Opinion of the BSI for current reports to MS Windows 8 and TPM
Media reports currently about Windows 8 and Trusted Platform Module (TPM) that the federal government would warn against Windows 8. According to the reports keep "IT experts of the federal Windows 8 for downright dangerous." In Media Reference is also made to a paper by the Federal Ministry of Economics and Technology (BMWi) and states: "The competent professionals in the Federal Ministry of Economics, in the federal and the BSI caution because even unequivocally against the use of trusted computing the new generation of German authorities."
Explained in this respect, the Federal Office for Information Security (BSI):
The BSI warns neither the public nor the Federal German company prior to any deployment of Windows 8 The BSI is currently facing, however, some critical aspects related to specific scenarios in which Windows 8 is operated in combination with a hardware that has a TPM 2.0.
For specific user groups in the use of Windows 8 in combination with a TPM may well mean an increase in safety. This includes users who for various reasons can not take care of their security or want but trust the manufacturer of the system that this provides and maintains a safe solution. This is a valid use case, however, the manufacturer should provide sufficient transparency about the potential limitations of the provided architecture and possible consequences of the use.
From the perspective of the BSI, the use of Windows 8 in combination with a TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used. This result for the user, especially for the federal government and critical infrastructure, new risks. In particular, on a hardware, which is operated with a TPM 2.0, with Windows 8 caused by accidental errors of the hardware or operating system manufacturer, is also the owner of the IT system error conditions that prevent further operation of the system. This can cause such an extent that in case of error in addition to the operating system and the hardware used is permanently no longer be used. Such a situation would not be acceptable for the federal nor for other users. In addition, the newly established mechanisms can also be used for sabotage of third parties. These risks need to be addressed.
The BSI considered complete control over the information used technique that a conscious opt-in and the possibility of a subsequent opt-out includes, as a basic condition for a responsible use of hardware and operating systems. The resulting demands on operating systems and hardware has formulated the federal government in its issues paper on Trusted Computing and Secure Boot.
Generally it should be possible IT users to maintain a self-determined and autonomous dealing with information technology. Example This example also includes the ability to use alternative operating systems and applications at its discretion.
Thus, these conditions continue to modules can be achieved with Windows and the Trusted Platform, the BSI remains with the Trusted Computing Group, as well as with the manufacturers of operating systems and hardware in exchange for the user as well as for use in the federal and critical infrastructure to find appropriate solutions.