Windows 8: Trusted Platform Module as a virtual smart card

Windows 8: Trusted Platform Module as a virtual smart card


TPM 1.2 by Infineon beginning of the millennium, the Trusted Platform Module (TPM) of the former TCPA and today's Trusted Computing Group (TCG ) discusses still hot , now the technology is widespread - but not in desktop PCs and notebooks for private individuals (consumers), but almost exclusively in office computers and business notebooks with Intel's vPro chip or Q-sets . State of the art is still the TPM 1.2 , which has been using Windows Vista BitLocker protection full-disk encryption - and the only option, alternatively extends a USB flash drive. TCG Opal, a specification is ready with the hardware full disk encryption (Self-Encrypting Drives / SEDs) can be bound to the TPM on the motherboard, but to play it also has its (UEFI) firmware: This can not be retrofitted to any PCs.


Measured Boat: The TPM identifies firmware, bootloader, operating system and ELAM-drivers to be safe.
Image: With Microsoft Windows will now integrate the TPM 8 Microsoft stronger and also mentioned plans regarding the previously discussed TPM.next TPM 2.0. Whose specification is available but probably not fixed yet. Windows is at least 8 TPM-1.2-or 2.0-compatible TPM chips - and probably integrated solutions - involve much more than Windows 7 and Vista. It starts at system startup: Secure UEFI Boot is basically true from without TPM, but if one exists, the system can the signatures of the UEFI firmware itself, the bootloader (winload.efi), the kernel and a special early- Launch Anti-malware (ELAM) driver using the key stored in the TPM test. Microsoft talks about boat Measured. Also ELAM concept is new in Windows 8: Even before the actual startup routines can start, such as searching for rootkits. Intel plans to turn in cooperation with the newly acquired  McAfee division, with Deep Safe on vPro PCs finally  the concept to implement the parallel operating system as a virtual machine running a network scanner.


Windows uses TPM 8 flexible
Image: Microsoft Even after the launch will be in Windows 8 will use TPM functionality. So shall help a Windows wizard at the start of the TPM, so far it was other software needed. Unlock by Network BitLocker can, for example, the hard drive encryption in the network unlock automatically when a Windows-8-server as a DHCP server running. Outside the company network, the user must then BitLocker operate as usual with a password - if a device is stolen, the data on the hard disk are also protected, unless the PC can not connect to the corporate network. The TPM will also continue to be used as a certificate store, as well as virtual smart card.

The TPM functions are aimed mainly at corporate customers, Microsoft wants to convince the additional functions of the Windows preferences.