What is a TPM?

TPM is the acronym for Trusted Platforms Module. TPM is the name of the specification detailing a secure crypto processor that can store cryptographic keys. A chip that implements this specification is named a TPM or a TPM chip.

Who is writing this specification?

This specification is done by the Trusted Computing Group (TCG). This group has been created in 2003, they have released the current version (1.2) of the specification in 2007. Some well known corporations of information technology are members of this group as Microsoft, IBM or Intel.

How I can get a TPM?

TPM chips are often present in professional laptops. Some professional's desktops, or personnal computers may also contain a TPM. This technology isn't expensive.

What a TPM is used for?

The first use of a TPM is to check integrity of a platform.
The check integrity functions can be used to assure that the pc can run in trusted conditions until the OS has fully booted.
This is the functionality that is used by our application BootTruster and the Microsoft encryption product: Bitlocker.
These products use the integrity functions to protect against Bootkits.
You can find details about Bootkits on this article article.
The TPM can also be used as a manager of cryptographic keys. He can create, load, stock and use these keys.
It is possible to realize some operations of encryption on a small among of data.
It can’t be used to encrypt a large among a data because of the low power of this processor.
This is the functionalities used by our project FileTruster.


The TPM have a pseudo random numbers generator.
It permits for example to generate keys for a symmetric encryption algorithm like AES. This functionality is also used by FileTruster.
The TPM provides functionalities that permit secure identification (Logon Password Storage, VPN …).
The TPM can finally provide a very little (some bytes) data protected storage.
This storage can use as example as a vault for all password. This vault can be accessible with another password which could be less stronger, the security is then assured by the fact that, after a defined number a failed to enter the password, the vault may be locked.