Trusted Computing Interview Questions & Answers

This blog lists interview questions and answers to Trusted Computing.

Q. What is Trusted Computing?

Ans: Combination of components and mechanisms that complied with the Trusted Computing Group (TCG). Trusted Computing (TC) provides freedom to hardware manufacturers to dictate what software can be installed on them. Also, if someone tries to run software on hardware devices that is not allowed by hardware manufacturers, hardware devices will behave unexpectedly.

Q. What are the features of Trusted Computing?

Ans: Trusted computing has mainly five features that enables them to perform desired security functions.

• Endorsement Key
• Secure Input/Output
• Memory Curtaining
• Sealed Storage
• Remote Attestation

Q. Why is Trusted Computing required by most companies?

Ans:

• To interact with remote servers securely for sharing financial records, e-commerce, medical records, etc.
• To verify the integrity of the remote user
• Communicate integrity information of the host to a remote user securely
• Determine the level of trust

Q. What is TPM?

Ans: TPM, short for Trusted Platform Module, is a trusted platform with trusted components in the form of usually built-in hardware. Remember, if a trusted component fails, it will break the whole security of the system.

TPM mainly provides three main functionalities: secure storage, platform integrity reporting, and platform authentication.

Remember, to check integrity, hashes are used and these hashes are stored in TPM.

In PC, TPM is embedded in the motherboard of the system.

NIST recommends the use of TPM for device and user authentication.

Q. List out developers of TPM.

Ans: Intel, Lenovo, IBM, Broadcom, Atmel, HP, etc. are some of the developers of TPM.

Q. What is the difference between Secure Boot and Trusted Boot?

Ans: The major difference between this is not allowing the boot of OS on compromise in case of the secure boot while allowing the boot of OS on compromise in case of a trusted boot if the user permits. In simple words, your system keeps on running if the secure boot guarantee is violated for a trusted boot.

When the system updates, the hash of the OS will change. In the case of secure boot, OS will not boot if the boot guarantee is violated. While in the case of the trusted boot, OS will boot if the user provides consent for changes performed.

Q. What are the differences between Static Root of Trust Management (SRTM), and Dynamic Root of Trust Management (DRTM)?

Ans:

SRTM	DRTM
The static root of trust provides a way to calculate the hash of all possible code and its hash stored in PCR.	DRTM solves the problem and here chain of trust that starts after the OS has booted in non-secure mode.

Q. What is the Root of Trust?

Ans: The root of trust is used to verify the integrity of devices. Here, a chain of trust is defined as a chain of operations that are used for a measured boot.

Q. What is GRUB?

Ans: GRUB, stands for GRand Unified Bootloader. It helps the system for the dual boot of the different operating systems.

Q. What is VPN technology?

Ans: VPN, short for Virtual Private Network, is used to connect remote systems securely by creating a secure tunnel.

Q. What is Platform Configuration Register (PCR)?

Ans: PCR supports an unlimited number of integrity measurements of executables.