senator Ernest "Fritz" Hollings, who according to Anderson "worked tirelessly in Congress to make TC a mandatory part of all consumer electronics."^[7]

Starting in 2006, many new laptop computers have been sold with a Trusted Platform Module chip built-in. In the future, this concept could be co-located on an existing motherboard chip in computers, or any other device where a TPM's facilities could be employed, such as a cell phone. On PC the LPC bus is used.

Trusted Platform Module microcontrollers are currently produced by:

• Atmel
• Broadcom
• Infineon (Infineon TPM)
• Sinosun
• STMicroelectronics
• Nuvoton (formerly Winbond)
• ITE (ITE TPM)
• Toshiba
• Intel

The Trusted Computing Group, the developers of the specification, has faced resistance in some areas to deploy this technology, especially in academia, where some authors still see possible uses not specifically related to Trusted Computing, which may raise privacy concerns. The concerns include the abuse of remote validation of software (where the manufacturer — and not the user who owns the computer system — decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database.^[8]

• China (CN)

Currently TPM is used already by almost all nameable PC- and Notebook manufactures, primarily offered on professional product lines.

Software-sided TPM are supported by several vendors:

• Acer, Asus, Dell, Inc., LG, Fujitsu Technology Solutions, HP, Lenovo, Samsung, Sony and Toshiba providing integrations on its devices.
• Infineon provides as the vendor of TPM-Chips also a comprehensive software solution, which is delivered as OEM-Version with new computers as well as separately by Infineon for products with TPM technology which complies to the TCG-standards.
• Wave Systems offers a broad range of Client- and Server-software, which runs on all TPM chip-sets. For instance, this software is pre-installed on several models from Dell and Gateway.
• Microsofts operating systems Windows Vista and Windows 7 as well as Microsoft Windows Server starting from Windows Server 2008 use the chip in conjunction with the included disk encryption software named Bitlocker.
• In 2006 with the introduction of the first Macintosh's with Intel-processors (Intel-Switch), Apple started to ship Mac's with TP-Modules. The actual models 2009-2011 doesn't hold that TPM's anymore.^{[citation needed]} There exists no such (official) driver from Apple. Only a Port under GPL.^[9]

But there are also hybrid types, e.g. where the TPM-Modul is integrated into the Ethernet-Chip as on (Broadcom) while the software which runs „on-top“ is based on Infineon.

• Hengzhi chip
• Next-Generation Secure Computing Base
• Trusted Computing
• Hardware Security Module

• Trusted Computing Group
  • Specifications
• LWN: OLS: Linux and trusted computing
• GRC podcast: Trusted Platform Module (TPM) (TPM content starts 27 minutes 30 seconds in.)
• TPM Setup (for Mac OS X)
• Trusted Computing Group Bulletin on the Security of the Trusted Platform Module (TPM) February 2008
• Take Control of TCPA
• TPM Reset Attack
• Trusted platform motherboard having physical presence detection based on activation of power-on-switch