Difference between revisions of "Embedded Security Subsystem"
(some modifications) |
|||
| Line 1: | Line 1: | ||
| + | {| width="100%" | ||
| + | |style="vertical-align:top;padding-right:20px;width:10px;" | [[Image:ESS.jpg|IBM Embedded Security Subsystem]] | ||
| + | |style="vertical-align:top" | | ||
| + | === The Embedded Security Subsystem === | ||
| + | <div style="margin: 0; margin-right:10px; border: 1px solid #dfdfdf; padding: 0em 1em 1em 1em; background-color:#F8F8FF; align:right;"> | ||
The Embedded Security Subsystem is nothing but a chip installed on the Thinkpads mainboard that can take care of certain security related tasks confirming to the TCPA standard. It was first introduced among the T23 models and is now under the name Embedded Security Subsystem 2.0 an integral part of most of the modern Thinkpads. The functions of the chip are bound to three main groups: | The Embedded Security Subsystem is nothing but a chip installed on the Thinkpads mainboard that can take care of certain security related tasks confirming to the TCPA standard. It was first introduced among the T23 models and is now under the name Embedded Security Subsystem 2.0 an integral part of most of the modern Thinkpads. The functions of the chip are bound to three main groups: | ||
* public key functions | * public key functions | ||
| Line 5: | Line 10: | ||
The purpose of the whole thing is to keep the users sensitive data out of range from software based attacks (like viruses, internet attacks etc.). One way the chip offers to achieve this is by providing storage for keys along with the neccessary functions to handle them within itself, so that a i.e. a private key never has to leave the chip (can't be seen to any piece of software). Besides this there are more complex topics covered by the functionality of the chip. If you want to find out more about it you can find good documents on the [http://www.research.ibm.com/gsal/tcpa/ IBM Research TCPA resources page]. | The purpose of the whole thing is to keep the users sensitive data out of range from software based attacks (like viruses, internet attacks etc.). One way the chip offers to achieve this is by providing storage for keys along with the neccessary functions to handle them within itself, so that a i.e. a private key never has to leave the chip (can't be seen to any piece of software). Besides this there are more complex topics covered by the functionality of the chip. If you want to find out more about it you can find good documents on the [http://www.research.ibm.com/gsal/tcpa/ IBM Research TCPA resources page]. | ||
| − | + | </div> | |
| + | |} | ||
==Linux Support== | ==Linux Support== | ||
| − | + | Two linux drivers are available, a [[tpm|classical one]] and a [[tpmdd|newer one]]. | |
| + | Coverage of functionality of the first is unknown so far, the second is part of a bigger project aiming to provide a usable security framework. | ||
==Related Links== | ==Related Links== | ||
Revision as of 00:16, 28 February 2005
|
The Embedded Security SubsystemThe Embedded Security Subsystem is nothing but a chip installed on the Thinkpads mainboard that can take care of certain security related tasks confirming to the TCPA standard. It was first introduced among the T23 models and is now under the name Embedded Security Subsystem 2.0 an integral part of most of the modern Thinkpads. The functions of the chip are bound to three main groups:
The purpose of the whole thing is to keep the users sensitive data out of range from software based attacks (like viruses, internet attacks etc.). One way the chip offers to achieve this is by providing storage for keys along with the neccessary functions to handle them within itself, so that a i.e. a private key never has to leave the chip (can't be seen to any piece of software). Besides this there are more complex topics covered by the functionality of the chip. If you want to find out more about it you can find good documents on the IBM Research TCPA resources page. |
Linux Support
Two linux drivers are available, a classical one and a newer one. Coverage of functionality of the first is unknown so far, the second is part of a bigger project aiming to provide a usable security framework.
