Trusted Computing Platform becomes real in Intel Springdale

A NUMBER OF PRESENTATIONS at last week's Intel Developer Forum showed that silicon will soon be available for the Trusted Computing Platform Alliance (TCPA), and it will be here sooner than you think.

Zorba Manolopoulos, Sarathy Jayakumar and Ami Sawatzky told developers of the TPM, that's the trusted platform module, which will be built into the infrastructure of future PCs.

A TPM contains an encryption engine and protected storage, and includes a single, permanent public/private keypair which can't be moved and will work with notebooks, with desktops and in servers.

The first implementations of TPM appear to be slated for Intel own motherboards using its Springdale chipsets, but whether third party motherboard vendors will implement it as yet remains unclear.

Platform configuration registers store hashes of code and data, and are used to protect sealed data for a particular PC, and validate the event log.

Keys are permanently stored within the TPM and will rely on external components to provide any operations needing performance, suggesting that worries about the validation slowing down the boot may well be valid.

Atmel, Infineon, ST Micro and NatSemi can already provide TPM 1.1 silicon, and it will be built into some Intel desktop mobos and into the notebook reference design. IBM will ship this silicon in T30 and NetVista boxes, while the TCPA software stack, version 1.0, is due this year.

This is how it looks on a mobo.

While the silicon is wired in, it requires the BIOS to take account of its presence, with the module vendor providing BIOS drivers, which must be self contained.

A startup function scarily called The Core Root of Trust (CRTM) establishes how the TPM initialises, based on previous power states.

TPMs have to be tested with commercial software applications and multiple layers of drivers need to be validated.

The TCPA still has a lot of work to do - for example, the Fixed Token Test Harness hasn't been sorted yet.

But in May, Intel will release its 865 TPM platform - that's Springdale, so it will be built into those products. Atmel has daughter cards, documentation, demonstrations and drivers for Windows and Linux, and so too do other vendors.

* AT A separate presentation, Nathan Cornillon, a prgram manager at Microsoft, gave advice on designing applications for easy and reliable PC migration.

Cornillon acknowledges that moving from an existing PC to a new PC is beyond most people, because configuration and email setup is so difficult. Hard drive sizes and data is "becoming unmanageable", and complexity of setup leads people to think PCs are unfriendly.

An "average" end user migration takes between three days and six months and end users don't trust data migration products until they see them. Emails and contacts are hard to find.

Microsoft reckons PC growth is being slowed by the "hurdles" of migration, and 40% or so feel that these problems are enough to delay buying a new PC. Plus migration costs between $100 to $2,000 per PC.

So on May 2nd, a heap of vendors are going to start a PC Migration Working Group which will look at "capturing a PC personality", restoring said "personality" to a new PC, and "clean up the old PC".

The vendors are Altiris, Detto, Eisenworld, IBM, Intel, Laplink, Microsoft, Miramar, Symantec and Tranxition.

The really curious thing about this Microsoft presentation is that Nathan nowhere puts his hand up and says: "The reason it's complicated is because of us". But as most people use Outlook and Office, and as Microsoft upgrades its software just to generate revenues, rather than because people actually need the "new" software, it's pretty clear who the culprit is, don't you think?

See Also
Trusted Computing Platform Alliance is a secret cabal
Trusted Computing may be dumb, but you're clueless
AMI introduces "trusted computing" Palladium BIOS
AMD's Opteron won't reject unlicensed content
Treacherous Computing