Revisiting the TPM

TPMs have been shipping for nearly 8 years now.  WinMagic was an early adopter and supported TPM version 1.1 for full disk encryption before most.  We expanded our support to the more main stream version 1.2 TPMs when they started shipping.  Now more than 100 Million TPMs are out there in laptops and other devices, and soon many, many  Version 2.0 TPMs will join them.  TPM 2.0 and disk encryption will be a good topic for a future blog but today I am going to set the ground work on where we are today.

First, what is a TPM?   According to Wikipedia (   “The Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor. The TPM technical specification was written by a computer industry consortium called the Trusted Computing Group (TCG).” WinMagic is a member of the TCG which among other things also sets the “Opal” and “Enterprise” standards for self-encrypting drives (SED).

While TPMs have lots of capabilities the key thing that a TPM can bring to a computing device is a hardware root of trust.  It has unique asymmetric keys (e.g. RSA keys) built right into the chip which can be used to uniquely identify the device and secure storage that cannot be tampered with.  That, along with a capability to take “measurements” of the firmware and software environments enables  a system with a TPM not only to  reliably attest to its identify, but also that it was in a known state and has not been not tampered with before the OS is booted.  If malware can take control of a platform underneath or before the OS, there can be no trust in the booted system. This is a significant step in establishing a chain of trust that can extend right into OS present software.

One of the asymmetric keys built into the TPM is known as the storage root of trust.  SecureDoc can leverage this root of trust to ‘protect’ the software encryption keys or, in the case of SEDs, the authentication keys used to unlock the Opal drive.    Interestingly when using the storage root of trust one doesn’t actually store anything in the TPM.   However, some TPMs do have secure non-volatile memory and in our version bundled with HP we can store backup keys securely right inside the TPM.

If you would like to see TCG Opal drives and TCG TPMs working together, Intel and WinMagic are participating in the Demonstration Showcase at TCG’s annual workshop during RSA Conference 2014  on Monday February 24, 2014 in San Francisco. Through this demonstration, WinMagic will leverage an HP laptop with an Intel SED to show how easy it is for business users to take advantage of the security provided by HP Drive Encryption; to manage a TCG Opal SED and leverage the built-in TPM as part of the authentication process and recovery process.

Previous Post
Busy Growing
Next Post
Constant Improvement

Related Posts

Assessing Security & Risk

This week I’ve been in National Harbor, MD attending the Gartner Security & Risk Management Summit. As a newcomer to this event, it’s been a whirlwind few days delivering excellent content and insights into key market trends and customer needs.…
Read more

Securing the Cloud

Recently it was revealed that Oregon Health & Science University (OSHU) staff were storing patient data in a cloud storage solution – namely, Google Drive. What’s the big deal? It’s Google, it has to be secure right? (more…)
Read more

The importance of partners

Go to market strategies for vendors varies in approach whether it’s entirely direct, indirect or an amalgamation of both. WinMagic adheres to a hybrid approach that best matching the requirements of the customer or business practices within a given region.…
Read more

Visionary! – Gartner Magic Quadrant

Being a software company focused on Mobile Data Protection (MDP) means we’re constantly trying to evolve our products and services. And according to Gartner Inc. that’s paying off as once again we were recognized as a Visionary in their annual…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Contact Us

This will close in 15 seconds