Trusted Computing Group TPM Adds Security to Platforms Using Windows 8 and Windows Server 2012
Date Published: December 6, 2012
PORTLAND, Ore., Dec. 6, 2012 – PCs and mobile devices using the new Windows 8 operating system and Windows Server 2012 will benefit from a number of security features enabled by the TPM, or Trusted Platform Module.
The TPM, based on specifications created by the Trusted Computing Group provides a hardware root of trust that is embedded into hundreds of millions of endpoints, including PCs, servers, tablets and embedded systems. TCG also has developed widely used specifications for self-encrypting drives (SEDs), network security and mobile device security. More than a billion endpoints in total are protected with Trusted Computing Group-based technologies.
All systems using Windows 8 include the new Unified Extensible Firmware Interface (UEFI) Secure Boot feature. UEFI replaces the legacy BIOS firmware used in older systems. UEFI Secure Boot checks the integrity of UEFI drivers and applications as part of the boot process and can prevent the execution of pre-OS system malware. The optional TPM can record or measure the state of per-OS code and data, thus to detect the presence of rootkits and other system infections. When used together, UEFI Secure Boot and TPM measurements work to increase the integrity of the platform.
Windows 8 also makes management of drive-based encryption easier and more automated, using the BitLocker capability. The TPM stores half of the key pair required to encrypt and decrypt the drive, with the encryption managed by the operating system. The key in the TPM is protected against attacks.
BitLocker also uses integrity measurements stored in the TPM, using a TPM feature called “unsealing” where the TPM will only reveal the disk encryption key if the integrity measurements have not changed. This ensures that a thief cannot boot into an attacking utility that extracts the disk encryption key.
Windows 8 also supports the growing category of self-encrypting drives (SEDs). SEDs, based on TCG specifications, provide full-disk encryption on the drive quickly and transparently to users.
Systems with Windows 8 also can more effectively manage and protect installed software. Windows Server 2012 automatically provisions and manages the TPM, which is anticipated to make the TPM significantly more useful to IT managers. It supports managed boot to prevent malware and to check system integrity. It also supports using the TPM as a virtual smart card and for secure certificate storage.
TCG will host a security workshop, Trusted Computing: Billions of Secure Endpoints in 10 Years, at RSA 2013 in San Francisco on Monday, Feb. 25, 10 a.m. – 2 p.m. Panelists and leading IT experts, analysts and developers will address a number of security issues, including Windows 8, BYOD, data protection and security automation.
The Trusted Computing Group (TCG) provides open standards that enable a safer computing environment across platforms and geographies. Benefits of Trusted Computing include protection of business-critical data and systems, secure authentication and stron protection of user identities, and the establishment of stron machine identity and network integrity. Organizations using built-in, widely available trusted hardware and applications reduce their total cost of ownership. TCG technologies also provide regulatory compliance that is based upon trustworthy hardware. More information and the organization's specifications and work groups are are available at the Trusted Computing Group's website, www.trustedcomputinggroup.org. Follow TCG on Twitter and on LinkedIn.
Brands and trademarks are the property of their respective owners.Back to News Listing