The Trusted Computing Group (TCG) recently announced that PCs and mobile devices using Microsoft's new Windows 8 and Windows Server 2012 will benefit from a number of security features enabled by the Trusted Platform Module (TPM).
This specification provides "a hardware root of trust" that's already used in millions of devices spanning PCs, servers, tablets and embedded systems.
The TPM is defined as "the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information." A cryptoprocessor is a dedicated system-on-chip (SoC) that handles cryptographic operations. It's supposedly tamper resistant, embedded in a packaging with "multiple physical security measures."
According to the TCG, Windows 8 supports the new Unified Extensible Firmware Interface (UEFI) Secure Boot feature which takes advantage of the TPM. Motherboard manufacturers are currently ditching the old-school legacy BIOS firmware for UEFI which – along with the TPM – checks the integrity of the system before booting into the operating system. Thus rootkits and other malware are detected early, preventing system infections.
The TCG also points out that Windows 8 also supports the TPM-dependant BitLocker which makes management of drive-based encryption easier and more automated. The TPM stores half of the key pair required to encrypt and decrypt the local drive – which is protected against malware attacks – while Windows 8 manages the encryption.
"BitLocker also uses integrity measurements stored in the TPM, using a TPM feature called 'unsealing' where the TPM will only reveal the disk encryption key if the integrity measurements have not changed. This ensures that a thief cannot boot into an attacking utility that extracts the disk encryption key," the group explained last week.
In addition to the TPM specifications, the TCG also developed widely used specifications for self-encrypting drives (SEDs) which is also supported by Windows 8. Based on the TCG specifications, these SED solutions enable encryption and access control within the protected hardware of the drive.
"Self-encrypting drives provide the industry's preferred solution for full disk encryption, protecting data when the machines or drives are lost or stolen, as well as re-purposed, warranty repair, and end-of-life," the group said. "TCG's open standards provide multivendor interoperability, allowing application vendors to provide management for multiple SED providers."
As for Windows Server 2012, the TCG said that the platform automatically provisions and manages the TPM, making the TPM aspect of network security easier for IT managers. Windows Server 2012 also supports managed boot (for preventing malware and to check system integrity), and the use of the TPM as a virtual smart card and for secure certificate storage.
For those interested in learning more about the TPM, Windows 8 and Windows Server 2012, TCG will host a security workshop, Trusted Computing: Billions of Secure Endpoints in 10 Years, at RSA 2013 in San Francisco on Monday, Feb. 25, 10 a.m. – 2 p.m. Panelists and leading IT experts, analysts and developers will address a number of security issues, including Windows 8, BYOD, data protection and security automation.
Kevin ParrishKevin Parrish is a contributing editor and writer for Tom's Hardware,Tom's Games and Tom's Guide. He's also a graphic artist, CAD operator and network administrator.
See here for all of Kevin's Tom's IT Pro articles.