Building hardware-based security with a Trusted Platform Module (TPM)

Download this episode

Download Video


Windows 8 makes TPM hardware based security easy by automatically provisioning the TPM and providing new APIs and features. This session describes how customers benefit from having a system with a TPM and how to build Windows 8 apps that work with different TPM hardware.


Security, OEM, IHV, Silicon









Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      David Skoll

      Let me translate from Microsoftese to English:

      "Secure Boot prevents running an unknown OS loader" translates to "Muahahahaha!!! Take that, you Linux lusers! No more freedom for you lot!"

    • User profile image

      Is (E)LILO or GRUB considered to be a "verified OS loader" ?
      How do I boot Linux with secure booting?

    • User profile image

      So if I have ripping software, debuggers, decompilers or reverse engineering software installed on my system, then the "attestation service" will deem my system to not be "secure" ?

    • User profile image

      I want to have ownership of the TPM.
      I do NOT want Microsoft or any OEM to have ownership of the TPM.

    • User profile image
      David Skoll


      I am in charge of buying hardware at my (small) company. We buy several tens of thousands of dollars of PC hardware per year... not a lot in the big scheme of things, but a lot for a small company.

      We will UNDER NO CIRCUMSTANCES purchase any hardware that does not allow us to install Linux. So those hardware vendors who want to be Windows 8 compliant, think very carefully. If you don't provide a way to disable bootloader verification or allow end-users to insert their own verification keys, you will not get our business.

      I encourage anyone else in this position to post here.

    • User profile image

      Hands of my hardware.

    • User profile image
      Davide Bolcioni

      If there is an option to install keys of the owner's choice, and remove default keys (Microsoft's key will become a prime target for mafias and rogue states), this is a minor but welcome security improvement. If not, it's a reason to spend your money somewhere else.

    • User profile image

      Seriously, y'all. YOU own your own TPM. Not MSFT, not OEM. YOU set it up and provision it the way you want. You decide what sw is acceptable to you. This is a terrific step forward for PC security.

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you canĀ Contact Us.