335

For years, the Trusted Platform Module (TPM) specification has had the final say in securing personal computers, industrial computers, and servers. TPM has created a set of standards and interfaces that enable system builders to transform digital security into system hardware.

The TPM creates what’s known as a “root of trust” using unique encryption keys that are written to physical media soldered directly to the motherboard. This is how OS manufacturers like Microsoft can enable secure, whole-disk encryption to lock data even if a disk is removed, and enable system checks that verify low-level boot code (Boot code) before allowing it to be executed.

This model for system security took on a new dimension when Intel introduced Platform Trust Technology (PTT) architecture, which implements TPM in system firmware. For your operating system and applications, PTT looks and acts like a TPM. The difference is that computers with Intel PTT do not require a special processor or memory. Instead, they rely on secure access to the system’s main processor and memory to perform low-level system authentication.

The result: PTT is used in low-power PCs, tabledollarser and other devices that cannot handle the additional cost, complexity, power consumption or required physical space that came with hardware-based TPM in the past.

TPM is currently at version 2.0, and its role has become more vital as cyber-threatdollarser continues to target even the lowest levels of systems, such as the Master Boot Record, system firmware, and operating system files, where even traditional anti-malware solutions can be vulnerable.

The TPM works by storing key information protected on a tamper-proof chip, which includes a unique Endorsement Key (such as a digital fingerprint) embedded in silicon at manufacture to authenticate the host hardware. A dedicated cryptographic microprocessor processes important data and verifies the integrity of low-level system assets such as boot files and system Firmware. If a change is detected, the TPM blocks the installation of compromised files or software and stops attacks before they start.

Implementing the TPM on dedicated hardware has a significant advantage. TPM isolates the security infrastructure from the main system, making it extremely difficult to leak, tamper, or compromise. But it adds cost and complexity to system designs, meaning that many devices that can take advantage of this level of security don’t have it.

Intel’s PTT was introduced in 2013 on select fourth-generation Intel Core processors and chip sedollars, including the Intel Haswell ULT multi-chip packs, as well as Atom-based, system-on-chip (SoC) solutions like Bay Trail. PTT enables low-cost and low-power devices to support the same root of trust enabled by the hardware-based TPM. It also supports all Microsoft requirements for Firmware Trusted Platform Module (fTPM) 2.0.

A similar application—ARM’s TrustZone scheme—provides TPM capabilities for low-power, ARM processor-based portable devices such as the tabledollarser.

PTT is particularly important in the industrial PC field. It allows organizations to create the same exacting levels of security in their compact, fanless systems and devices as they do for desktops, workstations, and servers. PTT-enabled IPCs significantly reduce the attack surface for systems that often sit unattended in remote or public areas.

There was a time when IT administrators had to choose between robust security IPCs or compact, low-power designs. Computers with Intel PTT put an end to this need for selection.


Like it? Share with your friends!

335
Michael Lewis

0 Comments

Your email address will not be published. Required fields are marked *