ALL4WORLD

出自Wikipedia
                                                                       
                                   TCG logo

The Trusted Computing Group (TCG), successor to the Trusted Computing Platform Alliance (TCPA), is an initiative started by AMD, Hewlett-Packard, IBM, Infineon, Intel, Microsoft, and Sun Microsystems to implement Trusted Computing. Many others followed.





Overview
TCG's original major goal was the development of a Trusted Platform Module (TPM), a semiconductor intellectual property core or integrated circuitthat conforms to the trusted platform module specification put forwardby the Trusted Computing Group and is to be included with computers toenable trusted computing features. TCG-compliant functionality has since been integrated directly into certain mass-market chipsets.
TCG also recently released the first version of their Trusted Network Connect (TNC) protocol specification, based on the principles of AAA, but adding the ability to authorize network clients on the basis of hardware configuration, BIOS, kernel version, and which updates that have been applied to the OS and anti-virus software, etc. [1]. As of December 2006, almost one hundred and fifty enterprises are members of TCG or follow its specifications.
Seagate has also developed a Full Disk encryption drive which canuse the ability of the TPM to secure the key within the hardware chip.
The owner of a TPM-enabled system has complete control over what software does and doesn't run on their system [1].This does include the possibility that a system owner would choose torun a version of an operating system that refuses to load unsigned orunlicensed software, but those restrictions would have to be enforcedby the operating system and not by the TCG technology. What a TPM doesprovide in this case is the capability for the OS to lock software tospecific machine configurations, meaning that "hacked" versions of theOS designed to get around these restrictions would not work. Whilethere is legitimate concern that OS vendors could use thesecapabilities to restrict what software would load under their OS(hurting small software companies or open source/shareware/freewareproviders, and causing vendor lock-infor some data formats), no OS vendor has yet suggested that this isplanned. Furthermore, since restrictions would be a function of theoperating system, TPMs could in no way restrict alternative operatingsystems from running , including free or open source operating systems.There are several projects which are experimenting with TPM support infree operating systems - examples of such projects include a TPM devicedriver for Linux [2], an open source implementation of the TCG's Trusted Software Stack called TrouSerS [3], a Java interface to TPM capabilities called TPM/J [4], and a TPM-supporting version of the Grub bootloader called TrustedGrub [5].

Related projects
The TPM 1.1 specification envisioned a standard PC platform equippedwith a TPM chip. In this scenario, the TPM chip can serve as a hardwarekey storage. Additionally, it can keep track of so-called measurementsof the platform (i.e. hashes of various software) and be able toproduce signed statements about the running software chain.Particularly the latter mode of operation proved unfeasible inpractice, since the amount of software that has to be measured andtrusted is very large - it includes (in addition to the systemfirmware) the operating system, drivers and application programs.Therefore numerous other TPM-related projects are in progress, thepurpose of which is to make it possible to launch and measure a trustedsubenvironment from within an untrusted environment. The TPMspecification 1.2 has been enhanced to accommodate this mode ofoperation. Additionally, hardware changes are required in the CPU andchipset (note that this should not be confused with the inclusion ofTPM functionality into the chipset even though this is a possibilitytoo). Intel's approach is called trusted execution technology.Many of Intel's Core 2 Duo CPU's are advertised to support theseextensions. However, chipset support is required for the extensions tobe operational. Currently, Intel's chipset Q35 Express supports TXT. Inaddition to chipset support, the mainboard must also feature a TPM 1.2chip. Intel currently advertises DQ35MP and DQ35JO as being compliantwith the technology. The first application of the technology will be aset of manageability enhancements under the brand name vPro. AMD's platform is called Secure Execution Mode [6](SEM).
In 2002-2003, Microsoft announced an initiative called Next Generation Secure Computing Base(formerly Palladium). This was basically a vision of how a TPM 1.2chip, CPU, chipset and software could provide an environment and asoftware ecosystem in which trusted applications (launched from within"regular" Windows) could be developed. Intel's TXT and AMD's SEM can beseen as realizations of the hardware side of the NGSCB vision. Owing tosignificant difficulties in creating a working implementation thatthird-party developers were interested in using and in unavailabilityof the enhancements to CPU and chipset, NGSCB was not included withMicrosoft's newest major operating system release, Windows Vista.Instead, Vista ships with a few technologies that can make use of asubset of the functions of the TPM chip (but not of Intel's TXT orAMD's SEM), such as BitLocker Drive Encryption, and a new version of the Microsoft Cryptography API. [7]

[编辑] Criticism
The group has faced widescale opposition from the free softwarecommunity on the grounds that the technology they are developing has anegative impact on the users' privacy and can create customer lock-in, especially if it is used to create DRM applications. It has received criticism from the GNU/Linux and FreeBSDcommunities, as well as the software development community in general.Significant backlash amongst the Trusted Computing Group was presentduring Richard Stallman's speech at the Hackers on Planet Earth conference in July 2006, in New York. Richard Stallman and the Free Software Foundationhave also criticized the group publicly in other speeches. Thecriticism calls Trusted Computing "Treacherous Computing" instead andwarns that vendors can lock out software that is not officially signedby specific vendors, rendering it unusable.
Privacy concerns with the TCG revolve around the fact that each TPMhas a unique keypair, called the "endorsement key", that identifies theplatform. In initial versions of the TPM (version 1.1), the TCGaddressed privacy concerns by suggesting the use of a "Privacy CA" thatcould certify pseudonymousmachine credentials. By having separate credentials for interactingwith different parties, actions could not be linked, and so some levelof privacy is provided. However, this requires trust in the Privacy CA,who could still link pseudonyms to the common, identifying machinecredential. Since this left unresolved privacy concerns, version 1.2 ofthe TPM specification introduced "Direct anonymous attestation": a protocol based on the idea of a zero-knowledge proofwhich allows a TPM user to receive a certification in such a way thatthe Privacy CA would not be able to link requests to a single user orplatform, while still being able to identify rogue TPMs.

TCG Founders

• AMD
• Hewlett-Packard
• IBM
• Infineon
• Intel Corporation
• Lenovo Holdings Limited
• Microsoft
• Sun Microsystems, Inc.

• 3Com
• American Megatrends, Inc.
• ARM
• Aruba Networks
• Atmel
• AuthenTec, Inc.
• AVAYA
• Broadcom Corporation
• Certicom Corp.
• Citrix Systems, Inc
• Decru
• Dell, Inc.
• Emulex Design and Manufacturing
• ENDFORCE, Inc.
• Ericsson Mobile Platforms AB
• ETRI
• Extreme Networks
• F5 Networks
• France Telecom Group
• Freescale Semiconductor
• Fujitsu Limited
• Fujitsu Siemens Computers
• Gemalto NV
• General Dynamics C4 Systems
• Giesecke & Devrient
• Hitachi, Ltd.
• Identity Engines
• Industrial Technology Research Institute
• Infoblox
• Insyde Software Corp.
• InterDigital Communications
• ITE Tech Inc.
• Juniper Networks, Inc.
• Lancope, Inc.
• Lexar Media, Inc.
• Lexmark International
• Lockheed Martin
• LSI Logic
• M-Systems Flash Disk Pioneers
• Marvell Semiconductor, Inc.
• Matsushita Electric Industrial Co. Ltd
• Maxtor Corporation
• Mirage Networks
• Motorola Inc.
• NEC
• Neoscale Systems - Now out of business due to poor products
• Nokia
• Nokia Siemens Networks GmbH & Co. KG
• Nortel Networks
• NTRU Cryptosystems, Inc.
• NVIDIA
• NXP Semiconductors
• Oxford Semiconductor
• Phoenix
• Pointsec Mobile Technologies
• Renesas Technology Corp.
• Ricoh Company LTD
• RSA, The Security Division of EMC
• Samsung Electronics Co.
• SanDisk Corporation
• Seagate Technology
• SECUDE IT Security GmbH
• Sharp Electronics Corporation
• SignaCert, Inc.
• Sinosun Technology Co., Ltd.
• SMSC
• Sony Corporation
• StepNexus, Inc
• StillSecure
• STMicroelectronics
• Symantec
• Symbian Ltd
• Toshiba Corporation
• Trend Micro
• TriCipher, Inc.
• Unisys
• UPEK, Inc.
• Utimaco Safeware AG
• VeriSign, Inc.
• Vernier Networks
• VMware, Inc.
• Vodafone Group Services LTD
• Wave Systems
• Western Digital
• Winbond Electronics Corporation

• TCG official site
• Complete list of TCG members and adopters
• TCG blog new as of Jan. 2008
• TPM security February 2008
• "Can you trust your computer?" by Richard Stallman
• TPM specification at the Trusted Computing Group
• A short video that explains negative aspects Trusted Computing (released under a creative commons license . A YouTube version of the video is here)
• Against TCPA.com
• "Staying In Control With Trusted Platform Modules" Tom's Hardware Guide analysis and opinion piece on the TCG and on TPM.
• Ross Anderson's TCPA/Palladium FAQ
• Wave Systems Corp. TPM Trust Infrastructure provider
• TCPA and Palladium Technical Analysis
• Security in Open versus Closed Systems (PDF)
• ExtremeTech article: Microsoft's Palladium: Security for whom?
• The Register story about Intel's LaGrande chip project
• Digital Rights Management issues in real-time and safety/mission critical systems
• AEL wiki on Trusted Computing with many links and press articles