Article Image
IPFS News Link • Technology: Computer Hardware

Trusted Platform Module


TPM's technical specification was written by a computer industry consortium called Trusted Computing Group(TCG). International Organization for Standardization (ISO) and International Electrotechnical Commission(IEC) standardized the specification as ISO/IEC 11889 in 2009.[1]

TCG continues to revise the TPM specification. It published revision 116 of the version 1.2 of TPM specification on March 3, 2011,[2] while the draft revision 1.07 of the version 2.0 of TPM specification was published for public review on March 13, 2014 as a library specification that provides updates to the previously published main TPM specifications. Trusted Platform Module Library Specification Revision 01.16 was released in October 2014 as the latest TPM 2.0 release.[3]

Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator.[4][5] It also includes capabilities such as remote attestation and sealed storage, as follows:

Remote attestation – creates a nearly unforgeable hash key summary of the hardware and software configuration. The program hashing the configuration data determines the extent of the summary of the software. This allows a third party to verify that the software has not been changed.

Binding – encrypts data using TPM bind key, a unique RSA key descended from a storage key.[6]

Sealing – encrypts data in a similar manner to binding, but in addition specifies a state in which TPM must be in order for the data to be decrypted (unsealed).[7]

Software can use a Trusted Platform Module to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication.