Trusted execution environments, such as a trusted platform module (TPM), are commonly used to enhance security of computing platforms. For example, a trusted execution environment may be implemented as a separate piece of hardware that may be integrated into a computing platform machine (e.g., trusted platform module integrated into a PC). The trusted execution environment may allow for confidential and secure creation of keys, which may be used by a client to perform secure key actions, such as signing an email, encrypting data, logging onto a machine, etc. In particular, the client may submit a key to a platform module to perform a secure key action through the trusted execution environment. When creating keys, the trusted execution environment may bind keys to one or more policies, such as a platform policy. A platform policy may limit the use of a key to machines having a particular platform configuration (e.g., a platform boot state, a hardware configuration, a software configuration, etc.). In one example, a trusted execution environment may provide a client with an email signing key that may be wrapped with a platform policy. The use of the email signing key may be limited to machines having a similar platform configuration as the platform policy. Thus, if the configuration of the client's machine changes and/or the client attempts to use the email signing key to sign emails on a different machine, then the key may be rejected.