Trusted Platform Module (TPM)

The TPM contains a true hardware random number generator (HRNG) and dedicated, tamper-resistant memory for creating and storing cryptographic keys. Keys generated inside the TPM can be designated as non-migratable, meaning their private portions are never exposed outside the secure hardware boundary. This protects sensitive keys, such as RSA or ECC private keys for disk encryption (e.g., BitLocker's TPM protector) or code signing, from software-based extraction. The TPM can also store externally generated keys in a wrapped (encrypted) form, decrypting them only within its secure environment for use.

This is the process of creating a cryptographic hash chain of all critical software components as they load during boot. The TPM's Platform Configuration Registers (PCRs) store these measurements. During Secure Boot, firmware, bootloader, and OS kernel hashes are extended into specific PCRs. A Remote Attestation protocol allows a verifier (e.g., a corporate server) to request a signed quote of the PCR values from the TPM. By comparing these signed measurements against known-good values, the verifier can cryptographically attest that the platform is running trusted, unaltered software, a cornerstone of Zero-Trust Architecture.

Every TPM is manufactured with a unique, embedded Endorsement Key (EK). This is an RSA key pair burned into the hardware during production, where the private key is permanently non-migratable. The EK serves as the TPM's root identity. A public EK Certificate, issued by the TPM manufacturer, cryptographically binds this identity to the specific hardware. This immutable identity is used to derive trusted, scoped identities called Attestation Identity Keys (AIKs), which provide privacy-preserving authentication for remote attestation without revealing the base EK.

The TPM can seal data (e.g., a disk encryption key) to a specific platform software state. Sealing encrypts the data so it can only be decrypted (unsealed) by the same TPM when the PCRs match the exact values recorded during sealing. This binds critical secrets to a known-good configuration, preventing access if malware alters the boot process. Binding simply encrypts data to a TPM's storage key, requiring that specific TPM to decrypt it, but does not tie it to PCR state. These functions enable features like secure system updates and conditional data access.

Beyond key storage, the TPM includes dedicated cryptographic processors to perform operations internally without exposing private key material. Core functions include:

• RSA Signing/Decryption: For digital signatures and decrypting data bound to the TPM.
• HMAC and Key Derivation: Using the KDFa algorithm specified in the TPM 2.0 standard.
• Hashing (SHA-1, SHA-256): For extending PCRs and other integrity operations.
• True Random Number Generation: Critical for creating nonces and cryptographic keys. This internal execution protects against software side-channel attacks that could target keys in system memory.

TPM 2.0 implements a flexible key hierarchy for structured key management. At the root is a primary seed unique to the TPM. From this seed, a Storage Root Key (SRK) is generated, forming the root of a storage hierarchy. All other keys (signing keys, encryption keys) are stored encrypted under their parent key, forming a tree. Access to keys is controlled by authorization policies. These can be simple passwords (like a Platform Authorization Value), physical presence assertions, or complex multi-factor policies requiring specific PCR states or signatures from other keys, enforcing the Principle of Least Privilege for cryptographic objects.

An immutable, always-on security engine embedded within a silicon chip. It performs cryptographically verified measurements of system firmware and software during boot, establishing a chain of trust. The TPM is a common implementation of a hardware root of trust, providing the initial anchor for secure boot and remote attestation processes.

A secure area of a main processor (CPU) that ensures code and data loaded inside are protected with respect to confidentiality and integrity. Unlike a discrete TPM chip, a TEE is integrated into the CPU. It provides a more general-purpose isolated execution environment for applications, whereas a TPM is specialized for cryptographic operations and integrity measurement.

• Key Concept: Provides runtime isolation for sensitive computations.
• Examples: Intel SGX, AMD SEV, ARM TrustZone.

A cryptographic protocol that allows a remote verifier (e.g., a cloud service) to gain confidence that specific software is running securely within a genuine TPM or TEE on a client platform. The TPM plays a central role by signing a report of the measured software state, which the verifier can check against a known-good policy. This is critical for zero-trust architectures where AI agents must prove their integrity before accessing sensitive APIs.

A cloud computing paradigm that uses hardware-based TEEs to protect data in use. It isolates sensitive data within a protected CPU enclave during processing, ensuring it is never exposed in plaintext to the rest of the system, including the hypervisor and cloud provider. While TPMs help establish trust in the platform, Confidential Computing (using technologies like Intel SGX or AMD SEV) focuses on encrypting data during active computation in memory.

A software-based implementation of the TPM 2.0 specification, managed by a hypervisor, that provides a virtualized root of trust and cryptographic services to a virtual machine (VM). It allows VMs, including those running AI agent workloads, to have their own isolated TPM instance. The security of the vTPM relies on the integrity of the underlying physical TPM and hypervisor, creating a chain of trust from hardware to the virtualized guest.

A hardware-isolated, trusted execution environment within a processor (a specific type of TEE). It protects sensitive code and data from all other software on the system, including the operating system and hypervisor. While a TPM is a dedicated microcontroller for crypto and measurement, a Secure Enclave (like Apple's or Intel SGX) is designed to securely execute arbitrary application logic. They are complementary: a TPM can attest to the integrity of an enclave's initial state.