A trusted platform is a computing platform that, through the presence of a trusted hardware component, provides the foundation of trust for software processes running on the platform. The trusted platform module (TPM) is defined as the hardware root of trust of such a platform. This book provides a very good look into the TPM technology being pushed by the Trusted Computing Platform Alliance (TCPA), formed by companies like Hewlett-Packard, Microsoft, IBM, and Intel.
The book is divided into four parts. The first, “Introducing Trusted Platform Technology,” gives an overview of what trusted platform technology is about, and provides scenarios of usage. Some basic TCPA terminologies are discussed in the last section of this part. Since the technology was (and still is) in its infancy when the book was written, most of the examples are speculative and imaginary. The second part, “Trust Mechanisms in a Trusted Platform,” goes into greater detail on the TPM specifications, with an overview of various functions pertaining to activation, ownership, authorization, certification, identification, reporting, and storage. This is one of the strongest parts of the book, and readers interested in gaining more details about the TPM specification without having to wade through the actual specification would find this part very helpful.
Part 3, “Trusted Platforms in Practice,” picks up where Part 2 left off, using a sort of life cycle step-through approach to explain how various functions are used to perform functionalities envisioned for the TPM. The short last part, “Trusted Platforms for Organizations and Individuals,” explains how the TPM technology can be rolled out within an organizational setup, or for an individual.
The book assumes that the reader is familiar with most of the basic security theory, and does not waste pages in providing yet another explanation of asymmetric and symmetric key cryptography and similar primitives. This makes it a bit terse in its coverage, a welcome change from the norm. One of the disappointments was that, though the main title says Trusted computing platforms, the material covered exclusively addresses TPM/TCPA specifications, and does not discuss other trusted hardware technologies like secure coprocessors and the like. Readers would be better served by reading Smith’s book [1] if they are interested in such material. Though the book does contain sections on the use of TPM, it is primarily a technical book, and does not score well in evangelizing the technology. In conclusion, this is a good introductory book on the TCPA technology and the actual specifications, though its coverage of the wider area of trusted hardware security is lacking.