At time of creation, data can be designated as either migrateable or non-migrateable, depending upon the protection model required.
Finally, in order to support requirements for availability, and to guard against equipment failure, the TPM includes command infrastructure and protocols for migration of data between trusted devices, and for use of third parties as privacy or migration brokers. Additionally, the TPM can attest to the configuration of the computer to external third parties, be it the owner of a device wishing to remotely manage it, or a device manufacturer leaving a device in the hands of an untrusted third party. For example if a PC is booted into a certain trustworthy state where only a fixed set of applications are installed, the monitoring TPM could then grant access to data storage and encryption keys for high security email. Monitoring in itself has limited uses, but combined with access control for secrets based on the monitoring of state, all sorts of interesting applications become possible. The TPM can monitor and access the main bus of the computer, which allows it to keep track of and report on the configuration state of the entire computer, from the moment of power-on right through - potentially - to the execution of applications on a modern graphical operating system. The current generation of TPMs (version 1.2) are stand-alone chips which are usually surface mounted onto the motherboard of a PC, or integrated into a custom PCB for an embedded device. The Trusted Platform Module (TPM) is a special purpose microcontroller designed by the Trusted Computing Group, which interfaces with a standard hardware/software platform in order to allow it to be secured to serve the interests of just one party - the system designer.
0 kommentar(er)
