For example, if a key stored in a TPM has properties that disallow exporting the key, that key truly cannot leave the TPM. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust-that is, it behaves in a trusted way.
#Data guardian windows lines software
The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. For example, software alone cannot reliably report whether malware is present during the system startup process. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone cannot achieve. OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone.
The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). These standards support a hardware-based root of trust for interoperable trusted computing platforms. The TCG exists to develop, define, and promote vendor-neutral, global industry standards. The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification.
#Data guardian windows lines full
Windows automatically provisions a TPM, but if the user is planning to reinstall the operating system, he or she may need to clear the TPM before reinstalling so that Windows can take full advantage of the TPM. Before it can be used for advanced scenarios, however, a TPM must be provisioned. TPMs were originally designed to provide security and privacy benefits to a platform's owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs are passive: they receive commands and return responses. Some newer TPM implementations integrate TPM functionality into the same chipset as other platform components while still providing logical separation similar to discrete TPM chips. However, they can be problematic for integrated devices that are small or have low power consumption. Such implementations allow the computer's original equipment manufacturer (OEM) to evaluate and certify the TPM separate from the rest of the system. Traditionally, TPMs are discrete chips soldered to a computer's motherboard. This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows.įor a basic feature description of TPM, see the Trusted Platform Module Technology Overview.
0 kommentar(er)
