A significant consideration in interaction between computing entities is trust—whether a foreign computing entity will behave in a reliable and predictable manner, or will be (or already is) subject to subversion. Trusted systems which contain a trusted entity in the form of a hardware trusted component (or device) at least logically protected from subversion have been developed by the companies forming the Trusted Computing Group (TCG). The TCG develops specifications in this area, for example the “TCG TPM Specification” Version 1.2, which is published on the TCG website https://www.trustedcomputinggroup.org/. Also, the TCG mobile phone specifications (Mobile Trusted Module (MTM) specifications) which enable trusted computing on mobile platforms, which MTM specifications have been developed with the particular needs and limitations associated with mobile devices in mind. The implicitly trusted components of a trusted system enable measurements of a trusted system and are then able to provide these in the form of integrity metrics to appropriate entities wishing to interact with the trusted system. The receiving entities are then able to determine from the consistency of the measured integrity metrics with known or expected values that the trusted system is operating as expected.
One of the original design imperatives of trusted components was that they can be produced inexpensively. This leads to a number of tradeoffs in terms of what trusted components can and cannot do. For example, trusted components at least originally had no real time trusted clock and no symmetric cryptography engine. Both of these features are relatively standard in mainstream computing but were not deemed essential to (and too costly for) a base specification for trusted components. As new generations of trusted component are specified it is anticipated that more and more functions will naturally be added—as technology advances and costs reduce—as has been the case in moving from Version 1.1 to 1.2 of the TCG Specification for example. There will always be tradeoffs in terms of which functions a trusted component should and should not do. Accordingly, the replacement of dedicated commands in a trusted environment with generalised commands can result in improved utilisation of resources which can lead to lower cost and greater efficiency, which is particularly valuable in a mobile computing environment for example.