%% Title: Trusted Platform Modules Created: 2022-03-07 22:31 Status: Parent: [[Resources/Computing/Security]] Tags: Source: %% # Trusted Platform Modules They have uses for [[Resources/Computing/Security/Crypto/TPMFDE|TPM-backed full-disk encryption]] and role to play in [[Resources/Computing/Security/Boot/TPM|boot security]]. [The Trusted Platform Module Key Hierarchy](https://ericchiang.github.io/post/tpm-keys/). ### Implementations - Discrete TPMs (dTPM12): a physical chip, usually tamper-resistant. - Integrated TPMs: integrated into a SoC or other chipset. - Firmware TPM: implemented in the system’s firmware; preferably inside some trust zone. - Hypervisor TPM: isolated from the [[Resources/Computing/VirtualMachines|VM]]. - Software TPM: typically only used for testing. ## TPM 2.0 - Supported algorithms includes ECC P256 & BN256, AES-128 (AES-256 is optional), SHA-2, and HMAC-SHA-256. - [TPM 1.2 vs. 2.0 Features](https://www.dell.com/support/kbdoc/en-us/000131631/tpm-1-2-vs-2-0-features) - [TPM and attestation](https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf) - [Windows 11: TPMs and Digital Sovereignty](https://secret.club/2021/06/28/windows11-tpms.html) ### Security properties - [ Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop](https://www.errno.fr/BypassingBitlocker.html) -