Much has been made about what exactly can be accomplished with the Trusted Platform Module, or TPM. Now that Windows 8 is available, that question becomes easy: lots can be done with the TPM to ensure better system, data and network security.

One key use is authentication – a topic that is seeing lots of interest these days with recent moves by Apple, Google and others to implement stronger authentication.

At last month’s RSA conference, TCG member Wave Systems showed effective strong authentication using the embedded TPM and Windows 8.

With Windows 8 a new environment for security solution providers to utilize for PBA has arrived: UEFI.  The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. UEFI is meant as a replacement for the Basic Input/Output System (BIOS) firmware interface, present in all Windows-based personal computers.* When UEFI Secure Boot is turned on it means that the PBA software has to be ‘signed’ by Microsoft or the OEM so that it can be trusted to execute. With Secure Boot turned on computers are less susceptible to attacks on the booting process such as the Evil Maid attack.

The TPM also can be used to monitor the security and health of the PC boot environment.  For example, Wave Endpoint Monitor (WEM) determines the health of the endpoint based on TPM-secured Platform Configuration Register (PCR) measurements.  In this demo, a “healthy” laptop is granted access to Wave Cloud.  When WEM detects a suspicious change on the laptop – for example, by a firmware virus – the laptop is denied access to Wave Cloud. 

For more info on this demo and others at RSA Conference 2013, go to http://www.trustedcomputinggroup.org/resources/rsa_2013__trusted_computing_billions_of_secure_endpoints_in_10_years.