A processing system may include hardware resources, such as a central processing unit (CPU), a volatile memory such as random access memory (RAM), and a non-volatile memory device such as a hard disk drive (HDD). The processing system may also include software resources, such as a basic input/output system (BIOS), a virtual machine monitor (VMM), and one or more guest operating systems (OSs) running on the VMM. When the computer system is booted through a start or reset, it may load the BIOS, and then the VMM. The VMM may then create one or more virtual machines, and the virtual machines may boot to different OSs or to different instances of the same OS. Alternately, an OS may be loaded directly after the BIOS.
In addition to RAM and one or more CPUs, a processing system may include a security coprocessor, such as a trusted platform module (TPM). A TPM is a hardware component that resides within a processing system and provides various facilities and services for enhancing the security of the processing system. For example, a TPM may be implemented as an integrated circuit (IC) or semiconductor chip, and it may be used to protect data and to attest to the configuration of a platform. A TPM may be implemented in accordance with specifications such as the Trusted Computing Group (TCG) TPM Specification Version 1.2, dated Oct. 2, 2003 (hereinafter the “TPM specification”), which includes parts such as Design Principles, Structures of the TPM, and TPM Commands. The TPM specification is published by the TCG and is available from the Internet at www.trustedcomputinggroup.org/home.
The sub-components of a TPM may include an execution engine and secure nonvolatile (NV) memory or storage. The secure NV memory is used to store sensitive information, such as encryption keys, and the execution engine protects the sensitive information according to the security policies dictated by the TPM's control logic.
Alternate non-volatile memory devices, such as on-board or removable low latency disk cache may be added to processing systems to either replace the HDD or to complement the HDD depending on the use and form of the processing system. The disk cache may be used to increase the system performance by storing critical data and applications that would otherwise be stored on a HDD. Data normally stored on a HDD is sometimes encrypted to protect the integrity of the processing system and to prevent non-authorized access to information stored in the processing system. In such cases, the disk cache data should be encrypted as well.
It will be appreciated that for simplicity and clarity of illustration, elements illustrated in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals have been repeated among the figures to indicate corresponding or analogous elements.