What is the difference betwen a Trusted Computing Base (TCB) and a Root of Trust (RoT)? Can both terms be used interchangeably?
A TCB is defined by the NIST as follows:
Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy.
A RoT is defined by GlobalPlatform as follows:
A computing engine, code, and possibly data, all co-located on the same platform; provides security services. No ancestor entity is able to provide a trustable attestation (in Digest or other form) for the initial code and data state of the Root of Trust.
It looks like these are the same things but used in slightly different contexts. TCB seems to be used for the general case while Root of Trust seems to be focused on cryptographic applications and hardware security subsystems (like TPMs).