InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,642.07
(
0.48%
)
US TECH 100
19,883.80
(
0.46%
)
Dow Jones
40,168.17
(
0.42%
)
Brent Oil
84.26
(
-0.40%
)
Bitcoin
63,050.55
(
3.73%
)

Replies to post #103038 on Wave Systems Corp. (fka WAVXQ)

Replies to #103038 on Wave Systems Corp. (fka WAVXQ)
icon url

SheldonLevine

12/02/05 9:20 AM

#103092 RE: xxxxcslewis #103038

xxxxcslewis, re: Partition

For now, just "interesting". Bare in mind that this is for Longhorn SERVER. The client specification (Vista) also calls for a SS/FVE utilities partition, but does not specifiy the functionality of the utilities.

- MSFT has reserved an area on the HD for utilities supporting the TPM

- The reserved area is not only for the use of Secure Startup/FVE, but also may be used to store utilities installed by the platform manufacturer (see italics)

- Specifically, these utilities must enable data recovery in the event of lost keys or corruption, i.e. they should include a key backup utility (see bold in Design & Implementation Note)

- The wording is rather ambiguous, it is not clear whether the key backup is only for SS/FVE Recovery keys or for all TPM keys

- It is implied that a platform manufacturer (e.g., Dell) may supply the required key backup utility

Longhorn Server Secure Startup Partition

Windows Server code named “Longhorn” Logo Program for Systems, Version 3.0
Version 3.0 Revision Draft 0.51 – 30th September, 2005

>>>
SYS-SEC-3 Systems implementing TPM support secure startup and full-volume encryption by reserving 350 MB for related utilities, outside the main OS partition

A system that implements a Trusted Platform Module (TPM), version 1.2 (or later), must provide a specific hard drive partition. To enable secure startup functionality, the hard disk layout must include at least 350 MB of reserved space inside a “utility partition,” outside the operating system partition, in an unencrypted and active Windows system partition, in which unencrypted boot utilities for full-volume encryption can exist.

This utility partition must be the active partition and must contain the boot manager and boot manager configuration (boot.ini or equivalent).

Design and Implementation Note
This utility partition is not for the exclusive use of the secure startup, full-volume encryption utilities; it may also contain platform manufacturer utilities.

If these utilities do not exist on the “utility partition,” then secure startup and full-volume encryption will not function. Additionally, these utilities enable data recovery if cryptographic keys are lost or disk or encryption corruption occurs.
<<<

I am trying to get more details on this, will post any developments.

Regards

SL