What is Trusted Platform Module (TPM)?
A specialized security chip built into most modern computers that provides hardware-based cryptographic functions and secure key storage.
TPM is a security chip soldered to your computer's motherboard that handles sensitive cryptographic operations in hardware.
Capabilities
- Secure key generation and storage
- Platform integrity measurement (detecting tampering)
- Disk encryption key management (BitLocker, LUKS)
- Random number generation
- Hardware-backed authentication
Privacy Considerations
- Positive: Protects disk encryption keys from software attacks
- Positive: Enables secure boot to prevent rootkits
- Concern: TPM has a unique identifier (Endorsement Key) that could theoretically be used for hardware tracking
- Concern: Remote attestation could be used to prevent running modified software
TPM 2.0
Windows 11 requires TPM 2.0. This has pushed TPM adoption but also raised concerns about hardware DRM and reduced user control over their own devices.
Related Terms
Encryption at Rest
Encryption applied to data stored on disks, databases, or other storage media. When data is 'at rest' (not actively being transmitted), encryption protects it from unauthorized access if storage devices are stolen or compromised.
Hardware Security Key
A physical device used for authentication that provides the strongest form of two-factor authentication. Hardware keys are immune to phishing attacks because they cryptographically verify the legitimacy of the website before responding.
Hardware Security Module (HSM)
A tamper-resistant physical device that manages and protects cryptographic keys, performing encryption operations in a secure environment.
Have more questions?
Use our guided flow to get the right next privacy step for Trusted Platform Module (TPM).
Open Guided Flow