Overview
TCG's original goal was the development of a Trusted Platform Module (TPM), a semiconductor intellectual property core or integrated circuit that conforms to the trusted platform module specification put forward by the Trusted Computing Group and is to be included with computers to enable trusted computing features. TCG-compliant functionality has since been integrated directly into certain mass-market chipsets.
TCG also recently released the first version of their Trusted Network Connect ("TNC") protocol specification, based on the principles of AAA, but adding the ability to authorize network clients on the basis of hardware configuration, BIOS, kernel version, and which updates that have been applied to the OS and anti-virus software, etc.
In 2009, TCG released a set of specifications that describe the protocol to communicate with self encrypting disk drives. The TCG Storage Work Group (SWG) Storage Core Architecture Specification describes in detail how to implement and utilize trust and security services on storage devices. Security Subsystem Class (SSC) Specifications describe the requirements for specific classes of devices; specifically, the Enterprise SSC defines minimum requirements for Data Center and Server Class devices while the Opal SSC defines minimum requirements for client devices.
The vendor of a TPM-enabled system has complete control over what software does and does not run on the owner's system. In some cases the vendor may choose to grant permission to the owner to configure hardware they have legally purchased. This does include the possibility that a system owner would choose to run a version of an operating system (OS) that refuses to load unsigned or unlicensed software, but those restrictions would have to be enforced by the operating system and not by the TCG technology. What a TPM does provide in this case is the capability for the OS to lock software to specific machine configurations, meaning that "hacked" versions of the OS designed to get around these restrictions would not work. There is legitimate concern that OS vendors could use these capabilities to restrict what software would load under their OS (hurting small software companies or open source/shareware/freeware providers, and causing vendor lock-in for some data formats), and Microsoft has already stated they will begin restricting what software they will allow to run on Windows, starting with Windows 8 on ARM.
The TPM can be used in conjunction with the boot loader to ensure only vendor-approved operating systems are running. This could restrict alternative operating systems from running, including free or open source operating systems. For example, Microsoft is requiring x86/x64 machines which come with Windows 8 to have Secure Boot enabled by default, which has caused alternative OS vendors to make payments through Microsoft to ensure their OS will be able to be installed by the user; additionally any ARM machine shipped with Windows 8 is banned from allowing another OS to be installed.
At the same time, there are several projects which are experimenting with TPM support in free operating systems; examples of such projects include a TPM device driver for Linux, an open source implementation of the TCG's Trusted Software Stack called TrouSerS (recently also ported to Windows Vista and Windows 7), a Java interface to TPM capabilities called TPM/J, and a TPM-supporting version of the Grub bootloader called TrustedGrub. Watch a video to understand working of TCPA.
Read more about this topic: Trusted Computing Group