Trusted Platform Module
An example Trusted Platform Module, theInfineon SLB9655TT12
Abbreviation	TPM
Status	Published
Year started	2009; 16 years ago (2009)
Latest version	ISO/IEC 11889:2015 2015; 10 years ago (2015)
Organization	Trusted Computing Group,ISO/IEC JTC 1
Domain	Secure cryptoprocessor
Website	ISO/IEC 11889-1:2015 ISO/IEC 11889-2:2015 ISO/IEC 11889-3:2015 ISO/IEC 11889-4:2015

ATrusted Platform Module (TPM) is asecure cryptoprocessor that implements theISO/IEC 11889 standard. Common uses are verifying that theboot process starts from a trusted combination of hardware and software and storing disk encryption keys.

A TPM 2.0 implementation is part of theWindows 11 system requirements.^[1]

The first TPM version that was deployed was 1.1b in 2003.^[2]

Trusted Platform Module (TPM) was conceived by acomputer industry consortium calledTrusted Computing Group (TCG). It evolved intoTPM Main Specification Version 1.2 which was standardized byInternational Organization for Standardization (ISO) andInternational Electrotechnical Commission (IEC) in 2009 as ISO/IEC 11889:2009.^[3]TPM Main Specification Version 1.2 was finalized on 3 March 2011 completing its revision.^[4][5]

On April 9, 2014, theTrusted Computing Group announced a major upgrade to their specification entitledTPM Library Specification 2.0.^[6] The group continues work on the standard incorporating errata, algorithmic additions and new commands, with its most recent edition published as 2.0 in November 2019.^[7] This version became ISO/IEC 11889:2015.

When a new revision is released, it is divided into multiple parts by the Trusted Computing Group. Each part consists of a document that makes up the whole of the new TPM specification.

• Part 1 Architecture (renamed from Design Principles)
• Part 2 Structures of the TPM
• Part 3 Commands
• Part 4 Supporting Routines (added in TPM 2.0)

While TPM 2.0 addresses many of the same use cases and has similar features, the details are different. TPM 2.0 is not backward compatible with TPM 1.2.^[8][9][10]

The TPM 2.0 policy authorization includes the 1.2 HMAC, locality, physical presence, and PCR. It adds authorization based on an asymmetric digital signature, indirection to another authorization secret, counters and time limits, NVRAM values, a particular command or command parameters, and physical presence. It permits theANDing and ORing of these authorization primitives to construct complex authorization policies.^[23]

The Trusted Platform Module (TPM) provides:

• Ahardware random number generator^[24][25]
• Facilities for the secure generation ofcryptographic keys for limited uses.
• Remote attestation: Creates a nearly unforgeablehash key summary of the hardware and software configuration. One could use the hash to verify that the hardware and software have not been changed. The software in charge of hashing the setup determines the extent of the summary.
• Binding: Data is encrypted using the TPM bind key, a uniqueRSA key descended from a storage key. Computers that incorporate a TPM can create cryptographic keys and encrypt them so that they can only be decrypted by the TPM. This process, often called wrapping or binding a key, can help protect the key from disclosure. Each TPM has a master wrapping key, called the storage root key, which is stored within the TPM itself. User-level RSA key containers are stored with the Windows user profile for a particular user and can be used to encrypt and decrypt information for applications that run under that specific user identity.^[26][27]
• Sealed storage: Specifies the TPM state^[28] for the data to be decrypted (unsealed).^[29]
• OtherTrusted Computing functions for the data to be decrypted (unsealed).^[30]

Computer programs can use a TPM for theauthentication of hardware devices, since each TPM chip has a unique and secret Endorsement Key (EK) burned in as it is produced. Security embedded in hardware provides more protection than a software-only solution.^[31] Its use is restricted in some countries.^[32]

The primary scope of TPM is to ensure theintegrity of a platform during boot time. In this context, "integrity" means "behaves as intended", and a "platform" is any computer device regardless of itsoperating system. This is to ensure that theboot process starts from a trusted combination of hardware and software, and continues until the operating system has fully booted andapplications are running.

When TPM is used, the firmware and the operating system are responsible for ensuring integrity.

For example, theUnified Extensible Firmware Interface (UEFI) can use TPM to form aroot of trust: The TPM contains several Platform Configuration Registers (PCRs) that allow secure storage and reporting of security-relevant metrics. These metrics can be used to detect changes to previous configurations and decide how to proceed. Examples of such use can be found inLinux Unified Key Setup (LUKS),^[33]BitLocker andPrivateCore vCage memory encryption. (See below.)

Another example of platform integrity via TPM is in the use ofMicrosoft Office 365 licensing and Outlook Exchange.^[34]

Another example of TPM use for platform integrity is theTrusted Execution Technology (TXT), which creates a chain of trust. It could remotely attest that a computer is using the specified hardware and software.^[35]

Full disk encryption utilities, such asdm-crypt, can use this technology to protect the keys used to encrypt the computer's storage devices and provide integrityauthentication for a trusted boot pathway that includes firmware and theboot sector.^[36]

In 2006, newlaptops began being sold with a built-in TPM chip. In the future, this concept could be co-located on an existingmotherboard chip in computers, or any other device where the TPM facilities could be employed, such as acellphone. On a PC, either theLow Pin Count (LPC) bus or theSerial Peripheral Interface (SPI) bus is used to connect to the TPM chip.

TheTrusted Computing Group (TCG) has certified TPM chips manufactured byInfineon Technologies,Nuvoton, andSTMicroelectronics,^[37] having assigned TPM vendorIDs toAdvanced Micro Devices,Atmel,Broadcom,IBM, Infineon,Intel,Lenovo,National Semiconductor, Nationz Technologies, Nuvoton,Qualcomm,Rockchip,Standard Microsystems Corporation, STMicroelectronics,Samsung, Sinosun,Texas Instruments, andWinbond.^[38]

There are five different types of TPM 2.0 implementations (listed in order from most to least secure):^[39][40]

• Discrete TPMs (dTPMs) are dedicated chips that implement TPM functionality in their own tamper resistant semiconductor package. They are the most secure, certified to FIPS-140 with level 3 physical security^[41] resistance to attack versus routines implemented in software, and their packages are required to implement some tamper resistance. For example, the TPM for the brake controller in a car is protected from hacking by sophisticated methods.^[42]
• Integrated TPMs (iTPMs) are part of another chip. While they use hardware that resists software bugs, they are not required to implement tamper resistance.Intel has integrated TPMs in some of itschipsets.
• Firmware TPMs (fTPMs) are firmware-based (e.g.UEFI) solutions that run in a CPU'strusted execution environment. Intel, AMD and Qualcomm have implemented firmware TPMs.
• Virtual TPMs (vTPMs) are provided by and rely onhypervisors in isolated execution environments that are hidden from the software running insidevirtual machines to secure their code from the software in the virtual machines. They can provide a security level comparable to a firmware TPM.Google Cloud Platform has implemented vTPM.^[43]
• Software TPMs are software emulators of TPMs that run with no more protection than a regular program gets within an operating system. They depend entirely on the environment that they run in, so they provide no more security than what can be provided by the normal execution environment. They are useful for development purposes.

The official TCG reference implementation of the TPM 2.0 Specification has been developed byMicrosoft. It is licensed underBSD License and thesource code is available onGitHub.^[44]

In 2018,Intel open-sourced its Trusted Platform Module 2.0 (TPM2) software stack with support for Linux and Microsoft Windows.^[45] The source code is hosted on GitHub and licensed underBSD License.^[46][47]

Infineon funded the development of an open source TPM middleware that complies with the Software Stack (TSS) Enhanced System API (ESAPI) specification of the TCG.^[48] It was developed byFraunhofer Institute for Secure Information Technology (SIT).^[49]

IBM's Software TPM 2.0 is an implementation of the TCG TPM 2.0 specification. It is based on the TPM specification Parts 3 and 4 and source code donated by Microsoft. It contains additional files to complete the implementation. The source code is hosted onSourceForge^[50] andGitHub^[51] and licensed under BSD License.

In 2022,AMD announced that under certain circumstances their fTPM implementation causes performance problems. A fix is available in form of aBIOS-Update.^[52][53]

TheTrusted Computing Group (TCG) has faced resistance to the deployment of this technology in some areas, where some authors see possible uses not specifically related toTrusted Computing, which may raise privacy concerns. The concerns include the abuse of remote validation of software to decide what software is allowed to run, and possible ways to follow actions taken by the user and record them in a database in a manner that is completely undetectable to the user.^[54]

TheTrueCrypt disk encryption utility, as well as its derivativeVeraCrypt, do not support TPM. The original TrueCrypt developers were of the opinion that the exclusive purpose of the TPM is "to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer". The attacker who has physical or administrative access to a computer can circumvent TPM, e.g., by installing a hardwarekeystroke logger, by resetting TPM, or by capturing memory contents and retrieving TPM-issued keys. The condemning text goes so far as to claim that TPM is entirely redundant.^[55] The VeraCrypt publisher has reproduced the original allegation with no changes other than replacing "TrueCrypt" with "VeraCrypt".^[56] The author is right that, after achieving either unrestricted physical access or administrative privileges, it is only a matter of time before other security measures in place are bypassed.^[57][58] However, stopping an attacker in possession of administrative privileges has never been one of the goals of TPM (see§ Uses for details), and TPM canstop some physical tampering.^{[33][35][59][60][61]}

In 2015,Richard Stallman suggested replacing the term "trusted computing" with the term "treacherous computing" due to the danger that the computer can be made to systematically disobey its owner if the cryptographical keys are kept secret from them. He also considers that TPMs available for PCs in 2015 are not currently^[timeframe?] dangerous and that there is no reasonnot to include one in a computer or support it in software due to failed attempts from the industry to use that technology forDRM, but that the TPM2 released in 2022 is precisely the "treacherous computing" threat he had warned of.^[62]

In August 2023,Linus Torvalds, who was frustrated with AMD fTPM's stuttering bugs, opined, "Let's just disable the stupid fTPMhwrnd thing." He said the CPU-based random number generation,rdrand, was equally suitable, despite having its share of bugs. Writing forNeowin, Sayan Sen quoted Torvalds' comments and called him "a man with a strong opinion".^[63]

In 2010,Christopher Tarnovsky presented an attack against TPMs atBlack Hat Briefings, where he claimed to be able to extract secrets from a single TPM. He was able to do this after 6 months of work by inserting a probe and spying on aninternal bus for the Infineon SLE 66 CL PC.^[64][65]

In case of physical access, computers with TPM 1.2 are vulnerable tocold boot attacks as long as the system is on or can be booted without a passphrase from shutdown,sleep orhibernation, which is the default setup for Windows computers with BitLocker full disk encryption.^[66] A fix was proposed, which has been adopted in the specifications for TPM 2.0.

In 2009, the concept of shared authorisation data in TPM 1.2 was found to be flawed. An adversary given access to the data could spoof responses from the TPM.^[67] A fix was proposed, which has been adopted in the specifications for TPM 2.0.

In 2015, as part of theSnowden revelations, it was revealed that in 2010 aUS CIA team claimed at an internal conference to have carried out adifferential power analysis attack against TPMs that was able to extract secrets.^[68][69]

MainTrusted Boot (tboot) distributions before November 2017 are affected by a dynamic root of trust for measurement (DRTM) attackCVE-2017-16837, which affects computers running onIntel's Trusted eXecution Technology (TXT) for the boot-up routine.^[70]

In October 2017, it was reported that a code library developed byInfineon, which had been in widespread use in its TPMs, contained a vulnerability, known asROCA, which generated weakRSA key pairs that allowed private keys to be inferred frompublic keys. As a result, all systems depending upon the privacy of such weak keys are vulnerable to compromise, such asidentity theft or spoofing.^[71] Cryptosystems that store encryption keys directly in the TPM withoutblinding could be at particular risk to these types of attacks, as passwords and other factors would be meaningless if the attacks can extract encryption secrets.^[72] Infineon has released firmware updates for its TPMs to manufacturers who have used them.^[73]

In 2018, a design flaw in the TPM 2.0 specification for the static root of trust for measurement (SRTM) was reported (CVE-2018-6622). It allows an adversary to reset and forge platform configuration registers which are designed to securely hold measurements of software that are used for bootstrapping a computer.^[74] Fixing it requires hardware-specific firmware patches.^[74] An attacker abuses power interrupts and TPM state restores to trick TPM into thinking that it is running on non-tampered components.^[70]

In 2021, the Dolos Group showed an attack on a discrete TPM, where the TPM chip itself had some tamper resistance, but the other endpoints of its communication bus did not. They read a full-disk-encryption key as it was transmitted across the motherboard, and used it to decrypt the laptop's SSD.^[75]

As of 2025^[update], a TPM is provided by nearly all PC and notebook manufacturers in their products.

Vendors include:

• Infineon provides both TPM chips and TPM software, which are delivered asOEM versions with new computers as well as separately by Infineon for products with TPM technology which comply with TCG standards. For example, Infineon licensed TPM management software to Broadcom Corp. in 2004.^[76]
• Microchip (formerly Atmel) manufactured TPM devices that it claims to be compliant to the Trusted Platform Module specification version 1.2 revision 116 and offered with several interfaces (LPC, SPI, and I²C), modes (FIPS 140-2 certified and standard mode), temperature grades (commercial and industrial), and packages (TSSOP and QFN).^[77][78][79] Its TPMs support PCs and embedded devices.^[77] It also provides TPM development kits to support integration of its TPM devices into various embedded designs.^[80]
• Nuvoton Technology Corporation provides TPM devices for PC applications. Nuvoton also provides TPM devices for embedded systems and Internet of Things (IoT) applications via I²C and SPI host interfaces. Nuvoton's TPM complies withCommon Criteria (CC) with assurance level EAL 4 augmented with ALC_FLR.1, AVA_VAN.4 and ALC_DVS.2,FIPS 140-2 level 2 with Physical Security and EMI/EMC level 3 andTrusted Computing Group Compliance requirements, all supported within a single device. TPMs produced byWinbond are now part of Nuvoton.^[81]
• STMicroelectronics has provided TPMs for PC platforms and embedded systems since 2005. The product offering^[82] includes discrete devices with several interfaces supportingSerial Peripheral Interface (SPI) andI²C and different qualification grades (consumer, industrial and automotive). The TPM products areCommon Criteria (CC) certified EAL4+ augmented with ALC_FLR.1 and AVA_VAN.5,FIPS 140-2 level 2 certified with physical security level 3 and alsoTrusted Computing Group (TCG) certified.

There are also hybrid types; for example, TPM can be integrated into anEthernet controller, thus eliminating the need for a separate motherboard component.^[83][84]

Field upgrade is the TCG term for updating the TPM firmware. The update can be between TPM 1.2 and TPM 2.0, or between firmware versions. Some vendors limit the number of transitions between 1.2 and 2.0, and some restrict rollback to previous versions.^{[citation needed]} Platform OEMs such asHP^[85] supply an upgrade tool.

Since July 28, 2016, all new Microsoft device models, lines, or series (or updating the hardware configuration of an existing model, line, or series with a major update, such as CPU, graphic cards) implement, and enable by default TPM 2.0.

While TPM 1.2 parts are discrete silicon components, which are typically soldered on the motherboard, TPM 2.0 is available as a discrete (dTPM) silicon component in a single semiconductor package, an integrated component incorporated in one or more semiconductor packages - alongside other logic units in the same package(s), and as a firmware (fTPM) based component running in a trusted execution environment (TEE) on a general purpose System-on-a-chip (SoC).^[86]

• Google Compute Engine was the first major cloud provider offering virtualized TPMs (vTPMs) as part ofGoogle Cloud's Shielded VMs product.^[87]Amazon Web Services followed in 2022, naming its vTPM offering "Nitro TPM".^[88]
• The libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0). It targets the integration of TPM functionality into hypervisors, primarily into Qemu.^[89]

• Windows 11 requires TPM 2.0 support as a minimum system requirement.^[90][91] On many systems TPM is disabled by default which requires changing settings in the computer's UEFI to enable it.^[92]
• Windows 8 and later have native support for TPM 2.0.
• Windows 7 can install an official patch to add TPM 2.0 support.^[93]
• Windows Vista throughWindows 10 have native support for TPM 1.2.
• The Trusted Platform Module 2.0 (TPM 2.0) has been supported by theLinux kernel since version 4.0 (2015)^{[94][95][96][97]}

• Google includes TPMs inChromebooks as part of their security model.^[98]
• Oracle ships TPMs in their X- and T-Series Systems such as T3 or T4 series of servers.^[99] Support is included inSolaris 11.^[100]
• In 2006, with the introduction of first Macintosh models with Intel processors, Apple started to ship Macs with TPM. Apple never provided an official driver, but there was a port underGPL available.^[101] Apple has not shipped a computer with TPM since 2006.^[102] Starting in 2016, Apple products began adopting Apple's own trusted hardware component called "Secure Enclave", originally as a separate chip and later as an integrated part of Apple silicon CPUs. Apple Secure Enclave is not TPM-compatible.^[103]
• In 2011, Taiwanese manufacturerMSI launched its Windpad 110W tablet featuring anAMD CPU and Infineon Security Platform TPM, which ships with controlling software version 3.7. The chip is disabled by default but can be enabled with the included, pre-installed software.^[104]

• VMware ESXi hypervisor has supported TPM since 4.x, and from 5.0 it is enabled by default.^[105][106]
• Xen hypervisor has support of virtualized TPMs. Each guest gets its own unique, emulated, software TPM.^[107]
• KVM, combined withQEMU, has support for virtualized TPMs. As of 2012^[update], it supports passing through the physical TPM chip to a single dedicated guest. QEMU 2.11 released in December 2017 also provides emulated TPMs to guests.^[108]
• VirtualBox has support for virtual TPM 1.2 and 2.0 devices starting with version 7.0 released in October 2022.^[109]

• Microsoft operating systemsWindows Vista and later use the chip in conjunction with the included disk encryption component namedBitLocker. Microsoft had announced that from January 1, 2015, all computers will have to be equipped with a TPM 2.0 module in order to passWindows 8.1hardware certification.^[110] However, in a December 2014 review of the Windows Certification Program this was instead made an optional requirement. However, TPM 2.0 is required forconnected standby systems.^[111] Virtual machines running on Hyper-V can have their own virtual TPM module starting with Windows 10 1511 and Windows Server 2016.^[112] Microsoft Windows includes two TPM relatedcommands:tpmtool, a utility that can be used to retrieve information about the TPM, andtpmvscmgr, acommand-line tool that allows creating and deleting TPM virtualsmart cards on a computer.^[113][114]

TPM endorsement keys (EKs) are asymmetric key pairs unique to each TPM. They use theRSA andECC algorithms. The TPM manufacturer usually provisions endorsement key certificates in TPMnon-volatile memory. The certificates assert that the TPM is authentic. Starting with TPM 2.0, the certificates are inX.509DER format.

These manufacturers typically provide theircertificate authority root (and sometimes intermediate) certificates on their web sites.

• AMD^{[115][116][117][118]}
• Infineon^[119]
• Intel^[120][121]
• NationZ^{[122][123][124][125]}
• Nuvoton^{[126][127][128][129][130]}
• ST Micro^{[131][132][133][134][135][136][137][138][139][140]}

To utilize a TPM, the user needs a software library that communicates with the TPM and provides a friendlier API than the raw TPM communication. Currently, there are several such open-source TPM 2.0 libraries. Some of them also support TPM 1.2, but mostly TPM 1.2 chips are now deprecated and modern development is focused on TPM 2.0.

Typically, a TPM library provides an API with one-to-one mappings to TPM commands. The TCG specification calls this layer the System API (SAPI). This way, the user has more control over the TPM operations, but the complexity is high. To hide some of the complexity, most libraries also offer simpler ways to invoke complex TPM operations. The TCG specification call these two layers Enhanced System API (ESAPI) and Feature API (FAPI).

There is currently only one stack that follows the TCG specification. All the other available open-source TPM libraries use their own form of richer API.

These TPM libraries are sometimes also called TPM stacks, because they provide the interface for the developer or user to interact with the TPM. As seen from the table, the TPM stacks abstract the operating system and transport layer, so the user could migrate one application between platforms. For example, by using TPM stack API the user would interact the same way with a TPM, regardless if the physical chip is connected over SPI, I²C or LPC interface to the Host system.

• AMD Platform Security Processor
• ARM TrustZone
• Crypto-shredding
• Hardware security
• Hardware security module
• Hengzhi chip
• Intel Management Engine
• Microsoft Pluton
• Next-Generation Secure Computing Base
• Secure Enclave
• Threat model

• Computer hardware standards
• Computer security hardware
• Cryptographic hardware
• Cryptographic software
• Cryptography standards
• ISO standards
• Random number generation
• Trusted computing

• CS1 maint: archived copy as title
• CS1: long volume value
• CS1 maint: bot: original URL status unknown
• Articles with short description
• Short description is different from Wikidata
• All articles with vague or ambiguous time
• Vague or ambiguous time from December 2022
• Articles containing potentially dated statements from 2025
• All articles containing potentially dated statements
• All articles with unsourced statements
• Articles with unsourced statements from September 2021
• Articles containing potentially dated statements from 2012