A trusted platform may demonstrate that it operates in a safe configuration by measuring the configuration and sealing the data to the configuration. A key component of a trusted platform is the trusted platform module (TPM). A TPM may perform operations such as cryptographic hashes to detect loss of integrity, public and secret key encryption to prevent unauthorized disclosure of data, and digital signing to authenticate transmitted information. Additional details on trusted platform modules may be found in specifications such as the Trusted Computing Group (TCG) TPM Specifications Version 1.2, Level 2 Revision 103, published 9 Jul. 2007 (hereinafter the “TPM specifications”).
The measurements of a configuration may be hashed and stored in platform configuration registers (PCRs) of a TPM. A trusted platform may allow access to data only under a particular configuration of the trusted platform. The TPM seal operation may encrypt data to a specific set of PCR values or an authorization value. To unseal the data, and thereby gain access to it, the authorization must be presented and the set of values stored in the PCRs must match the set used in the seal operation. Similarly, a signing key may be locked to a set of PCR values during key generation within the TPM.