Trusted Platform Module (TPM) chips are used in all types of computers from personal laptops, to business computers, to industrial panel PCs, to medical computers. TPM secures your data with an algorithm integrated into your computer hardware. It provides a higher level of security than software alone and protects your data from hackers, malware and thieves. This is especially important for industrial, medical and enterprise computers, which can store massive amounts of company data or sensitive patient information. TPM is widely accepted as the most secure method of protecting information stored on a computer. This blog provides an overview of TPM and how it is used in industrial and medical computers.
Who Created TPM?
Trusted Computing Group (TCG) created TPM in 2003. The current version is TPM 2.0, which is standardized under ISO/IEC 11889.
What is TPM?
There are five types of TPM: Discrete, Integrated, Firmware, Software, and Virtual. This blog will focus on Discrete TPM, because it is the most common and the most secure form.
Discrete TPM is in the form of surface mount integrated circuit and is mated to the computer's motherboard. Many computers, including several product lines from Teguar, come with a TPM chip by default, but the TPM is inactive until it is enabled in the BIOS. It will not affect the computer in anyway, the chip will lay dormant, until activated. Once activated, a user may notice a slower boot up process with the OS.
What does TPM do?
A TPM chip safeguards the data on your computer. It ensures that no unintended users gain access to your data by either stealing your computer or hard drive or via a software attack or brute force attack.
TCG explains that Discrete TPM protects your device from being hacked, "via even sophisticated methods. To accomplish this, a discrete chip is designed, built and evaluated for the highest level of security that can resist tampering with the chip, including probing it and freezing it with all sorts of sophisticated attacks."
How does TPM Work?
When you boot a computer, TPM checks the state of the computer and the state of the computer's environment. If the computer is in a trustworthy state (i.e. it has not been tampered with), it will operate normally. If the computer is not in a trustworthy state, it will not boot, meaning there is no way to access or extract any data from the computer.
TPM works by creating encryption codes. Half of the encryption key is stored on the TPM chip and the other half is stored on the computer hard drive, so if the TPM chip is removed, the computer will not boot. Firmware such as Microsoft's BitLocker requires TPM.
Read the full blog to learn more, including what can trigger an untrustworthy state, how Microsoft's Bitlocker uses TPM, and other functions of TPM.