Our Benefits

Take advantage of the benefits Trusted Computing technologies and membership can bring to you.

Read More

Quick Links

FAQs


Trusted Platform Module

Can the Trusted Platform Module control what software runs?

No. There is no ability to do this. The subsystem can only act as a 'slave' to higher level services and applications by storing and reporting pre-runtime configuration information. Other applications determine what is done with this information. At no time can the TCG building blocks 'control' the system or report the status of applications that are running.

Is TCG creating specifications for just one operating system or type of platform?

No. Specifications are operating system-agnostic. Several members have Linux-based software stacks available. In addition to our work on the PC platform, we have specifications for Trusted Servers and mobile devices and are working to finalize specifications for other computing devices, including storage and infrastructure.

Does TCG require that software be certified to run on a TCG-enabled platform?

The TCG design does not have any requirement that software be “certified” in order to use it. The specification talks in some length about ways of using the platform to create certificates for keys that are provably secure and yet not identify the platform they came from.  TCG’s technology has a passive role in a system. It can be used to securely record data and to securely store (and sign with) digital keys. TCG architecture does not specify where to get these certificates or how much you pay for them. Free certificates work as well as certificates you pay for. There is no single source of certificates in the market today. Anyone can set themselves up as a Certificate Authority using any number of different Certificate Authority packages. TCG has recently put together an Infrastructure Work Group to look into some of the use cases to provide possible working models.

How does Microsoft’s BitLocker technology relate to the TPM and to the efforts of TCG?

Microsoft BitLocker™ Drive Encryption is designed to make use of a Trusted Platform Module (TPM) 1.2 and the associated PC Client Specifications developed by TCG to protect critical system files and user data and to help ensure that a computer running Windows Vista has not been tampered with while the system was offline.

Is the TPM required for BitLocker? If so, is it only the 1.2 version?

For BitLocker™ to make use of a TPM, it must be a 1.2 version and the system must have a BIOS that meets TCG requirements. While it is possible to use BitLocker™ without a TPM by storing the keying material on a USB flash drive, this is not the preferred customer configuration, nor is it expected to be typical usage due to the cost and manageability challenges associated with this mode of use.

How does the server specification relate to the Trusted Platform Modules (TPMs)? Is a TPM required for these servers?

Trusted servers are required to contain TPM functionality that meets the requirements of the TPM specification (1.1b or 1.2). The specification is complementary to the TPM specification and defines the behavior and requirements of a trusted server.

Will server TPMs be different from PC ones? How is TCG addressing this?

Currently, the trusted server may be designed using the same TPMs found in trusted clients. There is no reason, however, that a TPM or system vendor could not develop TPMs with higher bandwidth capabilities, as long as the interface specifications are met. In the future, TCG may add additional TPM commands to provide for additional server operational or management capabilities.

How do the Infrastructure specifications relate to the Trusted Platform Module (TPM) shipping in PCs today?

These specifications are directly relevant to the TPM in PCs today and represent the next phase of infrastructure support for the operations of the platforms containing the TPM.

The TPM represents the trust anchor within the platform for the truthful reporting of the state of the platform. This feature is called "attestation" of the platform and represents a core value proposition of trustworthy computing. With the PTS specification, not only can the TPM be used to protect sensitive information, it can also be used to produce irrefutable reports (in a standardized format) regarding the TPM and the platform as a whole.


Previous