Building hardware-based security with a Trusted Platform Module (TPM)

Play Building hardware-based security with a Trusted Platform Module (TPM)
Sign in to queue


Windows 8 makes TPM hardware based security easy by automatically provisioning the TPM and providing new APIs and features. This session describes how customers benefit from having a system with a TPM and how to build Windows 8 apps that work with different TPM hardware.


Security, OEM, IHV, Silicon









The Discussion

  • User profile image
    David Skoll

    Let me translate from Microsoftese to English:

    "Secure Boot prevents running an unknown OS loader" translates to "Muahahahaha!!! Take that, you Linux lusers! No more freedom for you lot!"

  • User profile image

    Is (E)LILO or GRUB considered to be a "verified OS loader" ?
    How do I boot Linux with secure booting?

  • User profile image

    So if I have ripping software, debuggers, decompilers or reverse engineering software installed on my system, then the "attestation service" will deem my system to not be "secure" ?

  • User profile image

    I want to have ownership of the TPM.
    I do NOT want Microsoft or any OEM to have ownership of the TPM.

  • User profile image
    David Skoll


    I am in charge of buying hardware at my (small) company. We buy several tens of thousands of dollars of PC hardware per year... not a lot in the big scheme of things, but a lot for a small company.

    We will UNDER NO CIRCUMSTANCES purchase any hardware that does not allow us to install Linux. So those hardware vendors who want to be Windows 8 compliant, think very carefully. If you don't provide a way to disable bootloader verification or allow end-users to insert their own verification keys, you will not get our business.

    I encourage anyone else in this position to post here.

  • User profile image

    Hands of my hardware.

  • User profile image
    Davide Bolcioni

    If there is an option to install keys of the owner's choice, and remove default keys (Microsoft's key will become a prime target for mafias and rogue states), this is a minor but welcome security improvement. If not, it's a reason to spend your money somewhere else.

  • User profile image

    Seriously, y'all. YOU own your own TPM. Not MSFT, not OEM. YOU set it up and provision it the way you want. You decide what sw is acceptable to you. This is a terrific step forward for PC security.

Add Your 2 Cents