Free Rootkit with Every New Intel Machine (aka TPM, AMT)
Jeff.Hodges at KingsMountain.com
Jeff.Hodges at KingsMountain.com
Tue Jun 26 18:03:41 EDT 2007
i'd also scrawled:
> my understanding from a person active in the NEA working group  (IETF)
> is that TPMs these days "come along for free" because they're included on-die
> in at least one of said chips.
pgut001 at cs.auckland.ac.nz said:
> Check again. A few months ago I was chatting with someone who works for a
> large US computer hardware distributor and he located one single motherboard
> (an Intel one, based on an old, possibly discontinued chipset) in their
> entire inventory that contained a TPM (they also had all the ex-IBM/Lenovo
> laptops, and a handful of HP laptops, that were reported as having TPMs). He
> also said that there were a handful of others (e.g. a few Dell laptops, which
> they don't carry) with TPMs.
my bad. I'd neglected to add "on enterprise-class systems" after "come along
for free" (a qualification he did indeed express). WRT to Dell notebooks,
that'd be the Latitude models.
In fact, with a little searching, i found the Dell pages below  that
indicate TPM is installed on Dell's D-series enterprise class notebooks.
david_koontz at xtra.co.nz said:
> One of the driving forces for TPM adoption going forward will be enterprise
> remote or "distributed" management.
Of course. And that's the driving force behind the IETF NEA ("Network Endpoint
Assessment") working group AFAIK .
Trusted Platform Module (TPM 1.1)
The TPM, or Trusted Platform Module ships standard on D410, D610 & D810. TPM
is a security hardware device on the system board that will hold computer
generated keys for encryption. It is a hardware-based solution that can help
avoid attacks by hackers looking to capture passwords and encryption keys to
"What is TPM?
The TPM, or Trusted Platform Module, is a security hardware device on the
system board that will hold computer generated keys for encryption. It is a
hardware based solution that can help avoid attacks by hackers looking to
capture passwords and encryption keys to sensitive data.
When deploying advanced security features like TPM in your environment, the
archive and recovery of keys protected by the TPM is critical to avoiding the
risk of data loss or inaccessibility in the event of a system failure.
The security features provided by the TPM are internally supported by the
following cryptographic capabilities of each TPM: hashing, random number
generation, asymmetric key generation, and asymmetric encryption/decryption.
Each individual TPM on each individual computer system has a unique signature
initialized during the silicon manufacturing process that further enhances its
trust/security effectiveness. Each individual TPM must have an Owner before it
is useful as a security device.
TPM is useful for any customer that is interested in providing an addition
layer of security to the computer system. The TPM, when bundled with an
optional security software package, can provide overall system security, file
protection capabilities and protect against email /privacy concerns. TPM helps
provide security that can be stronger than that contained in the system BIOS,
operating system, or any non-TPM application.
Which Dell systems support TPM?
The TPM 1.2 security hardware device comes standard on the following
LatitudeTM notebook systems: Latitude D420, D620, D820, OptiPlexTM desktop
systems: Optiplex 745, 740 and Dell PrecisionTM Mobile Workstations M65, M90.
Dell recommends the use of Microsoft® Windows® XP Professional XP
Professional operating system with TPM which includes advanced security,
mobility and networking features. TPM is currently not supported by Dell on
Red Hat® Linux® operating systems. Customers who deploy TPM should also
purchase Wave Systems Embassy Trust Suite from Dell Software & Peripherals to
enable full TPM features including key archival and migration."
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography