What is Trusted Platform Module (TPM)?
A Trusted Platform Module (TPM) is a type of secure cryptoprocessor, which is a specialized chip that performs cryptographic operations such as storing encryption keys to secure information normally used by the host system to authenticate hardware. The information stored does not always have to be an encryption key; It can also contain passwords and certificates.
Die Spezifikationen für die ebenfalls gleichnamigen Chips wurden von der Trusted Computing Group (TCG) entwickelt. Diese Chips werden üblicherweise TPM-Chips oder TPM-Sicherheitsgeräte genannt, und da diese Chips speziell für einen bestimmten Zweck hergestellt sind, können sie in gewissem Umfang als anwendungsspezifische integrierte Schaltungen (ASIC) betrachtet werden.
The guarantee of a secure computing environment promised by the TPM is implemented with two necessary steps: authentication and attestation. Authentication ensures that a platform lives up to expectations and proves that it is what it claims to be. On the other hand, attestation is a process that supports a platform's claim to be trustworthy enough by ensuring that there are no signs of security breaches in the system. The hardware nature of the TPM ensures that information is better protected from external sources.
Various software applications that store security entities on a TPM can be developed. These applications are useful for making information difficult to access when improper authorization is used. For example, newer laptops now have a built-in fingerprint scanner which ensures that only the owner and a few other trusted users can access the laptop. The fingerprint data is stored in a TPM to prevent external access and manipulation.
TPM can even completely block access to data and other applications if it is determined that certain platform configurations have been changed due to unauthorized access. However, TPM cannot and cannot control software running on a computer, it only stores and sends information about security entities and the apparent security status of the system. It is up to the appropriate software or hardware to respond to the recommendations of the TPM.