Tag Archives: tpm

Trusted Platform Module

Posted on by

Software can use a Trusted Platform Module to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication.

Generally, pushing the security down to the hardware level in conjunction with software provides more protection than a software-only solution. However even where a TPM is used, a key is still vulnerable while a software application that has obtained it from the TPM is using it to perform encryption/decryption operations, as has been illustrated in the case of a cold boot attack.

via Trusted Platform Module – Wikipedia, the free encyclopedia.

“Trusted Platform Module (TPM) Specifications”. Trusted Computing Group.

Protecting the pre-OS environment with UEFI

Posted on by

Quick summary

  • UEFI allows firmware to implement a security policy
  • Secure boot is a UEFI protocol not a Windows 8 feature
  • UEFI secure boot is part of Windows 8 secured boot architecture
  • Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
  • Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
  • OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

Via Protecting the pre-OS environment with UEFI – Building Windows 8 – Site Home – MSDN Blogs.