Trusted Platform Module (TPM)
TPM performs sensitive cryptographic functions on a physically separate, dedicated microprocessor. A TPM chip is a secure cryptoprocessor, which carries out cryptographic operations that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.
The TPM is an international standard (ISO/ IEC 11889 Series).
A TPM generates and stores cryptographic keys, and performs the following functions:
- Enables third-party verification of the system state using a cryptographic hash of the known good hardware and software configuration.
- Binds a unique cryptographic key to specific hardware.
- Encrypts data with a unique cryptographic key and ensures that ciphertext can only be decrypted if the hardware is in a known good state.
Some of the key advantages of using TPM technology are that you can:
- Generate, store, and limit the use of cryptographic keys.
- Use TPM technology for platform device authentication by using the TPM’s unique RSA key.
TPM’s internal memory is divided into two different segments:
- Persistent (static) memory modules.
- Versatile (dynamic) memory modules.
Encryption / Decryption
A system incorporating with TPM creates cryptographic keys and encrypts them. These encrypted keys can only decrypt by TPM. Each TPM has a master wrapping key, which is known as Storage Root Key (SRK), stored in TPM itself.
The private key is always present inside the TPM, while the public key is used to verify the authenticity of the TPM itself.
Go CISSP’s Home