The present disclosure relates to the field of computing hardware, and specifically to cryptographic devices. Still more specifically, the present disclosure relates to Trusted Platform Module (TPM) devices within a computer system.
A Trusted Platform Module (TPM) is a hardware security device found on both client devices as well as server devices. The TPM includes a cryptographic processor that is able to generate a random number, an RSA key, an SHA-1 key, and an encryption-decryption-signature engine. The TPM also includes persistent memory, which stores endorsement keys (i.e., public/private key pairs in which the private key never leaves the TPM) as well as a storage root key (often defined by a user to protect TPM keys that are created by applications, so that these application-created keys cannot be used without first being decrypted by the user-created storage root key). Also within the TPM is a non-volatile (NV) memory, in which are stored platform configuration registers (for storing metrics that describe the system to which the TPM is assigned/affixed), attestation identity keys (for encrypting hashes created from descriptors of hardware and software resources within the system), and storage keys (for encrypting and decrypting data being stored in hard drives within the system). All input/output to the cryptographic processors and memories within the TPM are via a secured input/output interface, which requires a trust relationship with the device/user who is accessing the TPM.