The Sirrix AG has written a study on behalf of the German Federal Office for Information Security (BSI) with the topic:
The latest developments in the area of Trusted Computing promise significant advances in secure operating systems, especially such enhancements in hard-ware and software as the Trusted Platform Module and TCG Software Stack technologies specified by the Trusted Computing Group.
To protect an IT system, however, the availability of a TPM and a TSS is not sufficient. In addition, middleware and high-level applications must be developed to make use of the aforementioned security service enhancements.
A variety of Trusted Computing oriented software components have been re-leased under open source licenses. The functionality and applicability of these components remain quite general, however, more specialized extensions of the basic technology are only beginning to be developed.
In order to provide an overview of existing open source software supporting Trusted Computing technology, evaluate their compliance and interoperability as well as identify shortcomings and missing pieces.
This study covers the following themes:
1. Analysis of the extent to which current open source components comply with the existing specifications of the TCG. In particular, conformity to the interfaces and completeness of the implementation shall be investigated.
2. Investigation of the architecture of individual components as well as possible interactions between them in the scope of the architecture at large. Similarly, the style and programming language of the implementation is considered, which is especially important in the case of common software libraries.
3. Pointing out future Trusted Computing architectures and the interactions with existing components. Special regard is given to which components and functionalities are missing that would lead to the development of more secure applications.
4. Interoperability analysis of various security and virtualization solutions such as SELinux, Xen and Turaya, including a list of test cases covering the functionality of the components analysed in the study.
