Trusted Computing Group

Today at the NSA Trusted Computing Conference and Exposition, TCG announced it's going virtual. That is, it has produced "...the first Virtualized Platform Architecture, which describes how to build a trusted virtualized platform. With this specification, robust Trusted Computing technologies based on the TCG's core concepts of the hardware root of trust can be added to existing virtual machine managers (VMMs), allowing virtual machines (VM) on the same platform to share hardware roots of trust."

As noted in the FAQ posted here, Virtualized Trusted Platform Architecture Specification with the actual specification documents, "Virtualization is rapidly growing in popularity on both client and server systems. The extension of trusted computing to virtualization is a logical next step for TCG and trusted computing in general.  From the perspective of a virtual machine, it runs in a virtualized environment identically to the way it runs if it was running natively on a physical platform.  The Virtual Machine's software and trust properties should be identical in both environments.  From the perspective of trusted computing software, this means that each VM and hypervisor must have its own TPM.  But in a virtualized platform, there may be only one physical TPM and it is owned by the base hypervisor (also called a Virtual Machine Manager or VMM).

The TCG Virtualized Platform Workgroup has created the Trusted Virtualized Platform Architecture, which describes how to build a trusted virtualized platform.  The TCG Infrastructure Workgroup is developing the associated credentials and attestation protocols that go along with it.  The TCG PC Client and Server Workgroups have developed the roots of trust (SRTM and DRTM) used to launch both trusted physical platforms and virtual machines running on those platforms.  The TCG TPM Workgroup defines the TPMs (Trusted Platform Modules) on which trusted computing solutions are built."

The group is working to provide additional supporting specifications to deal specifically with various elements of the platform. As the editor notes, this new specification is like a blueprint for the house, but the details are being defined further.