Frequently Asked Questions

(Questions from Presentation)

Are trusted computing chips installed in today's laptops?

We have not physically disassembled any laptop to locate the TPM chip. However, here are a couple sources:

Can trusted computing be used for build an expiring email application?

Yes. The email is stored on a remote server. The email server can only be accessed via an 'approved' email client. The 'approved' email client only views, but does not save the email. After a certain time, the email is deleted from the remote server.

Doesn't enabling users to turn the chip on and off defy the significance of trusted computing?

The hope is that the user can, at boot time decide whether to have the TPM chip be on or off. Thus, the user has the option of
  • running without TPM, but unable to access TPM-required sources ... or
  • running with TPM to access TPM-required sources
This decision is made when the computer is reboot and has no effect on the security of Trusted Computing. (Data that has been sealed with TPM-on looks encrypted when TPM is off).

What happens to data when the TPM chip dies?

The standard way to 'seal' the data is to encrypt it. Given that most data is encrypted using symmetric key encryption where as RSA is asymetric, chances are, what really happens is:
  • Your data is encrypted using some symmetric key K.
  • Key K is then sealed with the TPM.
Thus, to ensure that data is accessible even after the TPM chip dies, the overall system only needs to backup K on a different server machine.

Thus, in theory, the data could be lost forever. In practice, if the overall system is implemented with any care, this won't be a problem.
Contents:

Extras: