Over the last few years, our group has been working on
applications of secure coprocessors---but has been
frustrated by the limited computational environment and high
expense of such devices. Over the last few years, the TCPA
(now TCG) has produced a specification for a trusted
platform module (TPM)---a small hardware addition intended
to improve the overall security of a larger machine (and
tied up with a still-murky vision of Windows-based trusted
computing). Some commodity desktops now come up with these
Consequently, we began an experiment to see if (in the
absence of a Non-Disclosure Agreement) we could use this
hardware to transform a desktop Linux machine into a virtual
secure coprocessor: more powerful but less secure than
higher-end devices. This experiment has several purposes:
to provide a new platform for secure coprocessor
applications, to see how well the TCPA/TCG approach works,
and (by working in open source) to provide a platform for
the broader community to experiment with alternative
architectures in the contentious area of trusted
This paper reports what we have learned so far: the approach
is feasible, but effective deployment requires a more
thorough look at OS security.
John Marchesini, Sean W. Smith, Omen Wild, Rich MacDonald.
"Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear"
Technical Report TR2003-476, Department of Computer Science, Dartmouth College.