Wave Systems Corp. (fka WAVXQ)

[wavedreamer]

Hi alea,

If the PC has no TPM the BIOS is implicitly trusted and fires up the PC. No Integrity checking of the boot sequence is made.

In a PC that has the TPM, the TPM is the "Core Root of Trust" and integrity measurements can be made and verified through attestation by the server. The Server (WEM) verifies that the PC Booted correctly.

To provide more security in the BIOS if a system that has a SED and TPM the SED becomes the "Core Root of Trust" and works with the TPM during the Boot sequence. The SED/TPM combination provides the ability to self heal the Master Boot Record and Hypervisor that has been discussed under the "High Assurance Platform (HAP) on the cheap" topic. It is the ultimate in providing a Secure Measured Boot and has obvious further benefits as stated.

The industry has developed a "Secure Boot" for those devices that don’t have a TPM but still need a reasonable amount of protection. The new UEFI standard that you are starting to hear more about is initiating this technology. Windows 8 has this capability.

It's all Good, and my simple understanding.