A trusted platform module (TPM) is a security component specified by the Trusted Computing Group, often implemented as a single chip. The TPM typically provides secure boot capability for a computing device as well as protected storage capability for protecting sensitive information such as cryptographic keys. When security conditions specified by TPM standards are satisfied, the TPM releases the protected cryptographic keys in plaintext into a host memory. A processor or a cryptographic peripheral may then use the cryptographic keys for cryptographic operations.
Potential vulnerabilities exist with the release of the protected cryptographic keys in plaintext. In particular, the cryptographic keys can easily be compromised by being exposed in plaintext outside a highly protected and controlled security boundary. In view of the foregoing, there is a need to provide system and method for limiting exposure of cryptographic keys protected by the TPM.