You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.

TPM - Trusted Protection Module

What is Trusted Platform Module (TPM) Management?

Trusted Platform Module (TPM) Management is a feature set in some machines that is used to administer the TPM security hardware in your computer. The feature set includes the TPM Management console, and an API called TPM Base Services (TBS). This architecture provides an infrastructure that allows Windows®-based applications to use and share the TPM.

What is a Trusted Platform Module (TPM)?

A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer or laptop, and communicates with the rest of the system using a hardware bus.

Computers that incorporate a TPM have the ability to create cryptographic keys and encrypt them so that they can be decrypted only by the TPM. This process, often called "wrapping" or "binding" a key, can help protect the key from disclosure. Each TPM has a root "wrapping" key, called the Storage Root Key (SRK), which is stored within the TPM itself. The private portion of a key created in a TPM is never exposed to any other component, software, process, or person.

Computers that incorporate a TPM can also create a key that has not only been wrapped, but also tied to certain platform measurements. This type of key can only be unwrapped when those platform measurements have the same values that they had when the key was created. This process is called "sealing" the key to the TPM. Decrypting it is called "unsealing." The TPM can also seal and unseal data generated outside of the TPM. With this sealed key and software like Windows® BitLocker™ Drive Encryption, you can lock data until specific hardware or software conditions are met.

With a TPM, private portions of key pairs are kept separated from the memory controlled by the operating system. Keys can be sealed to the TPM, and certain assurances about the state of a system—that define its "trustworthiness"—can be made before the keys are unsealed and released for use. Because the TPM uses its own internal firmware and logic circuits for processing instructions, it does not rely upon the operating system and is not exposed to external software vulnerabilities.
For a step-by-step guide on TPMs, please refer to the following:

Can WipeDrive Wipe the TPM?

Yes, WipeDrive can wipe TPM 2.0, but is not compatible with 1.2. Some TPM chips can switch between the two 'modes', and when set to 2.0, WipeDrive can wipe them as well.

Bitlocker will not interfere with WipeDrive removing the TPM.

  • 127
  • 09-Oct-2020