Trusted Platform Module

Trusted Platform Module (TPM, also known as ISO/IEC

11889) is an international standard for a secure cryptoprocessor, a Trusted Platform Module
dedicated microcontroller designed to secure hardware through Status Published
integrated cryptographic keys. The term can also refer to a chip Year started 2009
conforming to the standard.
Latest ISO/IEC
version 11889:2015
2015
Contents Organization Trusted Computing
History Group, ISO/IEC JTC
Overview 1

Uses Domain Secure

Platform integrity cryptoprocessor
Disk encryption Abbreviation TPM
Other uses and concerns Website ISO/IEC 11889-
TPM implementations 1:2015 (https://www.
TPM 1.2 vs TPM 2.0 iso.org/standard/66
510.html), ISO/IEC
Reception
11889-2:2015 (http
Attacks s://www.iso.org/stan
2017 weak key generation controversy dard/66511.html),
Availability ISO/IEC 11889-
TPM 3:2015 (https://www.
Virtual TPM iso.org/standard/66
Operating Systems 512.html), ISO/IEC
Platforms 11889-4:2015 (http
Virtualization s://www.iso.org/stan
Software dard/66513.html)

Endorsement Keys
TPM software libraries
Developer communities
TPM.dev
tpm2-software
IBM TSS
IBM Software TPM
Keylime Project
Linux Security Mailing List
Restriction law
See also
References
Further reading

History
Trusted Platform Module (TPM) was conceived
by a computer industry consortium called Trusted
Computing Group (TCG), and was standardized
by International Organization for Standardization
(ISO) and International Electrotechnical
Commission (IEC) in 2009 as ISO/IEC 11889.[1]
Components of a Trusted Platform Module complying
When a new revision is released it is broken with the TPM version 1.2 standard
down into 3 parts by the Trusted Computing
Group. Each part consists of a PDF that makes
up the whole of the new TPM specification.

Part 1 – Design Principles

Part 2 – Structures of the TPM
Part 3 – Commands

TCG continues to revise the TPM specifications keeping it up with current needs. TPM Main Specification
Version 1.2 was finalized on March 3, 2011 completing its revision.[2] TCG then released TPM Library
Specification 2.0, with its most recent edition published in 2019.[3]

Overview
Trusted Platform Module provides

A hardware random number generator[4][5]

Facilities for the secure generation of cryptographic keys for limited uses.
Remote attestation: Creates a nearly unforgeable hash key summary of the hardware and
software configuration. The software in charge of hashing the configuration data determines
the extent of the summary. This allows a third party to verify that the software has not been
changed.
Binding: Encrypts data using the TPM bind key, a unique RSA key descended from a
storage key.[6]
Sealing: Similar to binding, but in addition, specifies the TPM state[7] for the data to be
decrypted (unsealed).[8]
Other Trusted Computing functions for the data to be decrypted (unsealed).[9]

Computer programs can use a TPM to authenticate hardware devices, since each TPM chip has a unique
and secret Endorsement Key (EK) burned in as it is produced. Security embedded in hardware provides
more protection than a software-only solution.[10]

Uses
The United States Department of Defense (DoD) specifies that "new computer assets (e.g., server, desktop,
laptop, thin client, tablet, smartphone, personal digital assistant, mobile phone) procured to support DoD
will include a TPM version 1.2 or higher where required by Defense Information Systems Agency (DISA)
Security Technical Implementation Guides (STIGs) and where such technology is available." DoD
anticipates that TPM is to be used for device identification, authentication, encryption, and device integrity
verification.[11]

Platform integrity

The primary scope of TPM is to ensure the integrity of a platform. In this context, "integrity" means
"behave as intended", and a "platform" is any computer device regardless of its operating system. This is to
ensure that the boot process starts from a trusted combination of hardware and software, and continues until
the operating system has fully booted and applications are running.

When TPM is used, the firmware and the operating system are responsible for ensuring integrity.

For example, Unified Extensible Firmware Interface (UEFI) can use TPM to form a root of trust: The TPM
contains several Platform Configuration Registers (PCRs) that allow secure storage and reporting of
security-relevant metrics. These metrics can be used to detect changes to previous configurations and
decide how to proceed. Good examples can be found in Linux Unified Key Setup (LUKS),[12] BitLocker
and PrivateCore vCage memory encryption. (See below.)

Another example of platform integrity via TPM is in the use of Microsoft Office 365 licensing and Outlook
Exchange.[13]

An example of TPM use for platform integrity is the Trusted Execution Technology (TXT), which creates a
chain of trust. It could remotely attest that a computer is using the specified hardware and software.[14]

Disk encryption

Full disk encryption utilities, such as dm-crypt and BitLocker, can use this technology to protect the keys
used to encrypt the computer's storage devices and provide integrity authentication for a trusted boot
pathway that includes firmware and boot sector.[15]

Other uses and concerns

Any application can use a TPM chip for:

Digital rights management (DRM)

Windows Defender
Windows Domain logon[16]
Protection and enforcement of software licenses
Prevention of cheating in online games[17]

Other uses exist, some of which give rise to privacy concerns. The "physical presence" feature of TPM
addresses some of these concerns by requiring BIOS-level confirmation for operations such as activating,
deactivating, clearing or changing ownership of TPM by someone who is physically present at the console
of the machine.[18][19]
TPM implementations
In 2006, new laptops began being sold with a built-in TPM chip.
In the future, this concept could be co-located on an existing
motherboard chip in computers, or any other device where the
TPM facilities could be employed, such as a cellphone. On a PC,
either the LPC bus or the SPI bus is used to connect to the TPM
chip.

The Trusted Computing Group (TCG) has certified TPM chips

manufactured by Infineon Technologies, Nuvoton, and
STMicroelectronics,[20] having assigned TPM vendor IDs to
Advanced Micro Devices, Atmel, Broadcom, IBM, Infineon, Intel, Trusted Platform Module installed on
Lenovo, National Semiconductor, Nationz Technologies, a motherboard
Nuvoton, Qualcomm, Rockchip, Standard Microsystems
Corporation, STMicroelectronics, Samsung, Sinosun, Texas
Instruments, and Winbond.[21] TPM 2.0 Reference
Implementation
There are five different types of TPM 2.0 implementations
(listed in order from most to least secure):[22][23] Developer(s) Microsoft
Repository github.com/Microsoft
Discrete TPMs are dedicated chips that implement
/ms-tpm-20-ref (https://
TPM functionality in their own tamper resistant
semiconductor package. They are theoretically the github.com/Microsoft/
most secure type of TPM because the routines ms-tpm-20-ref)
implemented in hardware should be more resistant to Written in C, C++
bugs versus routines implemented in software, and
their packages are required to implement some Type TPM implementation
tamper resistance. License BSD License
Integrated TPMs are part of another chip. While they Website trustedcomputinggroup
use hardware that resists software bugs, they are not
.org/tpm-library-
required to implement tamper resistance. Intel has
integrated TPMs in some of its chipsets. specification (https://tru
Firmware TPMs (fTPMs) are firmware-based (e.g. stedcomputinggroup.or
UEFI) solutions that run in a CPU's trusted execution g/tpm-library-specificati
environment. Intel, AMD and Qualcomm have on)
implemented firmware TPMs.
Hypervisor TPMs (vTPMs) are virtual TPMs provided by and rely on hypervisors, in an
isolated execution environment that is hidden from the software running inside virtual
machines to secure their code from the software in the virtual machines. They can provide a
security level comparable to a firmware TPM.
Software TPMs are software emulators of TPMs that run with no more protection than a
regular program gets within an operating system. They depend entirely on the environment
that they run in, so they provide no more security than what can be provided by the normal
execution environment, and they are vulnerable to their own software bugs and attacks that
are penetrating the normal execution environment. They are useful for development
purposes.

The official TCG reference implementation of the TPM 2.0 Specification has been developed by Microsoft.
It is licensed under BSD License and the source code is available on GitHub.[24] Microsoft provides a
Visual Studio solution and Linux autotools build scripts.
In 2018, Intel open-sourced its Trusted Platform Module 2.0 (TPM2) software stack with support for Linux
and Microsoft Windows.[25] The source code is hosted on GitHub and licensed under BSD License.[26][27]

Infineon funded the development of an open source TPM middleware that complies with the Software
Stack (TSS) Enhanced System API (ESAPI) specification of the TCG.[28] It was developed by Fraunhofer
Institute for Secure Information Technology (SIT).[29]

IBM's Software TPM 2.0 is an implementation of the TCG TPM 2.0 specification. It is based on the TPM
specification Parts 3 and 4 and source code donated by Microsoft. It contains additional files to complete
the implementation. The source code is hosted on SourceForge[30] and GitHub[31] and licensed under BSD
License.

TPM 1.2 vs TPM 2.0

While TPM 2.0 addresses many of the same use cases and has similar features, the details are different.
TPM 2.0 is not backward compatible with TPM 1.2.[32][33][34]

Specification TPM 1.2 TPM 2.0

A complete specification consists of a platform-specific
specification which references a common four-part TPM 2.0
The one-size-fits-all library.[35][3] Platform-specific specifications define what parts of
Architecture specification consists of the library are mandatory, optional, or banned for that platform;
three parts.[2] and detail other requirements for that platform.[35] Platform-
specific specifications include PC Client,[36] mobile,[37] and
Automotive-Thin.[38]
SHA-1 and RSA are The PC Client Platform TPM Profile (PTP) Specification requires
required.[39] AES is SHA-1 and SHA-256 for hashes; RSA, ECC using the Barreto-
optional.[39] Triple DES was Naehrig 256-bit curve and the NIST P-256 curve for public-key
once an optional algorithm cryptography and asymmetric digital signature generation and
in earlier versions of TPM verification; HMAC for symmetric digital signature generation and
Algorithms 1.2,[40] but has been verification; 128-bit AES for symmetric-key algorithm; and the
banned in TPM 1.2 version MGF1 hash-based mask generation function that is defined in
94.[41] The MGF1 hash- PKCS#1 are required by the TCG PC Client Platform TPM Profile
based mask generation (PTP) Specification.[42] Many other algorithms are also defined
function that is defined in but are optional.[43] Note that Triple DES was readded into TPM
PKCS#1 is required.[39] 2.0, but with restrictions some values in any 64-bit block.[44]

A random number
generator, a public-key
cryptographic algorithm, a
A random number generator, public-key cryptographic algorithms,
cryptographic hash
cryptographic hash functions, symmetric-key algorithms, digital
function, a mask generation
signature generation and verification, mask generation functions,
function, digital signature
Crypto exclusive or, and ECC-based Direct Anonymous Attestation
generation and verification,
Primitives using the Barreto-Naehrig 256-bit curve are required by the TCG
and Direct Anonymous
PC Client Platform TPM Profile (PTP) Specification.[42] The TPM
Attestation are required.[39]
2.0 common library specification also requires key generation and
Symmetric-key algorithms
and exclusive or are key derivation functions.[46]
optional.[39] Key generation
is also required.[45]
Hierarchy One (storage) Three (platform, storage and endorsement)
Root Keys One (SRK RSA-2048) Multiple keys and algorithms per hierarchy
HMAC, PCR, locality, Password, HMAC, and policy (which covers HMAC, PCR,
Authorization
physical presence locality, and physical presence).
NVRAM Unstructured data Unstructured data, Counter, Bitmap, Extend, PIN pass and fail
The TPM 2.0 policy authorization includes the 1.2 HMAC, locality, physical presence, and PCR. It adds
authorization based on an asymmetric digital signature, indirection to another authorization secret, counters
and time limits, NVRAM values, a particular command or command parameters, and physical presence. It
permits the ANDing and ORing of these authorization primitives to construct complex authorization
policies.[47]

Reception
TCG has faced resistance to the deployment of this technology in some areas, where some authors see
possible uses not specifically related to Trusted Computing, which may raise privacy concerns. The
concerns include the abuse of remote validation of software (where the manufacturer—and not the user
who owns the computer system—decides what software is allowed to run) and possible ways to follow
actions taken by the user being recorded in a database, in a manner that is completely undetectable to the
user.[48]

The TrueCrypt disk encryption utility does not support TPM. The original TrueCrypt developers were of
the opinion that the exclusive purpose of the TPM is "to protect against attacks that require the attacker to
have administrator privileges, or physical access to the computer". The attacker who has physical or
administrative access to a computer can circumvent TPM, e.g., by installing a hardware keystroke logger,
by resetting TPM, or by capturing memory contents and retrieving TPM-issued keys. As such, the
condemning text goes so far as to claim that TPM is entirely redundant.[49]

According to Richard Stallman in 2015, "there are reasons to think that it will not be feasible to use [TPM]
for DRM".[50]

Attacks
In 2010, Christopher Tarnovsky presented an attack against TPMs at Black Hat Briefings, where he
claimed to be able to extract secrets from a single TPM. He was able to do this after 6 months of work by
inserting a probe and spying on an internal bus for the Infineon SLE 66 CL PC.[51][52]

In 2015, as part of the Snowden revelations, it was revealed that in 2010 a US CIA team claimed at an
internal conference to have carried out a differential power analysis attack against TPMs that was able to
extract secrets.[53][54]

In 2018, a design flaw in the TPM 2.0 specification for the static root of trust for measurement (SRTM) was
reported (CVE-2018-6622 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6622)). It allows
an adversary to reset and forge platform configuration registers which are designed to securely hold
measurements of software that are used for bootstrapping a computer.[55] Fixing it requires hardware-
specific firmware patches.[55] An attacker abuses power interrupts and TPM state restores to trick TPM into
thinking that it is running on non-tampered components.[56]

Main Trusted Boot (tboot) distributions before November 2017 are affected by a dynamic root of trust for
measurement (DRTM) attack CVE-2017-16837 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20
17-16837), which affects computers running on Intel's Trusted eXecution Technology (TXT) for the boot-
up routine.[56]

In case of physical access, computers with TPM are vulnerable to cold boot attacks as long as the system is
on or can be booted without a passphrase from shutdown or hibernation, which is the default setup for
Windows computers with BitLocker full disk encryption.[57]
In 2021, the Dolos Group showed an attack on a discrete TPM, where the TPM chip itself had some
tamper resistance, but the other endpoints of its communication bus did not. They read a full-disk-
encryption key as it was transmitted across the motherboard, and used it to decrypt the laptop's SSD.[58]

2017 weak key generation controversy

In October 2017, it was reported that a code library developed by Infineon, which had been in widespread
use in its TPMs, contained a vulnerability, known as ROCA, which generated weak RSA key pairs that
allowed private keys to be inferred from public keys. As a result, all systems depending upon the privacy of
such weak keys are vulnerable to compromise, such as identity theft or spoofing.[59]

Cryptosystems that store encryption keys directly in the TPM without blinding could be at particular risk to
these types of attacks, as passwords and other factors would be meaningless if the attacks can extract
encryption secrets.[60]

Infineon has released firmware updates for its TPMs to manufacturers who have used them.[61]

Availability
Currently, a TPM is used by nearly all PC and notebook manufacturers.

TPM

The TPM is implemented by several vendors:

Infineon provides both TPM chips and TPM software, which are delivered as OEM versions
with new computers as well as separately by Infineon for products with TPM technology
which comply with TCG standards. For example, Infineon licensed TPM management
software to Broadcom Corp. in 2004.[62]
Microchip (formerly Atmel) manufactures TPM devices that it claims to be compliant to the
Trusted Platform Module specification version 1.2 revision 116 and offered with several
interfaces (LPC, SPI, and I2C), modes (FIPS 140-2 certified and standard mode),
temperature grades (commercial and industrial), and packages (TSSOP and QFN).[63][64]
Their TPMs support PCs and embedded devices.[63] They also provides TPM development
kits to support integration of its TPM devices into various embedded designs.[65]
Nuvoton Technology Corporation provides TPM devices for PC applications. Nuvoton also
provides TPM devices for embedded systems and Internet of Things (IoT) applications via
I2C and SPI host interfaces. Nuvoton's TPM complies with Common Criteria (CC) with
assurance level EAL 4 augmented with ALC_FLR.1, AVA_VAN.4 and ALC_DVS.2, FIPS
140-2 level 2 with Physical Security and EMI/EMC level 3 and Trusted Computing Group
Compliance requirements, all supported within a single device.[66]
STMicroelectronics has provided TPMs for PC platforms and embedded systems since
2005. The product offering [67] includes discrete devices with several interfaces supporting
Serial Peripheral Interface (SPI) and I²C and different qualification grades (consumer,
industrial and automotive). The TPM products are Common Criteria (CC) certified EAL4+
augmented with ALC_FLR.1 and AVA_VAN.5, FIPS 140-2 level 2 certified with physical
security level 3 and also Trusted Computing Group (TCG) certified.

There are also hybrid types; for example, TPM can be integrated into an Ethernet controller, thus
eliminating the need for a separate motherboard component.[68][69]
Virtual TPM
Google Compute Engine offers virtualized TPMs (vTPMs) as part of Google Cloud's
Shielded VMs product.[70]
The libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and
TPM 2.0). It targets the integration of TPM functionality into hypervisors, primarily into
Qemu.[71]

Operating Systems

The Trusted Platform Module 2.0 (TPM 2.0) has been supported by the Linux kernel since version
3.20.[72][73][74]

Platforms
Google includes TPMs in Chromebooks as part of their security model.[75]
Oracle ships TPMs in their X- and T-Series Systems such as T3 or T4 series of servers.[76]
Support is included in Solaris 11.[77]
In 2006, with the introduction of first Macintosh models with Intel processors, Apple started to
ship Macs with TPM. Apple never provided an official driver, but there was a port under GPL
available.[78] Apple has not shipped a computer with TPM since 2006.[79]
In 2011, Taiwanese manufacturer MSI launched its Windpad 110W tablet featuring an AMD
CPU and Infineon Security Platform TPM, which ships with controlling software version 3.7.
The chip is disabled by default but can be enabled with the included, pre-installed
software.[80]

Virtualization
VMware ESXi hypervisor has supported TPM since 4.x, and from 5.0 it is enabled by
default.[81][82]
Xen hypervisor has support of virtualized TPMs. Each guest gets its own unique, emulated,
software TPM.[83]
KVM, combined with QEMU, has support for virtualized TPMs. As of 2012, it supports
passing through the physical TPM chip to a single dedicated guest. QEMU 2.11 released on
December 2017 also provides emulated TPMs to guests.[84]

Software
Microsoft operating systems Windows Vista and later use the chip in conjunction with the
included disk encryption component named BitLocker. Microsoft had announced that from
January 1, 2015 all computers will have to be equipped with a TPM 2.0 module in order to
pass Windows 8.1 hardware certification.[85] However, in a December 2014 review of the
Windows Certification Program this was instead made an optional requirement. However,
TPM 2.0 is required for connected standby systems.[86] Virtual machines running on Hyper-
V can have their own virtual TPM module starting with Windows 10 1511 and Windows
Server 2016.[87] Windows 11 has TPM 2.0 listed as a minimum system requirement; the
operating system cannot be installed unless the module is present and enabled. This has
led to confusion as many motherboards do not have TPM support at all, require a compatible
 TPM module to be physically installed onto the motherboard, or have a built-in TPM on the
CPU firmware or hardware level that is disabled by default which requires changing settings
in the computer's UEFI to enable.[88] Microsoft Windows includes two TPM related
commands: tpmtool, a utility that can be used to retrieve information about the TPM, and
tpmvscmgr, a command-line tool that allows creating and deleting TPM virtual smart cards
on a computer.[89][90]

Endorsement Keys
TPM Endorsement Keys (EKs) are asymmetric key pairs unique to each TPM. They use the RSA and
ECC algorithms. The TPM manufacturer usually provisions endorsement key certificates in TPM non-
volatile memory. The certificates assert that the TPM is authentic. Starting with TPM 2.0, the certificates
are in X.509 format.

These manufacturers typically provides their Certificate Authority root (and sometimes intermediate)
certificates on their web sites.

AMD[91][92][93][94]
Infineon[95]
Intel [96][97]
NationZ [98][99][100][101]
Nuvoton[102][103][104][105][106]
ST Micro[107][108][109][110][111][112][113][114][115][116]

TPM software libraries

To utilize a TPM, the user needs a software library that communicates with the TPM and provides a
friendlier API than the raw TPM communication. Currently, there are several such open-source TPM 2.0
libraries. Some of them also support TPM 1.2, but mostly TPM 1.2 chips are now deprecated and modern
development is focused on TPM 2.0.

Typically, a TPM library provides API with one-to-one mappings to TPM commands. The TCG
specification calls this layer the System API(SAPI). This way the user has more control over the TPM
operations, however the complexity is high. Therefore, most libraries also offer rich API to invoke complex
TPM operations and hide some of the complexity. The TCG specification call these two layers Enhanced
System API(ESAPI) and Feature API(FAPI).

There is currently only one stack that follows the TCG specification. All the other available open-source
TPM libraries use their own form of richer API.
 Summary of the existing open-source TPM libraries
TPM TPM Attestation server or Microsoft Bare
TPM Libraries API Linux
2.0 1.2 example Windows metal
SAPI, ESAPI and
FAPI No, but there is a
tpm2-tss[117] Yes No Yes Yes Maybe**
from the TCG separate project*
specification
1:1 mapping to
TPM commands Yes, "IBM
ibmtss[118][119] Yes Partial Yes Yes No
+ rich API (mild ACS"[120][121]
layer on top)
1:1 mapping to
TPM commands Yes, "Go-
go-tpm[122] Yes Partial Yes Yes No
+ rich API (mild attestation"[123]
layer on top)
1:1 mapping to
TPM commands Yes, examples are
wolfTPM[124] Yes No Yes Yes Yes
+ rich API inside the library
(wrappers)
1:1 mapping to
TPM commands Yes, examples are
TSS.MSR[125] Yes No Yes Yes*** No
+ rich API inside the library
(wrappers)

(*) There is a separate project called "CHARRA" by Fraunhofer[126] that uses the tpm2-tss library for
Remote Attestation. The other stacks have accompanying attestation servers or directly include examples
for attestation. IBM offer their open-source Remote Attestation Server called "IBM ACS" on Sourceforge
and Google have "Go-Attestation" available on GitHub, while "wolfTPM" offers time and local attestation
examples directly in its open-source code, also on GitHub.

(**) There is an application note[127] about an example project for the AURIX 32-bit SoC using the tpm2-
tss library.

(***) Requires additional libraries (dotnet) to run on Linux.

These TPM libraries are sometimes also called TPM stacks, because they provide the interface for the
developer or user to interact with the TPM. As seen from the table, the TPM stacks abstract the operating
system and transport layer, so the user could migrate one application between platforms. For example, by
using TPM stack API the user would interact the same way with a TPM, regardless if the physical chip is
connected over SPI, I2C or LPC interface to the Host system.

Developer communities
The increasing relevance of computer security and especially hardware-backed security has made the
potential use of TPM popular among developers and users. There are several developer communities
around using a TPM.

TPM.dev

This community[128] has a forum-like platform for sharing information and asking questions. In the
platform, one finds articles and video tutorials from community members and guests. There is a regular
weekly online call. The main focus of this community is lowering the barrier to adoption of TPM and
existing TPM Software Libraries. Specific focus is put on Remote Attestation and trusted applications.

tpm2-software

This community[129] is centered around the use of TPM with the tpm2-tss library. The community engages
in developing it and other TPM 2.0 related software that can be found at their GitHub account.[130] There
also is a tutorials and external section with links to conference talks and presentations.

IBM TSS

Nominally addressing the IBM TSS[131][132] most discussions relate to more general application
development.

IBM Software TPM

Nominally addressing the IBM implementation of a software TPM 2.0,[133][134] most discussions relate to
more general application development.

Keylime Project

Open Source project that Uses TPM 2.0 for boot and runtime attestation of computers and
devices.[135][136]

Linux Security Mailing List

linux-integrity@vger.kernel.org is a high volume mailing list. It is more appropriate for TPM device driver
issues than general HOWTO questions.

Restriction law
Chinese (in the past) and Russian regulations restrict TPM modules access.[137]

See also
ARM TrustZone
Crypto-shredding
Hardware security
Hardware security module
Hengzhi chip
Intel Management Engine
AMD Platform Security Processor
Next-Generation Secure Computing Base
Threat model
Trusted Computing
Trusted Computing Group
 Trusted Execution Technology
Unified Extensible Firmware Interface (UEFI)

References
1. "ISO/IEC 11889-1:2009 – Information technology – Trusted Platform Module – Part 1:
Overview" (http://www.iso.org/iso/catalogue_detail.htm?csnumber=50970). ISO.org.
International Organization for Standardization. May 2009. Archived (https://web.archive.org/
web/20170128033043/http://www.iso.org/iso/catalogue_detail.htm?csnumber=50970) from
the original on January 28, 2017. Retrieved November 30, 2013.
2. "Trusted Platform Module (TPM) Specifications" (https://www.trustedcomputinggroup.org/tpm
-main-specification/). Trusted Computing Group. March 1, 2011. Archived (https://web.archiv
e.org/web/20171022063836/https://trustedcomputinggroup.org/tpm-main-specification/) from
the original on October 22, 2017. Retrieved October 30, 2016.
3. "TPM Library Specification 2.0" (https://www.trustedcomputinggroup.org/tpm-library-specific
ation/). Trusted Computing Group. Archived (https://web.archive.org/web/20161029235918/h
ttps://www.trustedcomputinggroup.org/tpm-library-specification/) from the original on October
29, 2016. Retrieved October 30, 2016.
4. Alin Suciu, Tudor Carean (2010). "Benchmarking the True Random Number Generator of
TPM Chips". arXiv:1008.2223 (https://arxiv.org/abs/1008.2223) [cs.CR (https://arxiv.org/archi
ve/cs.CR)].
5. TPM Main Specification Level 2 (https://trustedcomputinggroup.org/wp-content/uploads/TPM
-Main-Part-1-Design-Principles_v1.2_rev116_01032011.pdf) (PDF), Part 1 – Design
Principles (Version 1.2, Revision 116 ed.), archived (https://web.archive.org/web/202102242
15928/https://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-1-Design-Prin
ciples_v1.2_rev116_01032011.pdf) (PDF) from the original on February 24, 2021, retrieved
September 12, 2017, "Our definition of the RNG allows implementation of a Pseudo
Random Number Generator (PRNG) algorithm. However, on devices where a hardware
source of entropy is available, a PRNG need not be implemented. This specification refers
to both RNG and PRNG implementations as the RNG mechanism. There is no need to
distinguish between the two at the TCG specification level."
6. "tspi_data_bind(3) – Encrypts data blob" (http://linux.die.net/man/3/tspi_data_bind) (Posix
manual page). Trusted Computing Group. Archived (https://web.archive.org/web/201311291
01856/http://linux.die.net/man/3/tspi_data_bind) from the original on November 29, 2013.
Retrieved October 27, 2009.
7. Trusted Platform Module Library Specification, Family "2.0" (https://trustedcomputinggroup.o
rg/wp-content/uploads/TCG_TPM2_r1p59_Part1_Architecture_pub.pdf) (PDF), Part 1 –
Architecture, Section 12, TPM Operational States (Level 00, Revision 01.59 ed.), Trusted
Computing Group, archived (https://web.archive.org/web/20210109164407/https://trustedco
mputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part1_Architecture_pub.pdf)
(PDF) from the original on January 9, 2021, retrieved January 17, 2021
8. TPM Main Specification Level 2 (http://www.trustedcomputinggroup.org/files/static_page_file
s/72C33D71-1A4B-B294-D02C7DF86630BE7C/TPM%20Main-Part%203%20Commands_
v1.2_rev116_01032011.pdf) (PDF), Part 3 – Commands (Version 1.2, Revision 116 ed.),
Trusted Computing Group, archived (https://web.archive.org/web/20110928031628/http://ww
w.trustedcomputinggroup.org/files/static_page_files/72C33D71-1A4B-B294-D02C7DF8663
0BE7C/TPM%20Main-Part%203%20Commands_v1.2_rev116_01032011.pdf) (PDF) from
the original on September 28, 2011, retrieved June 22, 2011
 9. Microsoft Article on TPM (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/
windows-vista/cc749022(v=ws.10)?redirectedfrom=MSDN), archived (https://web.archive.or
g/web/20210102105127/https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/
windows-vista/cc749022(v=ws.10)?redirectedfrom=MSDN) from the original on January 2,
2021, retrieved April 1, 2021
10. "TPM – Trusted Platform Module" (https://web.archive.org/web/20160803203400/http://www-
01.ibm.com/support/docview.wss?uid=pos1R1003970&aid=1). IBM. Archived from the
original (http://www-01.ibm.com/support/docview.wss?uid=pos1R1003970&aid=1) on
August 3, 2016.
11. Instruction 8500.01 (https://fas.org/irp/doddir/dod/i8500_01.pdf) (PDF). US Department of
Defense. March 14, 2014. p. 43. Archived (https://web.archive.org/web/20150617194112/htt
ps://fas.org/irp/doddir/dod/i8500_01.pdf) (PDF) from the original on June 17, 2015. Retrieved
July 21, 2016.
12. "LUKS support for storing keys in TPM NVRAM" (https://github.com/shpedoikal/tpm-luks).
github.com. 2013. Archived (https://web.archive.org/web/20130916075234/https://github.co
m/shpedoikal/tpm-luks) from the original on September 16, 2013. Retrieved December 19,
2013.
13. "Microsoft Office Outlook Exchange Error 80090016 After a System Board Replacement" (htt
ps://www.dell.com/support/kbdoc/en-uk/000137758/microsoft-office-outlook-exchange-error-
80090016-after-a-system-board-replacement). Archived (https://web.archive.org/web/20210
628200144/https://www.dell.com/support/kbdoc/en-uk/000137758/microsoft-office-outlook-e
xchange-error-80090016-after-a-system-board-replacement) from the original on June 28,
2021. Retrieved December 23, 2020.
14. Greene, James (2012). "Intel Trusted Execution Technology" (http://www.intel.com/content/d
am/www/public/us/en/documents/white-papers/trusted-execution-technology-security-paper.
pdf) (PDF) (white paper). Intel. Archived (https://web.archive.org/web/20140611161421/htt
p://www.intel.com/content/dam/www/public/us/en/documents/white-papers/trusted-execution
-technology-security-paper.pdf) (PDF) from the original on June 11, 2014. Retrieved
December 18, 2013.
15. "TPM Encryption" (https://www.techsectora.com/2021/02/tpm-header-what-is-it-and-why-is-it
-used.html?m=1). Archived (https://web.archive.org/web/20210628045716/https://www.techs
ectora.com/2021/02/tpm-header-what-is-it-and-why-is-it-used.html?m=1) from the original on
June 28, 2021. Retrieved March 29, 2021.
16. "Get Started with Virtual Smart Cards: Walkthrough Guide" (https://docs.microsoft.com/en-us/
windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started#step-3
-enroll-for-the-certificate-on-the-tpm-virtual-smart-card). Archived (https://web.archive.org/we
b/20210324164541/https://docs.microsoft.com/en-us/windows/security/identity-protection/virt
ual-smart-cards/virtual-smart-card-get-started#step-3-enroll-for-the-certificate-on-the-tpm-virt
ual-smart-card) from the original on March 24, 2021. Retrieved December 23, 2020.
17. Autonomic and Trusted Computing: 4th International Conference (https://books.google.com/
books?id=cUhpq98Zb8AC&pg=PA124) (Google Books). ATC. 2007. ISBN 9783540735465.
Archived (https://web.archive.org/web/20200819025756/https://books.google.com/books?id
=cUhpq98Zb8AC&pg=PA124) from the original on August 19, 2020. Retrieved May 31,
2014.
18. Pearson, Siani; Balacheff, Boris (2002). Trusted computing platforms: TCPA technology in
context (https://books.google.com/books?id=EWk2pLY7atgC). Prentice Hall. ISBN 978-0-
13-009220-5. Archived (https://web.archive.org/web/20170325040326/https://books.google.
com/books?id=EWk2pLY7atgC) from the original on March 25, 2017. Retrieved July 21,
2016.
19. "SetPhysicalPresenceRequest Method of the Win32_Tpm Class" (http://msdn.microsoft.co
m/en-us/library/aa376478(VS.85).aspx). Microsoft. Archived (https://web.archive.org/web/20
090519204808/http://msdn.microsoft.com/en-us/library/aa376478(VS.85).aspx) from the
original on May 19, 2009. Retrieved June 12, 2009.
20. "TPM Certified Products List" (https://www.trustedcomputinggroup.org/membership/certificati
on/tpm-certified-products/). Trusted Computing Group. Archived (https://web.archive.org/we
b/20161014153730/http://www.trustedcomputinggroup.org/membership/certification/tpm-cert
ified-products/) from the original on October 14, 2016. Retrieved October 1, 2016.
21. "TCG Vendor ID Registry" (https://www.trustedcomputinggroup.org/wp-content/uploads/Ven
dor_ID_Registry_0-8_clean.pdf) (PDF). September 23, 2015. Archived (https://web.archive.o
rg/web/20161028083456/https://www.trustedcomputinggroup.org/wp-content/uploads/Vendo
r_ID_Registry_0-8_clean.pdf) (PDF) from the original on October 28, 2016. Retrieved
October 27, 2016.
22. Lich, Brian; Browers, Nick; Hall, Justin; McIlhargey, Bill; Farag, Hany (October 27, 2017).
"TPM Recommendations" (https://docs.microsoft.com/en-us/windows/device-security/tpm/tp
m-recommendations). Microsoft Docs. Microsoft. Archived (https://web.archive.org/web/2018
0111052704/https://docs.microsoft.com/en-us/windows/device-security/tpm/tpm-recommend
ations) from the original on January 11, 2018. Retrieved January 10, 2018.
23. "Trusted Platform Module 2.0: A Brief Introduction" (https://www.trustedcomputinggroup.org/
wp-content/uploads/TPM-2.0-A-Brief-Introduction.pdf) (PDF). Trusted Computing Group.
October 13, 2016. Archived (https://web.archive.org/web/20190203202259/https://www.trust
edcomputinggroup.org/wp-content/uploads/TPM-2.0-A-Brief-Introduction.pdf) (PDF) from the
original on February 3, 2019. Retrieved March 31, 2018.
24. "GitHub - microsoft/ms-tpm-20-ref: Reference implementation of the TCG Trusted Platform
Module 2.0 specification" (https://github.com/Microsoft/ms-tpm-20-ref). Archived (https://web.
archive.org/web/20201027190036/https://github.com/microsoft/ms-tpm-20-ref) from the
original on October 27, 2020. Retrieved April 5, 2020.
25. "Intel Open-Sources New TPM2 Software Stack - Phoronix" (https://www.phoronix.com/sca
n.php?page=news_item&px=Intel-New-Open-Source-TPM2). Archived (https://web.archive.
org/web/20200810025300/https://www.phoronix.com/scan.php?page=news_item&px=Intel-
New-Open-Source-TPM2) from the original on August 10, 2020. Retrieved April 5, 2020.
26. "Archived copy" (https://github.com/tpm2-software). Archived (https://web.archive.org/web/20
200709134944/https://github.com/tpm2-software) from the original on July 9, 2020.
Retrieved April 5, 2020.
27. "The TPM2 Software Stack: Introducing a Major Open Source Release | Intel® Software" (htt
ps://software.intel.com/en-us/blogs/2018/08/29/tpm2-software-stack-open-source). Archived
(https://web.archive.org/web/20200409075120/https://software.intel.com/en-us/blogs/2018/0
8/29/tpm2-software-stack-open-source) from the original on April 9, 2020. Retrieved April 5,
2020.
28. "Open source TPM 2.0 software stack eases security adoption" (https://www.eenewsembed
ded.com/news/open-source-tpm-20-software-stack-eases-security-adoption). Archived (http
s://web.archive.org/web/20190618182510/https://www.eenewsembedded.com/news/open-s
ource-tpm-20-software-stack-eases-security-adoption) from the original on June 18, 2019.
Retrieved April 5, 2020.
29. "Infineon Enables Open Source Software Stack for TPM 2.0" (https://www.bisinfotech.com/in
fineon-enables-open-source-software-stack-for-tpm-2-0/). Archived (https://web.archive.org/
web/20210203092444/https://www.bisinfotech.com/infineon-enables-open-source-software-
stack-for-tpm-2-0/) from the original on February 3, 2021. Retrieved April 5, 2020.
30. "IBM's Software TPM 2.0 download | SourceForge.net" (https://sourceforge.net/projects/ibms
wtpm2/). Archived (https://web.archive.org/web/20190612221519/https://sourceforge.net/proj
ects/ibmswtpm2/) from the original on June 12, 2019. Retrieved April 5, 2020.
31. "IBM SW TPM 2.0" (https://github.com/kgoldman/ibmswtpm2/). Archived (https://web.archive.
org/web/20200918030405/https://github.com/kgoldman/ibmswtpm2) from the original on
September 18, 2020. Retrieved June 2, 2021.
32. "Part 1: Architecture" (https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-
2.0-Part-1-Architecture-01.16.pdf) (PDF), Trusted Platform Module Library, Trusted
Computing Group, October 30, 2014, archived (https://web.archive.org/web/2016102808395
7/https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architect
ure-01.16.pdf) (PDF) from the original on October 28, 2016, retrieved October 27, 2016
33. https://www.dell.com/support/article/en-us/sln312590/tpm-1-2-vs-2-0-features?lang=en
34. "Archived copy" (http://aps2.toshiba-tro.de/kb0/TSB8B03XO0000R01.htm). Archived (https://
web.archive.org/web/20200206234241/http://aps2.toshiba-tro.de/kb0/TSB8B03XO0000R0
1.htm) from the original on February 6, 2020. Retrieved August 31, 2020.
35. Arthur, Will; Challener, David; Goldman, Kenneth (2015). A Practical Guide to TPM 2.0:
Using the New Trusted Platform Module in the New Age of Security. New York City: Apress
Media, LLC. p. 69. doi:10.1007/978-1-4302-6584-9 (https://doi.org/10.1007%2F978-1-4302-
6584-9). ISBN 978-1430265832. S2CID 27168869 (https://api.semanticscholar.org/CorpusI
D:27168869).
36. "PC Client Protection Profile for TPM 2.0 – Trusted Computing Group" (https://www.trustedc
omputinggroup.org/pc-client-protection-profile-tpm-2-0/). trustedcomputinggroup.org.
Archived (https://web.archive.org/web/20161031085440/https://www.trustedcomputinggroup.
org/pc-client-protection-profile-tpm-2-0/) from the original on October 31, 2016. Retrieved
October 30, 2016.
37. "TPM 2.0 Mobile Reference Architecture Specification – Trusted Computing Group" (https://
www.trustedcomputinggroup.org/tpm-2-0-mobile-reference-architecture-specification/).
trustedcomputinggroup.org. Archived (https://web.archive.org/web/20161101103322/https://
www.trustedcomputinggroup.org/tpm-2-0-mobile-reference-architecture-specification/) from
the original on November 1, 2016. Retrieved October 31, 2016.
38. "TCG TPM 2.0 Library Profile for Automotive-Thin" (https://trustedcomputinggroup.org/tcg-tp
m-2-0-library-profile-automotive-thin/). trustedcomputinggroup.org. March 1, 2015. Archived
(https://web.archive.org/web/20170426062330/https://trustedcomputinggroup.org/tcg-tpm-2-
0-library-profile-automotive-thin/) from the original on April 26, 2017. Retrieved April 25,
2017.
39. "Archived copy" (http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-2-TP
M-Structures_v1.2_rev116_01032011.pdf) (PDF). Archived (https://web.archive.org/web/201
61030140755/http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-2-TPM-
Structures_v1.2_rev116_01032011.pdf) (PDF) from the original on October 30, 2016.
Retrieved October 29, 2016.
40. "Archived copy" (http://trustedcomputinggroup.org/wp-content/uploads/mainP2Struct_rev85.
pdf) (PDF). Archived (https://web.archive.org/web/20161030080258/http://trustedcomputingg
roup.org/wp-content/uploads/mainP2Struct_rev85.pdf) (PDF) from the original on October
30, 2016. Retrieved October 29, 2016.
41. "Archived copy" (http://trustedcomputinggroup.org/wp-content/uploads/TPM-main-1.2-Rev94
-part-2.pdf) (PDF). Archived (https://web.archive.org/web/20161030080413/http://trustedcom
putinggroup.org/wp-content/uploads/TPM-main-1.2-Rev94-part-2.pdf) (PDF) from the
original on October 30, 2016. Retrieved October 29, 2016.
42. "Archived copy" (https://www.trustedcomputinggroup.org/wp-content/uploads/PC-Client-Spe
cific-Platform-TPM-Profile-for-TPM-2-0-v43-150126.pdf) (PDF). Archived (https://web.archiv
e.org/web/20161009102841/https://trustedcomputinggroup.org/wp-content/uploads/PC-Clie
nt-Specific-Platform-TPM-Profile-for-TPM-2-0-v43-150126.pdf) (PDF) from the original on
October 9, 2016. Retrieved October 29, 2016.
43. "Archived copy" (https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_Algorith
m_Registry_Rev_1.22.pdf) (PDF). Archived (https://web.archive.org/web/20161031085411/
https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_
1.22.pdf) (PDF) from the original on October 31, 2016. Retrieved October 30, 2016.
44. "Archived copy" (https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Re
gistry_Rev_1.27_FinalPublication.pdf) (PDF). Archived (https://web.archive.org/web/201901
23223556/https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Registry
_Rev_1.27_FinalPublication.pdf) (PDF) from the original on January 23, 2019. Retrieved
January 23, 2019.
45. "Archived copy" (http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-1-De
sign-Principles_v1.2_rev116_01032011.pdf) (PDF). Archived (https://web.archive.org/web/2
0161031085415/http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-1-De
sign-Principles_v1.2_rev116_01032011.pdf) (PDF) from the original on October 31, 2016.
Retrieved October 30, 2016.
46. "Archived copy" (https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-
Part-1-Architecture-01.16.pdf) (PDF). Archived (https://web.archive.org/web/2016102808395
7/https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architect
ure-01.16.pdf) (PDF) from the original on October 28, 2016. Retrieved October 27, 2016.
47. "Section 23: Enhanced Authorization (EA) Commands", Trusted Platform Module Library;
Part 3: Commands (http://www.trustedcomputinggroup.org/files/static_page_files/C213752B-
1A4B-B294-D053D90DF2AB69C5/TPM%20Rev%202.0%20Part%203%20-%20Command
s%2001.07-2014-03-13-code.pdf) (PDF), Trusted Computing Group, March 13, 2014,
archived (https://web.archive.org/web/20140903132917/http://www.trustedcomputinggroup.o
rg/files/static_page_files/C213752B-1A4B-B294-D053D90DF2AB69C5/TPM%20Rev%202.
0%20Part%203%20-%20Commands%2001.07-2014-03-13-code.pdf) (PDF) from the
original on September 3, 2014, retrieved September 2, 2014
48. Stallman, Richard Matthew, "Can You Trust Your Computer", Project GNU (https://www.gnu.
org/philosophy/can-you-trust.html), Philosophy, Free Software Foundation, archived (https://
web.archive.org/web/20110629082333/http://www.gnu.org/philosophy/can-you-trust.html)
from the original on June 29, 2011, retrieved July 21, 2016
49. "TrueCrypt User Guide" (https://www.grc.com/misc/truecrypt/TrueCrypt%20User%20Guide.p
df) (PDF). truecrypt.org. TrueCrypt Foundation. February 7, 2012. p. 129. Archived (https://w
eb.archive.org/web/20191225153826/https://www.grc.com/misc/truecrypt/TrueCrypt%20Use
r%20Guide.pdf) (PDF) from the original on December 25, 2019. Retrieved February 20,
2018 – via grc.com.
50. "Can You Trust Your Computer? - GNU Project - Free Software Foundation" (https://www.gn
u.org/philosophy/can-you-trust.en.html). www.gnu.org. Retrieved August 11, 2021.
51. "Black Hat: Researcher claims hack of processor used to secure Xbox 360, other products"
(https://web.archive.org/web/20120130095246/https://www.networkworld.com/news/2010/02
0210-black-hat-processor-security.html). January 30, 2012. Archived from the original on
January 30, 2012. Retrieved August 10, 2017.
52. Szczys, Mike (February 9, 2010). "TPM crytography cracked" (https://web.archive.org/web/2
0100212050338/https://hackaday.com/2010/02/09/tpm-crytography-cracked/). HACKADAY.
Archived from the original (https://hackaday.com/2010/02/09/tpm-crytography-cracked/) on
February 12, 2010.
53. Scahill, Jeremy ScahillJosh BegleyJeremy; Begley2015-03-10T07:35:43+00:00, Josh
(March 10, 2015). "The CIA Campaign to Steal Apple's Secrets" (https://theintercept.com/20
15/03/10/ispy-cia-campaign-steal-apples-secrets/). The Intercept. Archived (https://web.archi
ve.org/web/20170809064512/https://theintercept.com/2015/03/10/ispy-cia-campaign-steal-a
pples-secrets/) from the original on August 9, 2017. Retrieved August 10, 2017.
54. "TPM Vulnerabilities to Power Analysis and An Exposed Exploit to Bitlocker – The Intercept"
(https://theintercept.com/document/2015/03/10/tpm-vulnerabilities-power-analysis-exposed-
exploit-bitlocker/). The Intercept. Archived (https://web.archive.org/web/20170709222530/htt
ps://theintercept.com/document/2015/03/10/tpm-vulnerabilities-power-analysis-exposed-exp
loit-bitlocker/) from the original on July 9, 2017. Retrieved August 10, 2017.
55. Seunghun, Han; Wook, Shin; Jun-Hyeok, Park; HyoungChun, Kim (August 15–17, 2018). A
Bad Dream: Subverting Trusted Platform Module While You Are Sleeping (https://www.useni
x.org/system/files/conference/usenixsecurity18/sec18-han.pdf) (PDF). 27th USENIX
Security Symposium. Baltimore, MD, USA: USENIX Association. ISBN 978-1-939133-04-5.
Archived (https://web.archive.org/web/20180820032203/https://www.usenix.org/system/files/
conference/usenixsecurity18/sec18-han.pdf) (PDF) from the original on August 20, 2019.
56. Catalin Cimpanu (August 29, 2018). "Researchers Detail Two New Attacks on TPM Chips"
(https://www.bleepingcomputer.com/news/security/researchers-detail-two-new-attacks-on-tp
m-chips/). Bleeping Computer. Archived (https://web.archive.org/web/20181007062452/http
s://www.bleepingcomputer.com/news/security/researchers-detail-two-new-attacks-on-tpm-ch
ips/) from the original on October 7, 2018. Retrieved September 28, 2019.
57. Melissa Michael (October 8, 2018). "Episode 14| Reinventing the Cold Boot Attack: Modern
Laptop Version" (https://blog.f-secure.com/podcast-reinventing-cold-boot-attack/) (Podcast).
F-Secure Blog. Archived (https://web.archive.org/web/20190928091354/https://blog.f-secur
e.com/podcast-reinventing-cold-boot-attack/) from the original on September 28, 2019.
Retrieved September 28, 2019.
58. "Trusted platform module security defeated in 30 minutes, no soldering required" (https://arst
echnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-
minutes/). August 3, 2021.
59. Goodin, Dan (October 16, 2017). "Millions of high-security crypto keys crippled by newly
discovered flaw" (https://arstechnica.com/information-technology/2017/10/crypto-failure-crip
ples-millions-of-high-security-keys-750k-estonian-ids/). Ars Technica. Condé Nast. Archived
(https://web.archive.org/web/20181019012939/https://arstechnica.com/information-technolo
gy/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/) from the
original on October 19, 2018. Retrieved October 18, 2017.
60. "Can the NSA Break Microsoft's BitLocker? – Schneier on Security" (https://www.schneier.co
m/blog/archives/2015/03/can_the_nsa_bre_1.html). www.schneier.com. Archived (https://we
b.archive.org/web/20170810210547/https://www.schneier.com/blog/archives/2015/03/can_t
he_nsa_bre_1.html) from the original on August 10, 2017. Retrieved August 10, 2017.
61. " "TPM Update - Infineon Technologies" " (https://www.infineon.com/cms/en/product/promop
ages/tpm-update/). Archived (https://web.archive.org/web/20210205072055/https://www.infin
eon.com/cms/en/product/promopages/tpm-update/) from the original on February 5, 2021.
Retrieved March 19, 2021.
62. "Trusted Platform Module (TPM) im LAN-Adapter" (https://www.heise.de/newsticker/meldun
g/Trusted-Platform-Module-TPM-im-LAN-Adapter-143777.html). Heise Online. Archived (htt
ps://web.archive.org/web/20190107232935/https://www.heise.de/newsticker/meldung/Truste
d-Platform-Module-TPM-im-LAN-Adapter-143777.html) from the original on January 7, 2019.
Retrieved January 7, 2019.
63. "Home – Microchip Technology" (http://www.atmel.com/products/security-ics/embedded/).
www.atmel.com. Archived (https://web.archive.org/web/20161005162507/http://www.atmel.c
om/products/security-ics/embedded/) from the original on October 5, 2016. Retrieved
October 4, 2016.
64. "AN_8965 TPM Part Number Selection Guide – Application Notes – Microchip Technology
Inc" (http://www.atmel.com/Images/Atmel-8965-TPM-Part-No-Selection-Guide-ApplicationN
ote.pdf) (PDF). www.atmel.com. Archived (https://web.archive.org/web/20161005171009/htt
p://www.atmel.com/Images/Atmel-8965-TPM-Part-No-Selection-Guide-ApplicationNote.pdf)
(PDF) from the original on October 5, 2016. Retrieved October 4, 2016.
65. "Home – Microchip Technology" (http://www.atmel.com/products/security-ics/embedded/?tab
=tools). www.atmel.com. Archived (https://web.archive.org/web/20161005165740/http://ww
w.atmel.com/products/security-ics/embedded/?tab=tools) from the original on October 5,
2016. Retrieved October 4, 2016.
66. "Nuvoton TPM" (https://www.nuvoton.com/products/cloud-computing/security/trusted-platfor
m-module-tpm).
67. "STSAFE-TPM" (https://www.st.com/content/ccc/resource/sales_and_marketing/promotional
_material/flyer/group0/62/f7/89/67/99/9a/40/45/STSAFE_TPM_Flyer/files/STSAFE-TPM-Fly
er.pdf/jcr:content/translations/en.STSAFE-TPM-Flyer.pdf) (PDF).
68. "Replacing Vulnerable Software with Secure Hardware: The Trusted Platform Module (TPM)
and How to Use It in the Enterprise" (https://www.trustedcomputinggroup.org/files/temp/4B55
1C9F-1D09-3519-AD45C1F0B5D61714/TPM%20Overview.pdf) (PDF). Trusted computing
group. 2008. Archived (https://web.archive.org/web/20140714233816/https://www.trustedco
mputinggroup.org/files/temp/4B551C9F-1D09-3519-AD45C1F0B5D61714/TPM%20Overvi
ew.pdf) (PDF) from the original on July 14, 2014. Retrieved June 7, 2014.
69. "NetXtreme Gigabit Ethernet Controller with Integrated TPM1.2 for Desktops" (http://www.bro
adcom.com/products/Ethernet-Controllers-and-Adapters/Enterprise-Client-Controllers/BCM5
752). Broadcom. May 6, 2009. Archived (https://web.archive.org/web/20140614134124/htt
p://www.broadcom.com/products/Ethernet-Controllers-and-Adapters/Enterprise-Client-Contr
ollers/BCM5752) from the original on June 14, 2014. Retrieved June 7, 2014.
70. "Shielded VMs" (https://cloud.google.com/shielded-vm). Google Cloud. Archived (https://we
b.archive.org/web/20190412112007/https://cloud.google.com/shielded-vm/) from the original
on April 12, 2019. Retrieved April 12, 2019.
71. "libtpms Virtual TPM" (https://github.com/stefanberger/libtpms).
72. "TPM 2.0 Support Sent In For The Linux 3.20 Kernel - Phoronix" (https://www.phoronix.com/
scan.php?page=news_item&px=Linux-3.20-TPM-2.0-Security). Archived (https://web.archiv
e.org/web/20210228102638/https://www.phoronix.com/scan.php?page=news_item&px=Lin
ux-3.20-TPM-2.0-Security) from the original on February 28, 2021. Retrieved April 5, 2020.
73. "TPM 2.0 Support Continues Maturing In Linux 4.4 - Phoronix" (https://www.phoronix.com/sc
an.php?page=news_item&px=TPM-2.0-Security-Linux-4.4). Archived (https://web.archive.or
g/web/20210305070203/https://www.phoronix.com/scan.php?page=news_item&px=TPM-2.
0-Security-Linux-4.4) from the original on March 5, 2021. Retrieved April 5, 2020.
74. "With Linux 4.4, TPM 2.0 Gets Into Shape For Distributions - Phoronix" (https://www.phoroni
x.com/scan.php?page=news_item&px=Linux-4.4-TPM-2.0). Archived (https://web.archive.or
g/web/20200814003044/https://www.phoronix.com/scan.php?page=news_item&px=Linux-
4.4-TPM-2.0) from the original on August 14, 2020. Retrieved April 5, 2020.
75. "Chromebook security: browsing more securely" (https://chrome.googleblog.com/2011/07/ch
romebook-security-browsing-more.html). Chrome Blog. Archived (https://web.archive.org/we
b/20160425070152/https://chrome.googleblog.com/2011/07/chromebook-security-browsing-
more.html) from the original on April 25, 2016. Retrieved April 7, 2013.
76. "Oracle Solaris and Oracle SPARC T4 Servers— Engineered Together for Enterprise Cloud
Deployments" (http://www.oracle.com/us/products/servers-storage/solaris/solaris-and-sparc-t
4-497273.pdf) (PDF). Oracle. Archived (https://web.archive.org/web/20121024150758/http://
www.oracle.com/us/products/servers-storage/solaris/solaris-and-sparc-t4-497273.pdf) (PDF)
from the original on October 24, 2012. Retrieved October 12, 2012.
77. "tpmadm" (http://docs.oracle.com/cd/E23824_01/html/821-1462/tpmadm-1m.html)
(manpage). Oracle. Archived (https://web.archive.org/web/20121114112129/http://docs.oracl
e.com/cd/E23824_01/html/821-1462/tpmadm-1m.html) from the original on November 14,
2012. Retrieved October 12, 2012.
78. Singh, Amit, "Trusted Computing for Mac OS X" (http://www.osxbook.com/book/bonus/chapt
er10/tpm/), OS X book, archived (https://web.archive.org/web/20110721080011/http://www.o
sxbook.com/book/bonus/chapter10/tpm/) from the original on July 21, 2011, retrieved
August 2, 2011.
79. "Your Laptop Data Is Not Safe. So Fix It" (http://www.pcworld.com/article/157966/laptop_sec
urity.html). PC World. January 20, 2009. Archived (https://web.archive.org/web/2013110421
1218/http://www.pcworld.com/article/157966/laptop_security.html) from the original on
November 4, 2013. Retrieved August 22, 2013.
80. "TPM. Complete protection for peace of mind" (http://www.msi.com/product/windpad/WindPa
d-110W.html). Winpad 110W. MSI. Archived (https://web.archive.org/web/20130513043710/
http://www.msi.com/product/windpad/WindPad-110W.html) from the original on May 13,
2013. Retrieved May 20, 2013.
81. Security and the Virtualization Layer (http://pubs.vmware.com/vsphere-50/index.jsp?topic=%
2Fcom.vmware.vsphere.security.doc_50%2FGUID-E9B71B85-FBA3-447C-8A60-DEE2AE
1A405A.html), VMware, archived (https://web.archive.org/web/20131104213659/http://pubs.
vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc_50%2FGU
ID-E9B71B85-FBA3-447C-8A60-DEE2AE1A405A.html) from the original on November 4,
2013, retrieved May 21, 2013.
82. Enabling Intel TXT on Dell PowerEdge Servers with VMware ESXi (http://en.community.dell.
com/techcenter/b/techcenter/archive/2012/06/13/enabling-intel-txt-on-dell-poweredge-server
s-with-vmware-esxi.aspx), Dell, archived (https://web.archive.org/web/20140316165542/htt
p://en.community.dell.com/techcenter/b/techcenter/archive/2012/06/13/enabling-intel-txt-on-d
ell-poweredge-servers-with-vmware-esxi.aspx) from the original on March 16, 2014,
retrieved May 21, 2013.
83. "XEN Virtual Trusted Platform Module (vTPM)" (http://wiki.xenproject.org/wiki/Virtual_Truste
d_Platform_Module_%28vTPM%29). Archived (https://web.archive.org/web/201509151042
49/http://wiki.xenproject.org/wiki/Virtual_Trusted_Platform_Module_(vTPM)) from the original
on September 15, 2015. Retrieved September 28, 2015.
84. "QEMU 2.11 Changelog" (https://wiki.qemu.org/ChangeLog/2.11#TPM). qemu.org.
December 12, 2017. Archived (https://web.archive.org/web/20180209003144/https://wiki.qe
mu.org/ChangeLog/2.11#TPM) from the original on February 9, 2018. Retrieved February 8,
2018.
85. "Windows Hardware Certification Requirements" (http://msdn.microsoft.com/en-us/library/wi
ndows/hardware/hh748188.aspx). Microsoft. Archived (https://web.archive.org/web/2021062
9081025/https://docs.microsoft.com/en-us/previous-versions/windows/hardware/cert-progra
m/?redirectedfrom=MSDN) from the original on June 29, 2021. Retrieved July 23, 2013.
86. "Windows Hardware Certification Requirements for Client and Server Systems" (https://msd
n.microsoft.com/en-us/library/windows/hardware/jj128256). Microsoft. Archived (https://web.
archive.org/web/20150701150150/https://msdn.microsoft.com/en-US/library/windows/hardw
are/jj128256) from the original on July 1, 2015. Retrieved June 5, 2015.
87. "What's new in Hyper-V on Windows Server 2016" (https://technet.microsoft.com/en-us/wind
ows-server-docs/compute/hyper-v/what-s-new-in-hyper-v-on-windows). Microsoft. Archived
(https://web.archive.org/web/20170325113136/https://technet.microsoft.com/en-us/windows-
server-docs/compute/hyper-v/what-s-new-in-hyper-v-on-windows) from the original on March
25, 2017. Retrieved March 24, 2017.
88. "Windows 11 update: TPM 2.0 and PC Health Check confusion" (https://www.slashgear.co
m/windows-11-tpm-2-0-update-system-requirement-confusion-24679866/). SlashGear. June
24, 2021. Archived (https://web.archive.org/web/20210624203318/https://www.slashgear.co
m/windows-11-tpm-2-0-update-system-requirement-confusion-24679866/) from the original
on June 24, 2021. Retrieved June 24, 2021.
89. tpmtool | Microsoft Docs (https://docs.microsoft.com/en-us/windows-server/administration/wi
ndows-commands/tpmtool)
90. tpmvscmgr | Microsoft Docs (https://docs.microsoft.com/en-us/windows-server/administratio
n/windows-commands/tpmvscmgr)
91. AMD EK RSA Root Certificate (https://ftpm.amd.com/pki/aia/264D39A23CEB5D5B49D6100
44EEBD121)
92. AMD EK ECC Root Certificate (https://ftpm.amd.com/pki/aia/23452201D41C5AB064032BD
23F158FEF)
93. AMD EK Ryzen 6000 RSA Intermediate Certificate (https://ftpm.amd.com/pki/aia/51ADE34A
2F8253525E2321AD63F7B197)
 94. AMD EK Ryzen 6000 ECC Intermediate Certificate (https://ftpm.amd.com/pki/aia/D30EE6F7
557055BA66AD1A1DD1157D2C)
95. Infineon Root Certificate (https://www.infineon.com/cms/en/product/promopages/optiga_tpm
_certificates/)
96. Intel EK Root Certificate (https://upgrades.intel.com/content/CRL/ekcert/EKRootPublicKey.c
er)
97. Intel EK Intermediate Certificate (https://upgrades.intel.com/content/CRL/ekcert/SPTHEPIDP
ROD_EK_Platform_Public_Key.cer)
98. NationZ EK Root Certificate (https://pki.nationz.com.cn/EkRootCA/EkRootCA.crt)
99. NationZ EK Intermediate Certificate (https://pki.nationz.com.cn/EkMfrCA001/EkMfrCA001.cr
t)
100. NationZ EK Intermediate Certificate (https://pki.nationz.com.cn/EkMfrCA002/EkMfrCA002.cr
t)
101. NationZ EK Intermediate Certificate (https://pki.nationz.com.cn/EkMfrCA003/EkMfrCA003.cr
t)
102. Nuvoton EK Root Certificate 1110 (https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nu
voton%20TPM%20Root%20CA%201110.cer)
103. Nuvoton EK Root Certificate 1111 (https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nu
voton%20TPM%20Root%20CA%201111.cer)
104. Nuvoton EK Root Certificate 2110 (https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nu
voton%20TPM%20Root%20CA%202110.cer)
105. Nuvoton EK Root Certificate 2111 (https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nu
voton%20TPM%20Root%20CA%202111.cer)
106. Nuvoton EK Root Certificate 2112 (https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nu
voton%20TPM%20Root%20CA%202112.cer)
107. ST Micro EK GlobalSign Certificate (https://secure.globalsign.com/cacert/gstpmroot.crt)
108. ST Micro EK Root Certificate (https://secure.globalsign.com/cacert/stmtpmekroot.crt)
109. ST Micro EK Intermediate Certificate (https://secure.globalsign.com/cacert/stmtpmekint01.cr
t)
110. ST Micro EK Intermediate Certificate (https://secure.globalsign.com/cacert/stmtpmekint02.cr
t)
111. ST Micro EK Intermediate Certificate (https://secure.globalsign.com/cacert/stmtpmekint03.cr
t)
112. ST Micro EK Intermediate Certificate (https://secure.globalsign.com/cacert/stmtpmekint04.cr
t)
113. ST Micro EK Intermediate Certificate (https://secure.globalsign.com/cacert/stmtpmekint05.cr
t)
114. ST Micro EK GlobalSign ECC Certificate (https://secure.globalsign.com/cacert/tpmeccroot.cr
t)
115. ST Micro EK ECC Root Certificate (https://secure.globalsign.com/stmtpmeccroot01.crt)
116. ST Micro EK ECC Intermediate Certificate (https://secure.globalsign.com/stmtpmeccint01.cr
t)
117. tpm2-software/tpm2-tss (https://github.com/tpm2-software/tpm2-tss), Linux TPM2 & TSS2
Software, November 18, 2020, archived (https://web.archive.org/web/20201112024052/http
s://github.com/tpm2-software/tpm2-tss) from the original on November 12, 2020, retrieved
November 20, 2020
118. "IBM TSS for TPM 2.0" (https://sourceforge.net/projects/ibmtpm20tss). Archived (https://web.
archive.org/web/20210629081044/https://sourceforge.net/projects/ibmtpm20tss/) from the
original on June 29, 2021. Retrieved June 2, 2021.
119. "IBM TSS for TPM 2.0" (https://github.com/kgoldman/ibmtss). Archived (https://web.archive.o
rg/web/20210629081026/https://github.com/kgoldman/ibmtss) from the original on June 29,
2021. Retrieved June 2, 2021.
120. "IBM TPM Attestation Client Server" (https://sourceforge.net/projects/ibmtpm20acs).
Archived (https://web.archive.org/web/20210302042105/https://sourceforge.net/projects/ibmt
pm20acs/) from the original on March 2, 2021. Retrieved November 20, 2020.
121. "IBM TPM Attestation Client Server" (https://github.com/kgoldman/acs). Archived (https://we
b.archive.org/web/20210629081029/https://github.com/kgoldman/acs) from the original on
June 29, 2021. Retrieved June 2, 2021.
122. google/go-tpm (https://github.com/google/go-tpm), November 18, 2020, archived (https://we
b.archive.org/web/20201214230835/https://github.com/google/go-tpm) from the original on
December 14, 2020, retrieved November 20, 2020
123. google/go-attestation (https://github.com/google/go-attestation), November 19, 2020,
archived (https://web.archive.org/web/20201119091913/https://github.com/google/go-attesta
tion) from the original on November 19, 2020, retrieved November 20, 2020
124. wolfSSL/wolfTPM (https://github.com/wolfSSL/wolfTPM), wolfSSL, November 18, 2020,
archived (https://web.archive.org/web/20201120123044/https://github.com/wolfSSL/wolfTP
M) from the original on November 20, 2020, retrieved November 20, 2020
125. TSS.MSR (https://github.com/Microsoft/TSS.MSR), archived (https://web.archive.org/web/20
210626071123/https://github.com/microsoft/TSS.MSR/) from the original on June 26, 2021,
retrieved June 17, 2021
126. Fraunhofer-SIT/charra (https://github.com/Fraunhofer-SIT/charra), Fraunhofer Institute for
Secure Information Technology, August 26, 2020, archived (https://web.archive.org/web/202
01029163950/https://github.com/Fraunhofer-SIT/charra) from the original on October 29,
2020, retrieved November 20, 2020
127. AG, Infineon Technologies. "OPTIGA™ TPM SLI 9670 A-TPM board - Infineon
Technologies" (https://www.infineon.com/cms/de/product/evaluation-boards/optiga-tpm-sli96
70-a-tpm/). www.infineon.com. Archived (https://web.archive.org/web/20200806175036/http
s://www.infineon.com/cms/de/product/evaluation-boards/optiga-tpm-sli9670-a-tpm/) from the
original on August 6, 2020. Retrieved November 20, 2020.
128. "TPMDeveloper" (https://developers.tpm.dev/). TPMDeveloper. Archived (https://web.archiv
e.org/web/20201202220831/https://developers.tpm.dev/) from the original on December 2,
2020. Retrieved November 20, 2020.
129. "tpm2-software community" (https://tpm2-software.github.io/). tpm2-software community.
Archived (https://web.archive.org/web/20201130220347/https://tpm2-software.github.io/)
from the original on November 30, 2020. Retrieved November 20, 2020.
130. "Linux TPM2 & TSS2 Software" (https://github.com/tpm2-software). GitHub. Archived (https://
web.archive.org/web/20200709134944/https://github.com/tpm2-software) from the original
on July 9, 2020. Retrieved November 20, 2020.
131. "IBM TSS Discussion" (https://github.com/kgoldman/ibmtss). Archived (https://web.archive.or
g/web/20210629081057/https://github.com/kgoldman/ibmtss) from the original on June 29,
2021. Retrieved June 2, 2021.
132. "IBM TSS Discussion" (https://sourceforge.net/p/ibmtpm20tss/discussion). Archived (https://
web.archive.org/web/20210628114218/https://sourceforge.net/p/ibmtpm20tss/discussion/)
from the original on June 28, 2021. Retrieved June 22, 2021.
133. "IBM TPM Discussion" (https://github.com/kgoldman/ibmswtpm2). Archived (https://web.arch
ive.org/web/20200918030405/https://github.com/kgoldman/ibmswtpm2) from the original on
September 18, 2020. Retrieved June 2, 2021.
134. "IBM TPM Discussion" (https://sourceforge.net/p/ibmswtpm2/discussion). Archived (https://w
eb.archive.org/web/20210629081106/https://sourceforge.net/p/ibmswtpm2/discussion/) from
the original on June 29, 2021. Retrieved June 22, 2021.
135. keylime.dev (https://keylime.dev/)
136. https://github.com/keylime/
137. "Windows 11 TPM 2.0 requirement has a special exception" (https://www.slashgear.com/win
dows-11-tpm-2-0-requirement-has-a-special-exception-27680130/). SlashGear. June 28,
2021. Archived (https://web.archive.org/web/20210628033548/https://www.slashgear.com/wi
ndows-11-tpm-2-0-requirement-has-a-special-exception-27680130/) from the original on
June 28, 2021. Retrieved June 29, 2021.

Further reading
1. Challener, David; Goldman, Kenneth; Arthur, Will (2015), A Practical Guide to TPM 2.0 (http
s://link.springer.com/content/pdf/10.1007%2F978-1-4302-6584-9.pdf) (PDF), Apress,
doi:10.1007/978-1-4302-6584-9 (https://doi.org/10.1007%2F978-1-4302-6584-9), ISBN 978-
1-4302-6584-9, S2CID 27168869 (https://api.semanticscholar.org/CorpusID:27168869).
2. Trusted Platform Module (TPM) (https://www.trustedcomputinggroup.org/work-groups/trusted
-platform-module/) (Work group web page and list of resources), Trusted Computing Group.
3. PC Client Platform TPM Profile (PTP) Specification (https://www.trustedcomputinggroup.org/
pc-client-platform-tpm-profile-ptp-specification/) (Additional TPM 2.0 specifications as
applied to TPMs for PC clients), Trusted Computing Group.
4. PC Client Protection Profile for TPM 2.0 (https://www.trustedcomputinggroup.org/pc-client-pr
otection-profile-tpm-2-0/) (Common Criteria Protection Profile for TPM 2.0 as applied to PC
clients), Trusted Computing Group.
5. "OLS: Linux and trusted computing" (https://lwn.net/Articles/144681/), LWN.
6. Trusted Platform Module (https://www.grc.com/sn/SN-099.htm) (podcast), GRC, 24:30.
7. TPM Setup (for Mac OS X) (http://darkside.cometway.com/content.agent?page_name=Articl
e&name=007), Comet way.
8. "The Security of the Trusted Platform Module (TPM): statement on Princeton Feb 26 paper"
(https://www.trustedcomputinggroup.org/news/press/TCG_statement_on_Princeton_Feb_pa
per_Feb_26.pdf) (PDF), Bulletin (press release), Trusted Computing Group, February 2008.
9. "Take Control of TCPA" (http://www.linuxjournal.com/article/6633), Linux journal.
10. TPM Reset Attack (http://www.cs.dartmouth.edu/~pkilab/sparks/), Dartmouth.
11. Trusted Platforms (white paper), Intel, IBM Corporation, CiteSeerX 10.1.1.161.7603 (https://ci
teseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.161.7603).
12. Garrett, Matthew, A short introduction to TPMs (http://mjg59.dreamwidth.org/24818.html),
Dream width.
13. Martin, Andrew, Trusted Infrastructure "101" (https://tiw2013.cse.psu.edu/slides/tiw-2013-mar
tin.pdf) (PDF), PSU.
14. Using the TPM: Machine Authentication and Attestation (http://opensecuritytraining.info/Intro
ToTrustedComputing_files/Day2-1-auth-and-att.pdf) (PDF), Intro to trusted computing, Open
security training.
15. A Root of Trust for Measurement: Mitigating the Lying Endpoint Problem of TNC (http://securi
ty.hsr.ch/mse/projects/2011_Root_of_Trust_for_Measurement.pdf) (PDF), CH: HSR, 2011.
16. TPM 1.2 Protection Profile (https://www.trustedcomputinggroup.org/tpm-1-2-protection-profil
e/) (Common Criteria Protection Profile), Trusted Computing Group.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Trusted_Platform_Module&oldid=1043017103"

This page was last edited on 7 September 2021, at 23:03 (UTC).

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using
this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia
Foundation, Inc., a non-profit organization.