Known applications of Trusted Computing

Protecting hard-drive data

Windows Vista Ultimate and Enterprise make use of a Trusted Platform Module to facilitate BitLocker Drive Encryption.[11] The Trusted Platform Module is used to securely bootstrap and access decryption keys for volume level hard drive encryption. This is done via the Trusted Platform Module's Platform Configuration Registers. As the computer starts up a series of validations occur on the BIOS, the master boot record, the boot sector and so on until the decryption keys can be retrieved from the Trusted Platform Module and used to decrypt the hard drive as needed. This use of the TPM mitigates some attacks on accessing the data on a stolen or lost laptop; such as just plugging in the hard drive in a different system, booting to a different operating system or attempting to modify the boot code.

The Enforcer is a Linux Security Module designed to improve integrity of a computer running Linux by ensuring no tampering of the file system. It can interact with 'trusted' hardware to provide higher levels of assurance for software and sensitive data. The Enforcer can also work with the TPM to store the secret to an encrypted loopback file system, and unmount this file system when a tampered file is detected; the secret will not be accessible to mount the loopback file system until the machine has been rebooted with untampered files. This allows sensitive data to be protected from an attacker.