Inferensys

Glossary

Trusted Platform Module (TPM)

An international standard for a dedicated microcontroller designed to secure hardware through integrated cryptographic keys, used to verify platform integrity and attest to a system's trustworthiness.
Operations room with a large monitor wall for system visibility and control.
HARDWARE ROOT OF TRUST

What is Trusted Platform Module (TPM)?

A Trusted Platform Module (TPM) is an international standard for a dedicated microcontroller designed to secure hardware through integrated cryptographic keys, providing a hardware-based root of trust for platform integrity and attestation.

A Trusted Platform Module (TPM) is a dedicated, isolated microcontroller conforming to the ISO/IEC 11889 standard that generates, stores, and limits the use of cryptographic keys. It performs core security functions—including platform integrity measurement, remote attestation, and sealed key storage—within a tamper-resistant hardware environment, ensuring that secrets are never exposed to the host operating system, memory, or disk.

During a measured boot, the TPM hashes the firmware, bootloader, and OS kernel, storing these integrity measurements in Platform Configuration Registers (PCRs). This enables remote attestation, where the TPM cryptographically signs a quote of these PCR values to prove to a third party that the system booted into a known, trusted software state, forming the hardware foundation for zero-trust architectures and cryptographic content attestation workflows.

HARDWARE ROOT OF TRUST

Core Capabilities of a TPM

A Trusted Platform Module is a dedicated microcontroller that provides hardware-based, security-related functions. It is the bedrock for platform integrity, enabling secure key generation, cryptographic operations, and verifiable attestation of a system's state.

01

Cryptographic Key Generation & Storage

The TPM generates and stores cryptographic keys in hardware, isolated from the operating system and applications. A critical feature is the Endorsement Key (EK) , a unique, burned-in RSA or ECC key pair that serves as the device's immutable identity. The Storage Root Key (SRK) is generated when a user takes ownership, forming the root of a key hierarchy. All private keys are wrapped and stored within the TPM's shielded location, making them inaccessible to software-based attacks. This hardware isolation ensures that even if the main OS is compromised, the keys remain secure.

Shielded Location
Key Storage
02

Platform Integrity & Measured Boot

The TPM enables measured boot, a process that creates a tamper-proof audit log of the system's startup sequence. Before each component (BIOS, bootloader, OS kernel) is executed, its cryptographic hash is calculated and stored in a Platform Configuration Register (PCR) inside the TPM. This creates a chain of trust where each stage measures the next. The resulting PCR values can be compared against known-good values to detect the presence of rootkits or unauthorized modifications, providing a strong assertion of platform integrity.

PCRs
Measurement Registers
03

Remote Attestation

Remote attestation allows a system to prove its current software state to a remote party. The TPM signs a set of PCR values with a private Attestation Identity Key (AIK) , creating a cryptographic quote. This quote proves that the PCR values are authentic and were generated by a specific TPM. A remote verifier can then compare the signed PCR values against a trusted baseline to decide whether the platform is in a trustworthy state before granting it access to a network or releasing sensitive data.

AIK
Attestation Key
04

Sealing and Binding Data

The TPM can encrypt data in a way that it can only be decrypted on the same machine and, optionally, only when the system is in a specific state. Binding encrypts data using a TPM's public key, ensuring it can only be decrypted by that specific TPM. Sealing goes further by binding the decryption to a specific set of PCR values. For example, a disk encryption key can be sealed to the PCRs representing a clean boot, ensuring it cannot be decrypted if the system is compromised by a bootkit.

PCR-Locked
Sealing Condition
05

Hardware-Entropy Random Number Generation

A TPM contains a true random number generator (TRNG) that sources entropy from physical hardware noise, such as thermal noise or clock jitter. This is a critical capability for generating non-deterministic, unpredictable cryptographic keys and nonces. Unlike software-based pseudo-random number generators (PRNGs), the TPM's TRNG is not susceptible to algorithmic prediction or seeding failures, providing a fundamental source of high-quality randomness for all cryptographic operations performed on the platform.

TRNG
Entropy Source
06

Protected Cryptographic Operations

The TPM performs cryptographic operations like signing, hashing, and encryption within its own tamper-resistant processor. This means the private key material never leaves the chip in plaintext. The host system sends a command and data to the TPM, the operation is executed internally, and only the result is returned. This protects against memory-scraping malware and cold-boot attacks that target keys stored in system RAM, making the TPM a secure execution environment for sensitive cryptographic tasks.

On-Chip
Execution
TRUSTED PLATFORM MODULE

Frequently Asked Questions

Clear, technically precise answers to the most common questions about the hardware root of trust that underpins modern cryptographic attestation and platform integrity.

A Trusted Platform Module (TPM) is an international standard (ISO/IEC 11889) for a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. It functions as a hardware root of trust, performing operations such as key generation, key storage, and platform authentication in a tamper-resistant environment isolated from the main CPU, operating system, and applications. The TPM contains a unique, burned-in Endorsement Key (EK) during manufacturing, which establishes its identity. It generates and stores other key types, including Storage Root Keys (SRK) and Attestation Identity Keys (AIK), entirely within the chip. Because the private key material never leaves the TPM in plaintext, even a compromised operating system cannot extract the keys, making it a foundational component for secure boot, device identity, and cryptographic content attestation.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.