Several major original equipment manufacturers (OEMs) are now qualifying Momentus SEDs that are compliant with the Trusted Computing Group’s Opal specification. The Trusted Computing Group, an international body that promotes open standards for computer security, issued the Opal specification in 2009. The specification is focused on enabling the ecosystem for self-encrypting drives and increasing their adoption.

It would appear that from their range of self-encrypting drives (SED), namely Savvio, Cheetah, Constellation, and Momentus, only Momentus are TCG Opal-compliant, with the implication for the other drives the encryption keys are stored elsewhere then loaded onto the drive controller at boot time.

If you’re buying a Seagate for client use, I would strongly recommend you make sure it is an Opal-compliant one you are getting!

[I]t would make the most sense for device manufacturers and software designers to separate the iPhone’s payment function from other apps using a Trusted Platform Module (TPM) that can be used to securely store information using cryptographic keys.

The first half of the sentence is good, but the bit about the TPM doesn’t really make sense to me. Of course, rather than a TPM a Mobile Trusted Module (MTM) would be more appropriate, but neither is a magic bullet that will securely store information. They can securely protect encryption keys and use these keys to encrypt and decrypt data securely, but they do do not provide general purpose secure storage. Instead, GlobalPlatform (there are other initiatives, of course) is specifying a complete trusted execution environment that will allow payment functions to be separated off as Mr Nigriny desires:

Using a trusted computing platform type of chip makes the most sense since you know that your other apps won’t bleed over into the trusted payment method.

It’s good that people independent of the Trusted Computing Group are bringing up these sorts of issues, but there still needs to be a lot of education.

Hardware-based trusted computing platforms are intended to overcome many of the problems of trust that are prominent in computing systems. In this paper, a result of the Software Engineering Institute’s Independent Research and Development Project "Trusted Computing in Extreme Adversarial Environments: Using Trusted Hardware as a Foundation for Cyber Security," we discuss the capabilities and limitations of the Trusted Platform Module (TPM). We describe credential storage, device identity, chains of trust, and other techniques for extending hardware-based trust to higher levels of software-based infrastructure. We then examine the character of trust and identify strategies for increasing trust. We show why acceptance of TPM-based trust has been limited to date and suggest that broader acceptance will require more focus on traditional trust issues and on end-to-end services.

It is available for download for free from the university’s Software Engineering Institute.

Security should be integrated into future networks from the beginning, not as an extension. Secure identities and authentication schemes are an important step to fulfil this quest. In this article, we argue that home networks are a natural trust anchor for such schemes. We describe our concept of home networks as a universal point of reference for authentication, trust and access control, and show that our scheme can be applied to any next generation network. As home networks are no safe place, we apply Trusted Computing technology to prevent the abuse of identities, i.e., identity theft.

The full paper is available for download.

Intel is also upgrading its Wi-Di technology, which enables users to wirelessly transmit images and video from a PC to a high-definition TV. Users will now be able to stream 1080p content, an improvement from the previous 720p resolution. Users will also be able to stream protected movies from the Intel Insider feature, Regis said.

At a first read, to me that just sounds like they will have support for wireless HDMI, but the blog gets a bit of a bee in its bonnet about Canadian copyright laws and whether a TPM in terms of said law is a Technical Protection Method or a Trusted Platform Module. (I’ve got a feeling I blogged about this before, but I cannot find it.) It is the first to the best of my understanding, but the article assumes its the second – the second can support the implementation of the first – and quickly goes off down the slippery slope of DVDs that will only play on Intel chips.

It’s a bit depressing that even though the person interviewed is very knowledgeable about both the legal and technical aspects of content protection, he either consciously or unconsciously chooses to paint a Doomsday scenario.

One issue is China’s strategy of developing closed, national standards for trusted computing through Trusted Cryptography Modules (TCM) rather than through participation in the ISO and Trusted Computing Group. The Chinese TCM requires that cryptographic algorithms and protocols used to perform specific security tasks, such as verifying that only authorized codes run on a system, be based on Chinese technology. U.S. industry representatives have raised concerns that Chinese development of TCM technology is motivated by the desire to reduce royalties for patents embedded in TCG technology standards and that it will negatively affect interoperability and globally integrated supply chains.

As the usual disclaimer, I will point out that the TCG’s TPM does not perform nor specify how to  "verify[…] that only authorized codes run on a system", although I could easily believe that the Chinese TCM does.

The answer might be in Scott Charney’s title: vice president of trustworthy computing. Microsoft, of course, is a leading member of the Trusted Computing Group (TCG). The TCG has developed specifications for how to control what can and cannot run on a computer – and this can already be achieved via Intel chips (Intel is another member of the TCG) installed on the majority of the world’s PCs.

My regular readers will have noticed the errors, I hope, of segueing Trustworthy Computing (a Microsoft initiative to improve the reliability of their own software with regards to security and robustness) into Trusted Computing, an industry-wide initiative to set standards for a root of trust. Strictly speaking, the Mobile Phone Working Group has defined a specification for how to control what can and cannot run on a mobile phone or similar device, but the much more popular Trusted Platform Module documents do not specify how to control what can be run.

it encrypts all data automatically; and it uses a piece of encryption hardware called a trusted computing module to digitally sign components of the operating system and check them for tampering.

Trusted Platform Module, please! Also, the TPM does not sign OS components, nor does it check them for tampering. I’m looking forward to hearing more about the device, but I do worry that Google are taking a very long time to produce Chrome OS, especially compared to Android, and I am yet to see a clear reason why I should pick Chrome OS over Android.