All Your Data Are Belong To Us

At least, that’s what David Berlind reports:Microsoft: No substitutes for Trusted Platform Module allowed

In response to one of the questions raised during last week’s Vista conference call with Microsoft, a spokesperson for the Redmond, WA-based company has informed me that in order for users to get the full benefits of the Trusted Platform Module(TPM)-reliant features in Windows Vista such as Secure Startup and full volume encryption, they will absolutely have to have a TPM that’s compliant with version 1.2b of the Trusted Computing Group’s (TCG) TPM specification (Uh oh. The TCG’s site doesn’t even list such a version of the specification). In other words, not only will existing systems not be able to be upgraded with a TPM module, another hardware-based security token like a SmartCard cannot be used as a substitute. Referring to ways in which an encrypted volume might be recoverable using a system other than the the original one that stored data in it, a Microsoft spokesperson wrote the following to me via e-mail:

We are looking at scenarios that allow the recovery key to be stored on a removable storage device for Windows Vista. However, Smartcard storage of tokens for full volume encryption isn’t in the plan for Windows Vista.