Trusted Computing

[awk]

The TPM ramp-up…

Microsoft has announced that they will ship their new secure operating system code named “Longhorn” in 2006 (See also the following CNET article)

According to this Microsoft PowerPoint presentation the hardware architecture and the OS - “Longhorn” - have been re-architected to accommodate ISV’s in that they will not have to rewrite their applications to leverage the secure “Longhorn” OS.

According to the same Microsoft PowerPoint presentation the hardware depends on the Trusted Platform Module version 1.2

So, is it fair to assume that by the time “Longhorn” ships (2006) all new PCs – some 180 million – will be equipped with the 1.2 TPM?

It is inconceivable that the OEMs will deploy hardware that won’t be able to run “Longhorn”.
You decide! I say, from 15 million TPMs in 2004 to 180 million TPMs/annum within 2 years!



Longhorn will feature 'secure' components

http://news.zdnet.co.uk/software/windows/0,39020396,39153737,00.htm

Robert Lemos
CNET News.com
May 06, 2004, 08:40 BST

Microsoft says it still wants to incorporate major security features into its next operating system

Microsoft on Wednesday warned developers at its WinHEC conference that changes continue to be made in the security technology component it plans for next-generation PCs.

Responding to reports that it had decided to scrap plans for a security-focused architecture for Longhorn, its next version of Windows, the software giant stressed that it still aims to get major features into the OS.

"I can't speak to what (the features in) Longhorn will be," Mario Juarez, a product manager for Microsoft's Security Business and Technology Unit, told ZDNet UK sister site CNET News.com via phone on Wednesday. "I can tell you that... we are definitely aiming to have these features in the Longhorn time frame." Longhorn is set for release in the first half of 2006.

Working with hardware makers such as IBM and Intel, Microsoft aims to develop next-generation hardware and software that can better protect data from attackers, viruses and digital pirates. The architecture, referred to as trusted PC, generally promises to do four things: secure input from devices such as the keyboard, protect application data from modification, encrypt storage and allow for attestation, which lets organisations that "own" content on a person's computer ascertain whether the data or software has been modified.

A year ago at WinHEC (the Windows Hardware Engineering Conference), Microsoft showed off a security prototype to demonstrate to developers what the secure features might look like in Windows.

But the recent qualifications made by the project team indicate that Microsoft still hasn't solved key design issues for its version of the "trusted PC" security technology, which it calls the next-generation secure computing base, or NG-SCB. For example, the company's software architects still haven't decided on the way in which Microsoft will patch the core of the secure OS or allow for restoring backups to a computer. Both activities change protected data and will run afoul of the protections erected by NG-SCB.

"It is still up in the air, along with the rest of the stuff," Juarez said.

What's not up in the air, he said, is Microsoft's commitment to producing software that, when paired with new computing hardware, can better secure data.

"Exactly how the implementation will work is what we are focused on now," he said.

One consideration is that customers are asking for more features to be available to applications without the need for the expensive rewriting of software, Juarez added.

"What our customers told us is that these features are valuable, but they... [want us] to find a way to offer some of the secure computing experience out of the box," he said.

Critics maintain that the fourth feature of Microsoft's trusted PC plan, remote attestation, could lead to major privacy issues. A paper the Electronic Frontier Foundation released last October applauded three features of Microsoft's scheme but criticised remote attestation as a threat that could lock people into certain applications, force unwanted software changes on them and prevent reverse engineering.

Such considerations could still be taken into account, as the Microsoft system is refined.

"The bottom-line message is that we have taken a lot of feedback from customers -- we are making some evolutionary updates to the architecture," Juarez said.