It is the inclusion of hardware that is the highly disturbing factor. The security goals: namely very fine grained access controls, code authentication, and similar building blocks don't need additional hardware. There may be an excuse that the hardware would be to accelerate the encryption, but the encryption load is actually pretty low, so additional hardware wouldn't be required.

There is no need to keep keys and the like safe from the OS if one's goal is simply general security. The hardware keys, and keeping information safe from the OS, is pretty much only useful for content restriction and similar tasks, or military level cryptographic security (but if you want military grade security, do you go with Microsoft?).

Cryptographic hardware of this sort is designed to keep information from the users and owners of the machines, and to restrict the use of the machine by the legitimate owner.




[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/93/13586#13586