A significant consideration in interaction between computing entities is trust—whether a foreign computing entity will behave in a reliable and predictable manner, or will be (or already is) subject to subversion. Trusted computing platforms (trusted platforms) are computer systems which contain a trusted entity in the form of a hardware trusted component (or device) at least logically protected from subversion that have been developed by the companies forming the Trusted Computing Group (TCG). The TCG develops specifications in this area, for example the “TCG TPM Specification” Version 1.2, which is published on the TCG website trustedcomputinggroup.org. The implicitly trusted components of a trusted platform enable measurements of a trusted platform and are then able to provide these in the form of integrity metrics to appropriate entities wishing to interact with the trusted platform. The receiving entities are then able to determine from the consistency of the measured integrity metrics with known or expected values that the trusted platform is operating as expected.
Many trusted platforms, including desktop personal computers and portable laptop/notebook computers, are manufactured by original equipment OEMs (OEM) and shipped with hardware trusted components on board. The computers and the trusted components typically have a default configuration when purchased from new, and need to be configured for operation by the buyer. Different classes of buyer, for example, individuals, small business or large enterprises (to name just a few) tend to have widely differing configuration requirements, and operating infrastructures, into which a trusted platform may need to be integrated. For example, irrespective of infrastructure, a trusted component needs to be ‘switched on’, in order to operate. Such trusted platforms typically have specially adapted trusted BIOS programs that are user-configurable to set or reset an operating state of the trusted components (for example by setting or un-setting various flags) on power up or reset (boot or reboot, or waking from a sleep state), whereby a trusted platform can be configured to operate in a trusted state (wherein the trusted component is active and started) and in a less trusted or untrusted state (wherein the trusted component is inactive or active and not started). By convention, for security and privacy reasons, such trusted platforms are shipped by OEMs with a default BIOS setting whereby, on booting, the trusted component is inactive (that is, it can't be used to enhance the security of the platform in operation), unless an operator who is physically present interrupts the boot process (for example, by pressing a particular key or combination of keyboard keys) to enter a setup routine in order to access configuration settings to activate the trusted component. A similar operation can be used to deactivate a trusted component. This is a requirement irrespective of whether the owner is an individual or an enterprise. Another requirement, particularly for platforms purchased by enterprises, is to enroll the platform into a public key infrastructure (PKI) of the enterprise. Enrollment as such is known and typically requires a complicated set of cryptographic interactions between the IT department and the trusted platform. While it is essential for a trusted platform to be trustworthy, and procedures for configuring the platform and/or trusted component need to be equally trustworthy in order not to reduce the trustworthiness, it is also desirable to provide mechanisms to enable trusted platforms to be configured more easily.