What are the differences between TPM and HSM?

Question

TPM (Trusted Platform Module) and HSM (Hardware Security Module) are considered as cryptoprocessor, but what are the differences exactly?

Does one of them has more advantages than another?

Answer 1

Trusted Platform Modules

A Trusted Platform Module (TPM) is a hardware chip on the computer’s motherboard that stores cryptographic keys used for encryption. Many laptop computers include a TPM, but if the system doesn’t include it, it is not feasible to add one. Once enabled, the Trusted Platform Module provides full disk encryption capabilities. It becomes the "root of trust" for the system to provide integrity and authentication to the boot process. It keeps hard drives locked/sealed until the system completes a system verification, or authentication check.

The TPM includes a unique RSA key burned into it, which is used for asymmetric encryption. Additionally, it can generate, store, and protect other keys used in the encryption and decryption process.

Hardware Security Modules

A hardware security module (HSM) is a security device you can add to a system to manage, generate, and securely store cryptographic keys.

High performance HSMs are external devices connected to a network using TCP/IP. Smaller HSMs come as expansion cards you install within a server, or as devices you plug into computer ports.

One of the noteworthy differences between the two is that HSMs are removable or external devices. In comparison, a TPM is a chip embedded into the motherboard. You can easily add an HSM to a system or a network, but if a system didn’t ship with a TPM, it’s not feasible to add one later. Both provide secure encryption capabilities by storing and using RSA keys.

Source: https://blogs.getcertifiedgetahead.com/tpm-hsm-hardware-encryption-devices/

Answer 2

Sorry, but I think there are some gaps in this conversation:

1. TPMs can't be added later : False. Many modern motherboards include a header to which a TPM can be added after the fact. Visit Amazon and look at the TPM modules cards for MSI, Asus, and other motherboards
2. HSMs are typically removed or network attached : False. HSMs can be embedded in a range of hardware from FIPS 140-3 compliant rack mount chassis, to PCI-E cards, to USB keys, to MicroSD cards

The primary difference is in use. TPMs are meant to provide a hardware root of trust to enable secure computing by providing a secure key storage enclave with minimal cryptographic functions primarily in the signing and signature verification space. Some one did outline the primary use cases ... storage of drive encryption keys and validation of signatures on boot loaders, kernels, and device drivers. Note, much of this can be accomplished without a TPM (secure boot with bios that support Windows WHQL including default Microsoft keys), password based disk encryption. TPMs typically cost between $7 USD (as part of the bill of materials for a custom board) to $15 USD (as a pluggable module for after market modification). TPMs can include smart card reader / virtual smart card functionality.

HSMs typically have two primary, closely related functions. The first function is hardware enabled / accelerated cryptographic functions including encipherment, decipherment, key generation, PRNG functions, and related signing/signature validation functions. Typically these are hardware accelerated by onboard FPGA or ASIC (or a combination). The second function typically is a smart card reader with / without virtual smart card for key / certification storage with enhanced (PIN) based protections. The integration of the two provides a powerful model for using hardware to generate a non-exportable certificate embedded within the virtual smart card. HSMs can run from tens of thousands of dollars (for chassis based solutions) to thousands of dollars (for PCIE cards) to 100s of dollars (USB) to 10s of dollars (for H-SDC versions).

In my experience, TPMs are primarily used for key storage, HSMs are primarily used for hardware accelerated cryptography with key storage.

Answer 3

TPMs are very exactly specified parts wrt to function and security level they provide (https://www.trustedcomputinggroup.org).

It has fixed function, is a rather low cost and yet high security chip (less than $2.00). The purpose is to serve as a ‚root of trust‘ on a platform. Also they are tested and certified to withstand a defined level of side-channel/observing attacks, semi-invasive/fault attacks and even invasive attacks.

In contrast the term HSM essentially just says „hardware security module“ and this leads to an ambiguity and variety of interpretations.

Traditionally an HSM is module that is optimized to generate AES, RSA or ECC keys and certificates in very high performance. Imagine you run a web-server that shall be able to quickly establish hundreds or thousands of https (SSL/TLS) session. This requires a massive crypto performance (i.e. key generation). HSMs do this - very fast! They are not necessarily well protected sophisticated against attacks, since they are usually operated in a secure environment. However they typically are packaged in a way that provides tamper resistance and evidence. Big difference to TPMs: these modules cost $1000s upwards. It‘s low volume specially designed silicon and comes e.g. on PCIexpress boards where the customer can scale the required performance by plugging in multiple HSMs on his motherboard/rack. The TPM market is north of 100mio pcs/yr. And by definition there is 1 TPM ‚bound‘ (=mostly ‚soldered‘) to the platform.

Other forms of „HSM“ interpretations: Some use the term HSM ambiguously e.g. even for the TrustZone in the ARM-A series family or anything where there is a dedicated security processor in a more general (multi-core) CPU.

Answer 4

If you want to put it short:

• A TPM is a specific device to keep it's own keys secure (source of identity)
• while an HSM is a general device to secure foreign keys (verify identity)

As always keep in mind, that things are more complex, so this is an oversimplification.

And the following is not exhaustive, too.

TPM and HSM serve a completey different purpose.

Usually a TPM is used (backed by the BIOS) to verify that all parts of the operating system are authentic. It can be part of some anti-theft method which prevents the computer to boot or decrypt if the wrong person tries to start it. While a TPM protects the information (like it's identity) stored inside it, these information usually is only used infrequently, so a TPM needs low to no power and has a tiny design pattern. A TPM does not meant to protect valuable information outside of the TPM's context, which is the "platform" (AKA mainboard) itself.

In contrast an HSM is meant to protect a huge (compared to what a TPM stores) amount of (often foreign) cryptographic material (outside the "platform") against theft which is also in heavy and critical use. So it's main context is to protect these information, not only itself.

HSM and TPM share some properties. You can store (a small amount of) keys inside a TPM to protect those, too. But while a TPM is a small inexpensive device, an HSM usually is a quite capable and expensive computing device.

Or to put it into computing terms:

With a TPM you can only simulate an HSM. This simulation cannot keep the data inside the simulated HSM secure against hacking.

With an HSM you can emulate a TPM (as long as the HSM is able to run all needed cryptographic routines within itself). So a good HSM could be used to create a software replacement of a TPM in real world with the same security properties of a TPM. This can be used to emulate TPMs for virtual machines, such that these TPMs cannot be cloned by a hacker (outside of the host itself and provided that the HSM is not hacked, too).

Answer 5

TPM chips often are embedded onto a motherboard, but not always. HSM are almost always external.

My motherboard actually supports adding a TPM chip via a header.

TPM can replicate some HSM functionality, but a HSM cannot replace a TPM. TPM allows a root of trust for booting.

Answer 6

TPMs are verifying, that computer runs only signed code. It usually builtin motherboard.

HSM used to store private or symmetric keys for encryption.Usually it is separate network deivce.