Security with the Trusted Platform Module
Trusted Computing
The Trusted Platform Module on your computer's motherboard could lead to better security for your Linux system.
The security of any operating system (OS) layer depends on the security of every layer below it. If the CPU can't be trusted to execute code correctly, there's no way to run secure software on that CPU. If the bootloader has been tampered with, you cannot trust the kernel that the bootloader boots. Secure Boot allows the firmware to validate a bootloader before executing it, but if the firmware itself has been backdoored, you have no way to verify that Secure Boot functioned correctly.
This problem seems insurmountable: You can only trust the OS to verify that the firmware is untampered with if the firmware itself has not been tampered with. How can you verify the state of a system without having to trust it first?
The answer lies in a set of technologies collectively referred to as Trusted Computing. A consortium of companies called the Trusted Computing Group [1] maintains the specifications related to Trusted Computing. At the heart of the Trusted Computing environment is a small hardware component called a Trusted Platform Module (TPM). The TPM is a chip connected by bus to the system motherboard, and sometimes it can be retrofitted as a module (Figure 1). TPMs are not fast or powerful – almost anything that can be done on a TPM can be done much faster on the CPU. Neither can the TPM see what's happening on the rest of the system; TPMs know only what the rest of the computer chooses to tell them.
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia