While billions of TPMs have been embedded into all kinds of computing devices – from PCs to gaming machines – provisioning the TPM for real-world use historically posed some challenges.
TCG has been working in recent years to change this. Last year, we released the AIK enrollment protocol.
This week, TCG and its Infrastructure Work Group have released a new specification, the Endorsement Key (EK) and Platform Certificate Enrollment Specification.
The spec, based on an IETF standard certificate management protocol (CMC), allows certificate authorities (CAs) already supporting CMC to add support for issuance of TCG Enrollment Keys and platform certificates. By adding support for existing certificate authorities, provisioning certificates for TPMs becomes much easier – thereby making the integration of TPMs into existing access control and authentication infrastructure easier and more effective.
What is the benefit of this spec? For one, TPMs can attest to the state of a platform and can supplement TNC protocols, protecting networks and ensuring the integrity of endpoints trying to connect.
For hardware with TPMs, the spec also enables a chain of trust ensuring that a key is bound to a particular platform. Because the root of trust is hardware, the assurance and resulting security are better than if this all happened in software.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.