March 12, 2019
The National Security Agency (NSA) and the Trusted Computing Group (TCG) industry consortium have come up with validation software that can be used with any device and could go a long way to securing the supply chain for computing devices.
NSA Research and TCG worked for two years with Intel to develop the software and standards for a supply chain validation process, NSA said. Essentially, certificates defined by TCG and containing attributes about a device are created during manufacturing and delivered with that device in the Trusted Platform Module (TPM), which keeps the information secure during the process. NSA’s Host Integrity at Runtime and Startup (HIRS) software taps into that information in order to validate the source of components, linking it to the manufacturer.