Intel Trusted Execution Tech--How important is it?

[Aspie]

I just ordered a new notebook with a 4th Gen Core i7-4700MQ CPU. According to the Intel ARK, this processor has a lot of features, but lacks Trusted Execution Technology. Does this mean my system is inherently unsecure? It has the execute disable bit, Anti Theft Tech, Secure Key Tech, AES-NI, and a host of performance features, but did I make a huge mistake security-wise? As it's and MQ, this means the processor isn't hard soldered and can be upgraded (the "M" means that, Q means quad core)...should I replace it with a 4800MQ, which has TXT?

Any insight on this technology and how much protection it affords in reality, please, I would like to know what you think.

JCS

 

[ShintaiDK]

Its not used in default systems at all. One example of TXT usage is Bitlocker. It can also block rootkits on hypervisors if supported by the hypervisor.

So no, you didnt make a mistake and you may never even encounter a scenario where you could have used it on your laptop in its lifetime.

 

[Fjodor2001]

Its not used in default systems at all. One example of TXT usage is Bitlocker. It can also block rootkits on hypervisors if supported by the hypervisor.

So no, you didnt make a mistake and you may never even encounter a scenario where you could have used it on your laptop in its lifetime.

Bitocker is quite nice though, if you'd like to have your laptop SSD/HDD encrypted.

 

[ShintaiDK]

Bitocker is quite nice though, if you'd like to have your laptop SSD/HDD encrypted.

If you remember something like this in advance:
http://blog.booksbyjim.com/2008/07/uh-oh-replacing-system-board-with.html

 

[ViRGE]

Its not used in default systems at all. One example of TXT usage is Bitlocker. It can also block rootkits on hypervisors if supported by the hypervisor.

So no, you didnt make a mistake and you may never even encounter a scenario where you could have used it on your laptop in its lifetime.

The correct answer.

TXT is mainly for business IT use, especially since making meaningful use of it requires central management.

 

[Fjodor2001]

If you remember something like this in advance:
http://blog.booksbyjim.com/2008/07/uh-oh-replacing-system-board-with.html

Doesn't that depend on the encryption mode used? Is the use of TPM module really mandatory? See this:

http://en.wikipedia.org/wiki/BitLocker#Encryption_modes

Regardless, if the precautions you mentioned are followed, everything should be fine.

 

[Fjodor2001]

TXT is mainly for business IT use, especially since making meaningful use of it requires central management.

Just curious, in what way do you mean that it requires central management? Can e.g. BitLocker not be used by individuals without central management, and if so why?

 

[ViRGE]

Just curious, in what way do you mean that it requires central management? Can e.g. BitLocker not be used by individuals without central management, and if so why?

If you check Intel's whitepaper, it's written from an IT point of view. It discusses how the root of trust is setup, etc. This isn't something that is practical for an end user.

Oh, and you don't need TXT for BitLocker. Just a Trusted Platform Module (TPM), unless you use the USB key option.

 

[Homeles]

If you check Intel's whitepaper, it's written from an IT point of view. It discusses how the root of trust is setup, etc. This isn't something that is practical for an end user.

Oh, and you don't need TXT for BitLocker. Just a Trusted Platform Module (TPM), unless you use the USB key option.

You can actually use a PIN or password with Windows 8 editions that include Bitlocker, if you edit the group policy. I don't know why that wasn't an option from the start.

 

[Aspie]

I really want to thank all those who replied, but mainly the first responder.

As for the SSD (or HDD for some people) encryption, I actually had a question about this. I have a Samsung 840 EVO on my existing machine and use the Cat 0 security (ATA extended length Password) to secure it. My opinion is, that the limit on password attempts being 3 before power cycling is required is an incredible deterrent to a brute for attack. I have a password between 24 and 32 characters using upper, lower, numbers and some special characters, so can anyone see a weakness I am not seeing?

JCS

 

[wilds]

I'd enable a password on boot so accessing the bios or even booting up requires a password.

This will allow your laptop to remain secure unless the battery is removed from the motherboard.

 

[Aspie]

I'd enable a password on boot so accessing the bios or even booting up requires a password.

This will allow your laptop to remain secure unless the battery is removed from the motherboard.

I plan to do that as well, but the HDD/SSD password on the Samsung 840 EVO, most Intel Series SSDs, etc., all travel with the drive so removal would be useless.