Practical Technology

for practical people.

Windows 7, Security, and the Trusted Platform Module

Every Windows expert knows that the way to secure a hard drive in Windows 7 is to use BitLocker. To use that feature, though, you need either Windows 7 Enterprise or Ultimate. But, did you ever wonder how BitLocker manages to lock down data when so much of Windows is vulnerable to attacks? Here’s how Microsoft has managed to make BitLocker easily the most secure part of Windows.

Back in 2001, Microsoft began working on an encrypted security project called Palladium, which soon became known as Next-Generation Secure Computing Base (NGSCB). While Microsoft has said hardly a word about NGSCB over the last few years, it’s clearly become the basis of Windows 7’s TPM (Trusted Platform Module). In turn, TPM is at the core of BitLocker.

In NGSCB everything on the computer, data and programs, can be encrypted. Only trusted processes can access disk storage, CPU memory space, and main memory. In practice, Microsoft has opted to only make NGSCB security available for BitLocker.

More >