Questions tagged [tpm]

A Trusted Platform Module (TPM) is a secure coprocessor found in some x86-based computers that provides cryptographic operations and system integrity measurements.

A Trusted Platform Module is a secure cryptoprocessor defined by the Trusted Computing Group and found on some x86 processors. It performs platform measurements that an operating system can use to ensure platform integrity, thus implementing a form of secure boot. The TPM also implements some common cryptographic algorithms. Each TPM contains a unique key and can therefore be used to authenticate the platform and to encrypt data that will not be decryptable without that particular TPM.

TrouSerS is an open-source TCG software stack (a TPM API). Microsoft's Bitlocker on Windows Vista and above leverages the TPM when present.

230 questions

votes

6 answers

What are the differences between TPM and HSM?

TPM (Trusted Platform Module) and HSM (Hardware Security Module) are considered as cryptoprocessor, but what are the differences exactly? Does one of them has more advantages than another?

asked May 07 '15 at 19:40

Ali

2,694
1
14
23

votes

3 answers

How does the TPM perform integrity measurements on a system?

I am trying to find out how the TPM performs an integrity measurement on a system. It is well-documented in the TPM specification how it seals the data it has measured in the PCRs and how it is updated. But that which I can't find explained is how…

trusted-computing tpm

asked Jul 22 '13 at 11:42

user1049697

1,107
2
10
15

votes

7 answers

Can we tamper-proof a game that's sold along with the Windows machine it runs on?

We want to protect a game that is basically sold with the computer containing it. The security is done this way: The HDD is encrypted using hardware TPM 1.2, which holds a unique key to decrypt the OS only in that specific computer. So Windows will…

encryption tpm tampering

asked Oct 31 '17 at 10:53

younes

votes

2 answers

Right way to use the TPM for full disk encryption

I'm currently setting up a BitLocker equivalent using a TPM and LUKS. I've got the basics right and I'm able to measure the boot process and seal the FDE key using the TPM. Every time the sensitive parts (firmware, bootloader, kernel) are updated…

disk-encryption luks tpm bitlocker

asked May 27 '16 at 06:40

André Borie

12,706
3
39
76

votes

2 answers

Difference between TPM, TEE and SE

What is the difference between a Secure Element (SE), a Trusted Execution Environment (TEE) and a Trusted Platform Module (TPM)? I understand that they all refer to an external secure cryptoprocessor, which is designed to store cryptographic keys…

tpm trusted-computing tee

asked May 09 '16 at 11:57

Raoul722

votes

3 answers

What happens when a TPM chip breaks or fails?

I read that a TPM (Trusted Platform Module) has some sort of burnt in key that it uses, along with the password you provide, to encrypt your data. The point is that you cannot decrypt your Hard Disk without the TPM (please correct me if I'm wrong).…

disk-encryption data-recovery tpm

asked Jul 02 '16 at 16:42

Fresco

votes

4 answers

Do a TPM's benefits outweigh the risks?

Is TPM really worth it? According to Wikipedia it: Provides a generator of random numbers (that's okay) Facilities for the secure generation of cryptographic keys for limited uses (that's okay too I guess) Remote attestation (doesn't sound…

tpm

asked Jun 15 '18 at 11:40

Gillian

votes

3 answers

How does Bitlocker + TPM prevent me seeing the HDD contents with another OS?

I've googled the heck out of this, and have read multiple related questions on this site, but I'm still missing a crucial piece of the puzzle. I have a (work) laptop with Win10 Pro which is encrypted with Bitlocker. For quite a while I didn't even…

tpm bitlocker

asked Jul 28 '18 at 13:09

Neilski

votes

1 answer

What are the functional similarities and differences between TPM and SGX in trusted computing?

I know about the TPM (Trusted Platform Module). In recent years, more researchers start to develop on Intel SGX, which I do not have any experience with. They are both crypto chips, but what are their functional similarities and difference? What…

tpm trusted-computing intel-sgx

asked Dec 19 '17 at 05:00

TJCLK

votes

1 answer

How are TPMs provisioned for Intel Trusted Execution Environment (TXT)?

For Intel TXT to work, the TPM must be provisioned. Intel provides some tools for doing this but many are protected by non-public login or an NDA. Many OEM platform vendors provision their boards and machines at manufacturing time so an end user…

trusted-computing tpm boot trusted-boot

asked Jun 15 '16 at 21:38

Wilbur Whateley

votes

2 answers

TPM 2.0 PKCS#11 on Windows and Linux

The new Skylake processors have integrated TPM 2.0 inside. Is there any way how to use the TPM 2.0 as a PKCS#11 token on Windows and Linux for symmetric and asymmetric keys? TPM 1.2 has a PKCS#11 libraries and I am looking for something similar for…

tpm pkcs11

asked Jun 11 '16 at 06:47

user1563721

1,099
11
22

votes

1 answer

Using TPM with well-known SRK/owner passwords?

First, I will explain roughly how I plan to use the TPM: I am using something called tpm-luks which stores a key in both TPM NVRAM and adds the key to one of the LUKS keyslots. The initramfs then decrypts the root LUKS-encrypted partition using the…

linux luks tpm

asked Dec 18 '15 at 21:46

mmtauqir

votes

2 answers

Secure Boot on Microsoft Surface Pro 3 (or modern PCs)?

Got a Surface Pro 3 today and noticed in it's EFI that it's got TPM enabled, "Secure Boot" enabled (unsure what such an umbrella/catch all term actually covers) And then in Windows 8.1, it's got BitLocker turned on I was a little surprised that…

encryption disk-encryption bitlocker tpm

asked Oct 09 '14 at 00:37

DeepSpace101

2,143
3
22
35

votes

1 answer

How does full memory encryption in newer processes protect against DMA attacks?

Upcoming Intel CPUs have TME, current AMD processors have SME. These are full-memory encryption techniques to protect against physical attacks such as cold boot attacks. Both support encrypting the entire RAM from boot so that software does not have…

encryption physical memory tpm

asked Jul 19 '18 at 14:40

nh2

votes

1 answer

What prevents the Intel TXT boot loader from being maliciously altered?

From my understanding of Intel TXT, the technology can be used to put the processor in a trusted state where measurements can be performed. My understanding looks something like this, where I believe TBoot is typically used to launch SINIT. However …

integrity trusted-computing tpm

asked Mar 18 '14 at 11:56

Nark

2 3

…

15 16 Next