Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2847 Discussions

Did you know all of the cool things that can be done with the TPM on your vPro platform


As a leading developer of software for the TPM I thought it would be valuable to outline a number of cool solutions that can be enhanced with the TPM. TPM 1.2 is a part of the vPro platform and can dramatically enhance the security of any corporate infrastructure. With tens of millions of devices already in the market the tpm technology is in a position to help.

As full disclosure Wave Systems Corp. Builds tools for both client and central management of TPMs. We supply Intel's motherboard group with software that is bundled for free with their motherboards and has been for the last few years. We are also Dell's supplier and Gateway's supplier of TPM software. Finally we support Seagate's hardware full disk encrypting drives and we demonstrated support for Intel's new Danbury technology at last weeks IDF. Wave is on the board of the Trusted computing group and we broadly and actively contribute to the specifications and the community.

Let me start with a simple list of things one can do!

Did you know that your TPMs

Can support strong multifactor authentication to the Windows Domain

Can support Strong wireless networking using 802.1x (really 802.11i) for both machine authentication and/or user authentication

Can support 802.1x or IPSec for strong machine authentication (this is a very powerful addition for any NAC implementation including Cisco CNAC)

Can provide a common key management infrastructure for any application needing key services Allowing the enterprise to centralize their desktop key management. This works with Microsoft EFS, Third Party File and Folder encryption and other Signing applications

Can be used to harden integrity measurements in Nac solutions using Microsoft NAP or trusted computing group TNC specs

Can fully support Windows XP and Windows Vista Deployments

Can harden any MSCAPI compatible certificates

Ultimately all of this is done by Leveraging the TPM's CSP (cryptographic Service Provider) This is how any application can talk to the TPM. The CSP is third party provided software and is supplied by Either Your OEM or a company like Wave and is typically free from the OEM.

Due to a variety of reasons the biggest first step is to turn the TPM on and take ownership. This is done in the BIOS. One the TPM is activated it will ask the user to take ownership and now the device is ready to be used. There are server products that enable central management of Ownership for the corporate customer. Every Enterprise should be turning on their TPMs and taking ownership.

To get a feel for this I have posted an implementation guide for a wireless hot spot on our web site at this will provide a good flavor as to what needs to be done. If you build this type of bench lab it will give you a good idea of how TPMs could be broadly used.

To long a post but Perhaps a good starting point for discussion.

Steven Sprague


Wave Systems Corp.

0 Kudos
1 Reply


Does Wave integrate with IdM and provisioning products (other than Microsoft)? Does it support protocols like LDAP and RADIUS?

Where I can find this information?

If it's available, please send me this information at



0 Kudos