Trusted computing refers to a set of technologies that allow a computer to demonstrate that it is trustworthy. The definition of trustworthy is not fixed – different people will have different ideas as to what is trustworthy, and the technology does nothing to enforce a particular idea. This policy-free mechanism is implemented with the aid of an additional hardware component on the system motherboard, a Trusted Platform Module (TPM).
TPMs are capable of certain operations that make trusted computing possible. They can generate cryptographic keys, and they can sign things with these keys. They can store a “measurement” of system state, and can communicate that measurement to a remote system through a cryptographically secure channel. And they are capable of encrypting small secrets and sealing them to a specific measurement state.
The trusted computing implementation in Tectonic and CoreOS takes advantage of all of these features to establish trust of individual CoreOS machines. Our implementation is “distributed” because of the ability to extend the chain of trust into the cluster, which creates an industry-first end-to-end trusted computing environment.