Our Benefits
Take advantage of the benefits Trusted Computing technologies and membership can bring to you.
Read MoreQuick Links
FAQs
Software Stack
Can the Trusted Platform Module control what software runs?
No. There is no ability to do this. The subsystem can only act as a 'slave' to higher level services and applications by storing and reporting pre-runtime configuration information. Other applications determine what is done with this information. At no time can the TCG building blocks 'control' the system or report the status of applications that are running.
Is TCG creating specifications for just one operating system or type of platform?
No. Specifications are operating system-agnostic. Several members have Linux-based software stacks available. In addition to our work on the PC platform, we have specifications for Trusted Servers and mobile devices and are working to finalize specifications for other computing devices, including storage and infrastructure.
Does TCG require that software be certified to run on a TCG-enabled platform?
The TCG design does not have any requirement that software be “certified” in order to use it. The specification talks in some length about ways of using the platform to create certificates for keys that are provably secure and yet not identify the platform they came from. TCG’s technology has a passive role in a system. It can be used to securely record data and to securely store (and sign with) digital keys. TCG architecture does not specify where to get these certificates or how much you pay for them. Free certificates work as well as certificates you pay for. There is no single source of certificates in the market today. Anyone can set themselves up as a Certificate Authority using any number of different Certificate Authority packages. TCG has recently put together an Infrastructure Work Group to look into some of the use cases to provide possible working models.
What is the TSS?
The TSS is a software specification that provides a standard API for accessing the functions of the TPM. Application developers can use this software specification to develop interoperable client applications for more tamper-resistant computing.
What effect will the TSS specification have on applications development?
The TSS ensures application execution will provide a level of confidence that the appropriate keys (cryptographic) have been generated and used in a more secure environment.
Will these TSS-enabled applications run on multiple operating systems?
Yes. The TSS is operating system agnostic. Members are using or have shown implementations with various operating systems including Linux, and some TCG members such as NTRU Cryptosystems, Inc. offer support for open source in their products for trusted computing.
How difficult will it be for developers to use the TSS?
If an application developer has experience writing with MSCAPI or PKCS#11, it will be easy to provide TCG-enabled applications.
Storage
What is the TCG Storage Specification?
The TCG Storage Workgroup has developed the TCG Storage Specification Overview and Core Architecture Specification as Version 1.0, Revision 0.9, which describes in detail how to implement and utilize trust and security services on storage devices. TCG is making it publicly available for critical review and analysis by the larger I.T., storage, and software application and end-user communities. Storage device developers can design trusted storage devices based on this Specification and application developers can examine how their applications might exploit trusted storage devices.
Why is the Specification being released as "Version 1.0, Revision 0.9 - draft"?
The TCG is following the usual practice with storage-related standards (such as SCSI and ATA) of releasing a version for wider industry review, before publishing a final version. This version of the Specification is complete, self-contained, and capable of being implemented, and was developed by our broad base of storage industry members. Vendors can begin to engineer products based on the Specification. If a vendor would like to contribute to the final Specification, we encourage that vendor to join TCG and to participate in the Storage Workgroup.
Who would use the Storage Specification?
There are two primary audiences for this Specification:
For storage device manufacturers, TCG's Specification provides the architecture for how to implement trust and security services on storage devices.
For platform-based application developers (ISVs), the Specification describes the interface to trust and security services on storage devices, so that the application can take advantage of such services.
Of course, the ultimate benefactors of the Storage Specification are the end-users who purchase and take advantage of the security-enhanced applications that will result from using the Specification.
Have you taken into account existing standards such as those for SCSI and ATA? How are you working with other standards bodies?
SCSI (T10) and ATA (T13) are ANSI/INCITS standards committees that input their standards to ISO and provide the interface standards for a great variety of storage devices, including USB-attached storage (i.e., SCSI command set). After interaction with TCG, T10 and T13 both have defined a Trusted Send (In) and Trusted Receive (Out) command set, which have subsequently been dually standardized. Trusted Send/Receive provides the "container" commands for specific "payload" security commands. The TCG Storage Specification provides the "payload" definition for the specific Protocol ID = TCG. Other Protocol IDs can be assigned to other protocol suites, as needed.
Additionally, the Storage Specification reference adopts other trust and security standards, as appropriate (e.g., public key, cryptography, hashing).
What does this Storage Specification enable?
The Specification enables platform-based applications to take advantage of trust and security services provided by "trusted" storage devices.
What are examples of trust and security services detailed in the Storage Specification?
The Specification enables applications to take advantage of a number of trust and security services on a storage device:
Cryptography
Public key cryptography and digital signature
Hashing functions
Random number generation (RNG)
Secure storage
Cryptography
Public key cryptography and digital signature
Hashing functions
Random number generation (RNG)
Secure storage
Is the Storage Specification complete? Will there be later versions?
The Specification is complete, but is being released as a Version 1.0, Revision 0.9 - draft. Even though all the major hard drive manufacturers and a number of flash, optical, and tape manufacturers have been working together to develop this Specification, we are providing this version to the larger I.T., storage, software application and end-user communities. If a vendor would like to contribute to the final Specification, due in the near future, we encourage that vendor to join TCG and to participate in the Storage Workgroup. However, ISVs and storage device manufacturers can begin to devise implementations based on this version of the Specification now.
Will products created using today’s Storage Specification work with those based on later versions?
Yes; any enhancements and additions should be upward compatible or require minimal changes.
Will products based on the Storage Specification work in today’s PC architectures?
Yes; the Storage Specification targets applications running on either PC or server platforms and therefore takes advantage of and is compatible with PC and server architectures.
What change of behavior is required from IT managers to use products based on the Storage Specification?
Traditionally, storage devices have been viewed as "simply" storage. However, storage devices can have powerful computing systems on board and lots of available memory, all protected behind a tightly closed and access-controlled environment, largely immune to the vulnerabilities of the operating system-based platform itself (e.g., viruses). And, the data is on the storage device. Why not put the security functions related to data protection directly on the device housing the data?
TCG and its members believe that IT managers will appreciate the advantages of pairing security and data storage in the same device.
Does implementing this Storage Specification cost storage device makers more? If so, how much?
Yes; the implied firmware and hardware enhancements needed to support the Specification cost money and development resources. But, the storage device industry has a tradition of efficient and cost-effective development, as well as an "economy of scale" across such huge product volumes.
Does implementing this Storage Specification require any new or different parts for storage devices? If so, who is providing those and when will they be available?
Yes; the internal computing environment of a storage device must be enhanced to support the Specification. The storage device manufacturers themselves typically develop those core components themselves. TCG cannot speculate on availability, except to note that the storage device industry had been aggressively cooperating on the development of the Specification.
How will PC makers and users know that storage devices based on the Storage Specification meet all of its requirements? Are you planning a certification program?
The TCG Storage WG is working on security evaluation/compliance requirements as a follow-on effort.