Building hardware-based security with a Trusted Platform Module (TPM)

Sign in to queue

Description

Windows 8 makes TPM hardware based security easy by automatically provisioning the TPM and providing new APIs and features. This session describes how customers benefit from having a system with a TPM and how to build Windows 8 apps that work with different TPM hardware.

Tags:

Security, OEM, IHV, Silicon

Day:

2

Code:

HW-462T

Room:

Kodiak

Embed

Download

Download this episode

The Discussion

  • User profile image
    David Skoll

    Let me translate from Microsoftese to English:

    "Secure Boot prevents running an unknown OS loader" translates to "Muahahahaha!!! Take that, you Linux lusers! No more freedom for you lot!"

  • User profile image
    Anonymous

    Is (E)LILO or GRUB considered to be a "verified OS loader" ?
    How do I boot Linux with secure booting?

  • User profile image
    Anoymous

    So if I have ripping software, debuggers, decompilers or reverse engineering software installed on my system, then the "attestation service" will deem my system to not be "secure" ?

  • User profile image
    Anonymous

    I want to have ownership of the TPM.
    I do NOT want Microsoft or any OEM to have ownership of the TPM.

  • User profile image
    David Skoll

    NOTE TO HARDWARE VENDORS:

    I am in charge of buying hardware at my (small) company. We buy several tens of thousands of dollars of PC hardware per year... not a lot in the big scheme of things, but a lot for a small company.

    We will UNDER NO CIRCUMSTANCES purchase any hardware that does not allow us to install Linux. So those hardware vendors who want to be Windows 8 compliant, think very carefully. If you don't provide a way to disable bootloader verification or allow end-users to insert their own verification keys, you will not get our business.

    I encourage anyone else in this position to post here.

  • User profile image
    Dennis

    Hands of my hardware.

  • User profile image
    Davide Bolcioni

    If there is an option to install keys of the owner's choice, and remove default keys (Microsoft's key will become a prime target for mafias and rogue states), this is a minor but welcome security improvement. If not, it's a reason to spend your money somewhere else.

  • User profile image
    Jay

    Seriously, y'all. YOU own your own TPM. Not MSFT, not OEM. YOU set it up and provision it the way you want. You decide what sw is acceptable to you. This is a terrific step forward for PC security.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you canĀ Contact Us.