The Trusted Platform Module: A Foundation for a Root of Trust

Trusted Platform Module

Most contemporary Intel processor designs include a Trusted Platform Module (TPM), a security chip that uses cryptographic methods to ensure platform integrity throughout the entire boot process until applications are running. A hardware vendor’s approach to using the trusted platform module device is particularly important for system integrators’ timelines and budgets.

The trusted platform module is often used as the basis for a hardware Root of Trust, which is in turn the foundation for many of the security capabilities on a computing system. The Root of Trust may be based on a unique element in the hardware that cannot be replicated or duplicated by anyone who is trying to make a copy of the board. On a board, the Root of Trust might be a serial number that cannot be tampered with or cloned. Or, it might be a private cryptographic key or Physically Unclonable Function (PUF) that is unique to just that one instance of a board. In every case, it is a unique mechanism that provides a secure foundation from which to build a trusted system.

Because the mechanism that enables a hardware Root of Trust is something that cannot be easily broken, it provides a level of trust that is guaranteed to be genuine. The board boots in an authentic and secure way no matter what application is running on it.

The trusted platform module provides no security capabilities until it is instrumented (configured) and enabled. It must then be locked to ensure that provisioned indices and access policies cannot be altered, ensuring the original security profiles remain unchanged.