The first way most IT pros experience TPM is through BitLocker, Microsoft’s enterprise disk encryption offering.
Now, let’s look at how TPM is used across Windows in both obvious and not-so-obvious ways. Microsoft just required OEMs of Windows 10 and Windows Server 2016 devices to include TPM 2.0 if they wanted Microsoft endorsement of their support for Windows running on their hardware. Previous versions of Windows (including Windows Server) could use TPM, even if not a hard requirement. To protect against brute-force attacks, TPM also benefits from automatic locks on repeated failures, and an optional capability to block key exports. The Platform Crypto Provider in Windows creates cryptographic keys to be stored in the TPM, and Windows can then access the keys without storing them in its memory. The TPM has memory that cannot be accessed even by the OS, which secures it against manipulation and sniffing. For example, a risk exists where attackers can compromise an operating system to access objects in memory. TPM can also achieve certain things using hardware that software simply cannot achieve. Originally, Windows 11 had a ‘hard floor’ requirement of TPM 1.2, but Microsoft subsequently decided to use TPM 2.0. With the move to TPM 2.0 in 2014, the algorithms ceased to be defined in the standard, so manufacturers could introduce new ones to improve security without revising the standard. The TPM specification, managed by the Trusted Computing Group (TCG), has matured over time to protect against vulnerabilities and follow trends in acceptable security practices.įor example, evidence emerged that the SHA-1 hashing algorithm of TPM 1.2 might be vulnerable in proof-of-concept attacks. Using dedicated (‘discrete’) or integrated hardware, Trusted Platform Modules have, since 2003, guarded cryptographic secrets. Now eight months after the Windows 11 announcement and five months removed from its general release, this article outlines the benefits of TPM and examines to what extent the requirement will protect devices from the most common threats. Interest in why Microsoft wants PCs to have TPM 2.0 immediately skyrocketed: Figure 1: Google search trends for TPM following Windows 11 requirements announcement. In contrast to the requirements of Windows 10, Windows 11 has a notable security hardware requirement: to install Windows 11, PC configurations must include version 2.0 of the Trusted Platform Module (TPM). In June of 2021, Microsoft announced the requirements for Windows 11.
0 kommentar(er)
