Abstract: According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.

Abstract: The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key.

Abstract: A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed.

Abstract: A data processing system isolates a virtual trusted platform module (vTPM) manager in the processing system from other management software in the processing system. In one example process, the processing system launches a virtual machine monitor (VMM) that includes a memory-mapped input/output (MMIO) trap. The processing system also launches a vTPM manager in a first virtual machine (VM). In addition, the processing system launches a second VM to contain virtual machine management programs other than the vTPM manager and the MMIO trap. Other embodiments are described and claimed.

Abstract: A device, method, and system are disclosed. In one embodiment, the device includes storage to contain more than one trust root, and logic to associate each command ordinal sent to the device with one of the trust roots.

Abstract: A processing system has a processing unit, nonvolatile storage, and secure nonvolatile memory with inherent access control. The nonvolatile storage includes an authenticated code (AC) module, a launch policy setting, and a second code module. The secure nonvolatile memory includes an integrity metric for the launch policy setting. When executed by the processing unit, the AC module computes a new integrity metric for the launch policy setting, and uses the new integrity metric for the launch policy setting and the integrity metric for the launch policy setting to determine whether the launch policy setting should be trusted. The AC module may also compute a new integrity metric for the second code module, and may use the launch policy setting and the new integrity metric for the second code module to determine whether the second code module should be allowed to execute.

Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

Abstract: A system and method to support platform firmware as a trusted process. Measurement of a trusted portion of original firmware are measured by a core root of trust measurement (CRTM). The measurement is stored in a secure manner during pre-boot. During operating system (OS)-runtime, requests are made to access an unqualified current version of firmware corresponding to a secure execution mode. A portion of the current firmware analogous to the trusted portion is measured. The measurements of the trusted original portion and unqualified current portion are compared to verify they match. If they match, it indicates that the current portion and the trusted portion are one in the same. Thus, the current portion of firmware is trustworthy. Accordingly, the firmware may be executed as a trusted process. Embodiments employ locality to enforce the trusted process. The use of locality prevents unqualified users (i.e., software) from accessing data stored by trusted firmware.

Abstract: An apparatus may include a root of trust for measurement (RTM) module coupled to a verified platform security property policy module and a comparison module. The comparison module may operate to prevent transfer of control to an operating system (and/or halt the boot process) if a policy included in the platform security property policy module is violated. A system may include a memory coupled to a processor, a platform security property policy module, and a comparison module. The memory may include an RTM. A method may include beginning execution at an entry point within an RTM, determining that the RTM is trustworthy, determining that a main initialization code associated with a platform is trustworthy and transferring control to the main initialization code, and otherwise, refraining from transferring control to the main initialization code.

Abstract: An originator device allows for a unique passphrase to be communicated to a service system. The originator device has a fixed token in which a unique platform identifier is recorded and a processor to generate a representation of the platform configuration. This representation is communicated to the registry service as a unique, platform-specific passphrase associated with the originator.

Abstract: An integrity signature may provide information about a platform used to create a digital signature. The value of a digital signature may be related to the integrity and trustworthiness of the platform on which it is created. Signed platform integrity information provides a measure of trust regarding the platform used to create the digital signature. The integrity signature may be created separately from a document signature, or a combined integrity and document signature may be provided.

Abstract: An originator device allows for a unique passphrase to be communicated to a service system. The originator device has a fixed token in which a unique platform identifier is recorded and a processor to generate a representation of the platform configuration. This representation is communicated to the registry service as a unique, platform-specific passphrase associated with the originator.

Abstract: A credential management device has a protected domain and a credential manager to perform credential transactions. A credential transaction may comprise determining if a platform is operating in a trusted mode and releasing an operation credential if the platform is operating in a trusted mode. A credential transaction may comprise validating incoming credentials from other platforms.

Abstract: An apparatus may include a root of trust for measurement (RTM) module coupled to a verified platform security property policy module and a comparison module. The comparison module may operate to prevent transfer of control to an operating system (and/or halt the boot process) if a policy included in the platform security property policy module is violated. A system may include a memory coupled to a processor, a platform security property policy module, and a comparison module. The memory may include an RTM. A method may include beginning execution at an entry point within an RTM, determining that the RTM is trustworthy, determining that a main initialization code associated with a platform is trustworthy and transferring control to the main initialization code, and otherwise, refraining from transferring control to the main initialization code.