Tom explains the purpose and structure of trusted protection modules.
Featuring Tom Merritt.
Please SUBSCRIBE HERE.
A special thanks to all our supporters–without you, none of this would be possible.
Thanks to Kevin MacLeod of Incompetech.com for the theme music.
Thanks to Garrett Weinzierl for the logo!
Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit
Send us email to [email protected]
Episode transcript:
I heard I can’t get Windows unless I have a TPM?
What the heck is a TPM…?
Is it spying on me? Cause I paid for this machine!
Are you confused?
Don’t be.
Let’s help you Know a Little more about Trusted Platform Modules.
There has been a lot of talk about the Trusted Platform Module over the years, from accusations that it is a hardware lock on the computer you own, to confusion over how it relates to Windows 11 installations to vulnerabilities discovered that could weaken its protections.
But what is it?
The Trusted Platform Module, or TPM is kind of a hardware vault for passwords and encryption keys. It is a chip that is designed to store information for authentication and attestation. And we’ll explain why you need both.
Authentication means it stores things like passwords, certificates or encryption keys. Most of you probably get that part.
Attestation means it can store platform measurements
That can be used to detect if your platform has been compromised or breached. In other words it won’t give up the passwords and keys, unless it’s sure it’s in the machine it’s supposed to be in. That prevents people from stealing a TPM, putting it in another machine and getting all your keys.
The TPM can check at boot for unauthorized changes and protect passwords and keys from being improperly accessed or altered.
Next let’s talk about who’s behind it. Pretty much everybody.
The TPM’s specs are administered by the Trusted Computing Group or TCG. The TCG was founded in 2003 by AMD, Hewlett-Packard, IBM, Intel, and Microsoft and now is made up of 120 companies. The TCG manages TPM’s specs, infrastructure requirements and APIs and protocols needed for software to take advantage of TPM. Basically each revision of TPM includes design principles, structures and commands.
The first machines with TPMs inside were sold in 2006. The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), standardized TPM in 2009. So it’s an official standard. Not just a proprietary thing.
So what can a TPM actually do?
Well it has a hardware random number generator. Essential for any solid crypto offering.
It can generate secure limited use cryptographic keys, handy for securing software.
And as we mentioned it also can handle something called Remote attestation. This creates an almost unforgeable hash based on the hardware and software configuration of the machine. If you, the authorized user swap out a part, or install something new, that hash is updated. But if a TPM is just pried out and put in another machine, it won’t match and the TPM won’t release any of its keys or let the machine boot.
That’s often considered to be TPM’s main job. Making sure that your machine was not tampered with, without your knowledge. The firmware and operating system manage authorizing changes. So the firmware in your machine, like UEFI, can create a root of trust to check if a configuration has changed and how to proceed. An example of this is the Linux Unified Key Setup or LUKS. There’s also Trusted Execution Technology or TXT which can remotely attest if a platform is using the specified hardware and software. This has been one of the fears of TPM, is that it could be abused by a manufacturer who wanted to control machines and decide what software it can or cannot run and possibly use it to record some user actions without their knowledge. That has not turned out to be a problem but it theoretically still could be. And not all TPMs use TXT.
OK so that’s attestation. And that leads to TPM being safe enough to store your high-level passwords and crypto keys. Thats’ the authentication side.
One main use of TPM’s authentication feature is for full disk encryption. Utilities like BitLocker and dm-crypt use the TPM to protect the key that is used to encrypt storage.
So for Bitlocker on a Windows machine, you unlock your drive by typing in your Windows password, but that password is combined with a longer encryption key stored in the TPM. You need the login password, the proper TPM AND the drive to be in the machine the TPM thinks it should be in. Stealing the password isn’t enough to decrypt the drive. Moving the drive into a new machine won’t work. And because of attestation, moving the drive and the TPM into a new machine won’t work because the system configuration won’t pass. You have to have the exact drive in the exact machine with the same TPM AND the password, to decrypt it.
Of course that won’t protect against someone who has your password and access to your machine.
The TPM can also be used for DRM, with license keys stored there so they can’t be discovered and forged.
PC mag compares the TPM to a home alarm. Turning on a PC, or getting to the disk decryption stage of boot up is like opening your door. The TPM is like the keypad for your alarm. The disk or OS is trying to enter the right code on the keypad to keep the alarm from going off. Of course in the case of the TPM if the code is wrong it doesn’t sound an alarm, the analogy would — I guess- be it blasts you out of the doorway and locks all the doors and windows.
And that’s just for boot up stuff. Email clients like Outlook use it to handle encrypted or key-signed messages. Firefox and Chrome use it for maintaining SSL certificates for websites and other devices like printers and smart home devices use it as well.
It’s worth noting now that there are five different types of TPMs. Though you won’t usually encounter them all.
The most secure is a discrete TPM. It is isolated from other systems and its routines are set in hardware so more resistant to bugs. They include tamper resistance that just stop working if they detect somebody tried to mess with them in any way.
Integrated TPMs are almost as secure, but they are part of another chip so are not required to implement tamper resistance.
Firmware TPMs are software and run in a CPU’s trusted execution environment. They are fairly isolated from other software because of that but still not as secure as hardware. However their affordability and lack of complexity mean they are implemented on low and mid-range devices. Intel, AMD and Qualcomm have implemented firmware TPMs.
A Hypervisior TPM is hidden from software running in virtual machines. It’s kind of like a firmware TPM running in a VM.
And software TPMs are the least secure. They add none of the usual protections a TPM can, being only as secure as the operating environment. And those are mostly used for development purposes.
The latest version of TPM is TPM 2.0 issued under a BSD license. It’s been required on new wIndows PCs since 2016. TPM 2.0 is not backward compatible with TPM 1.2 though it offers many of the same features.
One of the main advantages of a TPM, and why hardware versions are more secure, is that a TPM has a unique RSA Key burned into itself. That lets it create new keys with an almost impossible to detect private key and one that is pretty much as close to impossible to change as one could imagine. That’s why software TPMs aren’t as secure because it’s easier to change some bits in software than the wires in a chip.
Even the keys made using the burned-in keys can be kept inside the TPM and never leave. Requests for authorization are computed within the TPM meaning phishing can’t retrieve the key because it can’t be copied without the TPM.
So there you have it. The TPM is a vault specially created to keep your encryption keys safe and your machine from being tampered with.
In other words I hope you Know A Little More about the Trusted Platform Modules.