What is a Trusted Platform Module (TPM)?

Updated on July 21, 2025

A Trusted Platform Module (TPM) is a secure microcontroller that stores authentication data and performs cryptographic operations. It follows the ISO/IEC 11889 standard and is tamper-resistant. TPMs provide a hardware root of trust, securing systems from boot-up to runtime and protecting against malware or unauthorized changes. Key uses include device authentication, secure key storage, and platform integrity verification, making them essential for enterprise security and compliance.

Definition and Core Concepts

Secure Cryptoprocessor

A TPM functions as a secure cryptoprocessor, a dedicated hardware chip specifically designed for cryptographic functions. This specialized processor operates independently from the main CPU and provides isolated execution of security-critical operations. The separation ensures that cryptographic keys and sensitive operations remain protected even if the main system is compromised.

Root of Trust

The TPM establishes a root of trust, serving as the foundational starting point from which security extends throughout the system. This hardware-anchored trust model provides immutable security guarantees that software-only solutions cannot match. The root of trust enables the creation of trust chains that verify the integrity of system components during boot and runtime.

Cryptographic Keys

TPMs manage various types of cryptographic keys, including RSA, ECC, and AES keys. These keys support encryption, decryption, and digital signature operations. The TPM generates keys using its internal True Random Number Generator (TRNG) and stores them securely within the chip’s protected memory.

Tamper-Resistance

Physical tamper-resistance mechanisms protect the TPM chip from unauthorized access or alteration. These mechanisms include tamper-evident seals, voltage and temperature monitoring, and self-destruct capabilities that erase sensitive data if tampering is detected. This hardware-level protection ensures the integrity of stored keys and security functions.

Platform Integrity

Platform integrity refers to the TPM’s ability to verify that the system’s hardware and software configuration has not been maliciously altered. This verification process involves measuring and storing cryptographic hashes of system components during the boot process and comparing them against known good values.

Platform Configuration Registers (PCRs)

PCRs are special registers within the TPM that store cryptographic hashes of boot components. These registers maintain a secure audit trail of the system’s boot process, allowing verification of platform integrity. PCRs use a one-way hash extension process that prevents malicious modification of stored measurements.

Endorsement Key (EK)

The Endorsement Key is a unique, immutable asymmetric key pair burned into the TPM during manufacturing. This key serves as the TPM’s identity and enables attestation and binding operations. The EK is typically an RSA-2048 key that cannot be changed or deleted, providing a permanent hardware identity.

Storage Root Key (SRK)

The Storage Root Key is unique to each TPM and derived from the EK. The SRK protects other keys stored within or bound to the TPM, creating a hierarchical key structure. This key hierarchy enables secure key management and ensures that derived keys are protected by the TPM’s hardware security features.

Binding

Binding refers to encrypting data using a TPM key so it can only be decrypted by that specific TPM. This process ensures that encrypted data remains tied to the hardware platform and cannot be accessed if moved to another system. Binding is commonly used for protecting encryption keys and sensitive configuration data.

Sealing

Sealing extends binding by encrypting data to a TPM such that it can only be decrypted when the system is in a specific configuration state. The TPM uses PCR values to determine the system’s configuration, ensuring that sealed data is only accessible when the platform maintains its trusted state.

How to Choose a Device Management Solution

The 4 Critical Elements of Modern Device Management

Download Today

How It Works

Secure Boot / Measured Boot

The TPM’s role in secure boot begins with measurement during the boot process. Starting with the Core Root of Trust for Measurement (CRTM) in firmware, each component loaded during boot is cryptographically measured using hash functions.

These measurements are securely stored in the TPM’s Platform Configuration Registers. The measurement process creates an unbroken chain of trust from the initial firmware through the bootloader to the operating system kernel. Each component measures the next component before transferring control, ensuring complete coverage of the boot process.

The OS or security applications can later query the TPM’s PCRs to verify that the system has booted in a known, trusted state. If measurements deviate from expected values, it indicates potential tampering or unauthorized modifications to the boot process.

Secure Key Generation and Storage

TPMs use internal True Random Number Generators to generate high-quality cryptographic keys. This hardware-based entropy source provides superior randomness compared to software-based generators, ensuring strong key generation.

Keys generated within the TPM are protected through key wrapping, binding, and sealing mechanisms. The TPM’s key hierarchy ensures that keys are protected by other TPM-internal keys, such as the SRK, so they never leave the secure boundary of the TPM in plaintext form.

Applications can send commands to the TPM to perform cryptographic operations using stored keys without exposing the keys to the main system. This approach prevents key extraction even if the operating system is compromised.

Anti-Hammering Protection

TPMs include built-in mechanisms to prevent brute-force attacks on authorization values such as PINs or passwords. These protections automatically lock out authentication attempts after too many failures, preventing dictionary attacks and unauthorized access attempts.

Key Features and Components

Hardware-Based Root of Trust

The TPM provides a foundational layer of trust anchored in hardware. This root of trust cannot be modified by software attacks and provides immutable security guarantees for building secure systems.

Tamper-Resistance

TPMs are designed to resist physical attacks through various mechanisms. These include tamper-evident packaging, environmental monitoring, and self-destruct mechanisms that erase keys if tampering is detected.

Secure Key Management

The TPM generates, stores, and manages cryptographic keys securely within its protected environment. Keys are isolated from software attacks and can be bound to specific platform configurations.

Platform Integrity Verification

TPMs measure and validate the boot process and system configuration through PCR-based measurements. This capability enables detection of unauthorized modifications to critical system components.

Remote Attestation

The TPM enables remote parties to verify the trustworthiness and configuration of a system. Remote attestation uses the TPM’s measurement capabilities and cryptographic functions to provide cryptographic proof of platform integrity.

Hardware Random Number Generator

TPMs include dedicated hardware RNGs that provide high-quality entropy for key generation and cryptographic operations. This hardware-based randomness is superior to software-based alternatives.

Cryptographic Operation Offloading

TPMs can perform cryptographic tasks without exposing keys to the main CPU. This offloading capability improves security by keeping sensitive operations within the TPM’s protected environment.

Standards Compliance

TPMs conform to ISO/IEC 11889 standards developed by the Trusted Computing Group. This standardization ensures interoperability and consistent security guarantees across different implementations.

Use Cases and Applications

Full Disk Encryption (FDE)

TPMs secure encryption keys for FDE solutions such as Microsoft BitLocker. The TPM automatically unlocks encrypted drives only after verifying boot integrity through PCR measurements. This approach protects against offline attacks while providing transparent user experience.

Secure Boot / Measured Boot

TPMs ensure that firmware and operating system components have not been tampered with since the last boot. The measurement process creates a cryptographic audit trail that can be verified by security software or remote attestation services.

User Authentication

TPMs enhance authentication systems like Windows Hello and virtual smart cards by securely storing user credentials or cryptographic keys. The hardware-based key storage provides stronger protection than software-only solutions.

Digital Rights Management (DRM)

TPMs protect copyrighted content by providing secure key storage and cryptographic operations for DRM systems. The tamper-resistant hardware prevents unauthorized access to protected content.

Software License Protection

TPMs enable secure binding of software licenses to specific hardware platforms. This capability prevents license theft and ensures that software runs only on authorized systems.

Secure IoT Devices

TPMs provide a hardware root of trust for embedded systems and IoT devices. The secure key storage and attestation capabilities enable device authentication and secure communication in IoT deployments.

Cloud Security

Virtual TPMs (vTPMs) provide hardware-like security guarantees for virtual machines in cloud environments. Cloud service providers use vTPMs to extend hardware root of trust to virtualized workloads.

VPN and Network Access Control (NAC)

TPMs ensure the trustworthiness of devices connecting to networks by providing cryptographic proof of device integrity. This capability enables policy enforcement based on device security posture.

Code Signing

TPMs protect keys used to digitally sign software, ensuring the integrity and authenticity of code. The hardware-based key protection prevents unauthorized code signing even if development systems are compromised.

Key Terms Appendix

• Trusted Platform Module (TPM): A secure cryptoprocessor that provides hardware-based security functions including key generation, storage, and cryptographic operations.
• Secure Cryptoprocessor: A dedicated hardware chip designed for cryptographic operations with built-in tamper resistance and security features.
• Root of Trust: A source in a cryptographic system that is inherently trusted and serves as the foundation for extending trust throughout the system.
• Platform Integrity: Verification that a system’s hardware and software configuration has not been altered from a known trusted state.
• Platform Configuration Registers (PCRs): Special registers within the TPM that store cryptographic hashes of boot components using a one-way extension process.
• Endorsement Key (EK): A unique, immutable asymmetric key pair burned into the TPM during manufacture, used for attestation and identity.
• Storage Root Key (SRK): A key unique to each TPM, derived from the EK, used to protect other keys stored within the TPM’s key hierarchy.
• Binding: Encrypting data using a TPM key so it can only be decrypted by that specific TPM, tying the data to the hardware platform.
• Sealing: Encrypting data to a TPM such that it can only be decrypted when the system is in a specific configuration state as measured by PCRs.
• Secure Boot: A security standard that ensures a device boots using only software trusted by the original equipment manufacturer.
• Measured Boot: A process where the TPM records cryptographic hashes of boot components, creating an audit trail of the boot process.
• FIPS 140-2: A U.S. government standard for cryptographic modules that defines security requirements for hardware and software.
• Trusted Computing Group (TCG): An industry standards body that develops and promotes TPM specifications and trusted computing standards.
• Virtual TPM (vTPM): A software emulation of a TPM for virtual machines that provides similar security guarantees in virtualized environments.