Talk:Trusted Computing Group

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A problem with "vendor of a TPM-enabled system has complete control"[edit]

This is a controversial topic and needs to be treated with accuracy. The statement that "The vendor of a TPM-enabled system has complete control over what software does and does not run on the owner's system" is factually wrong and misleading. I don't feel expert enough to do the edits but an expert should look at these pages.

In particular, I am currently running linux on a TPM enabled system (TPM is turned on in the BIOS), have made modifications to the kernel and the like with no problems. The TPM measures some or all of the boot but does not stop anything from running. I have run Linux kernels that use the TPM to measure the boot and ones that do not - they both work. (I have yet to run a kernel with an unbroken chain of trust to the root.)

However, the problem described above with BitLocker does make sense and is what I would expect. What has happened is that BitLocker is designed to use keys stored in a TPM that are only released on a trusted platform. When the boot loader is altered, the TPM no longer knows that it can trust the boot loader and the it does not release the keys. This mechanism may prevent malware from being installed in the boot loader. Unfortunately I can see that it would also make problems for a legitimate user operating a dual boot. — Preceding unsigned comment added by Turtle59 (talkcontribs) 18:57, 16 January 2015 (UTC)

Poor article[edit]

This is a poor article if someone just wants to find out quickly what the TCM chip actually is. Basically it is chip integrated onto the motherboard. The chip itself is an embedded computer (with CPU, RAM, Firmware, encryption keys). As it is self-contained in one chip, it is considered a 'secure environment' from where encryption/authentication can take place (e.g. protected any malware that may be present on the computer's OS). The chip can only be communicated with using it's API; crucially, the build-in encryption keys cannot be read or modified in any way by the OS (or by using any physical method).

External links modified[edit]

Hello fellow Wikipedians,

I have just modified 2 external links on Trusted Computing Group. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

You may set the |checked=, on this template, to true or failed to let other editors know you reviewed the change. If you find any errors, please use the tools below to fix them or call an editor by setting |needhelp= to your help request.

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

If you are unable to use these tools, you may set |needhelp=<your help request> on this template to request help from an experienced user. Please include details about your problem, to help other editors.

Cheers.—cyberbot IITalk to my owner:Online 02:11, 3 April 2016 (UTC)