Trusted Platform Module 2.0
TPM 2.0 is the hardware root of trust for modern Secure Boot, disk encryption, remote attestation, and zero-trust device health verification. Understanding it is essential for enterprise security architecture and cloud confidential computing.
What It Defines
Defines the cryptographic coprocessor specification for hardware-backed security: sealed key storage (RSA/ECC keys non-exportable in plaintext), Platform Configuration Registers (PCRs) for measured boot chains, remote attestation (quote signed by endorsement key), sealed storage (data decryptable only when PCRs match expected values), and a standardized command/response protocol over LPC, SPI, or I²C. Required for Windows 11, FIDO2 hardware binding, BitLocker, LUKS TPM2 unlock, and cloud attestation (Azure vTPM, AWS Nitro).
Canonical (Normative)
Convenient (Practical)
Related References
Industry consortium (Intel, AMD, ARM, IBM, Microsoft, HP) that develops hardware-based security standards. Publishes the TPM 2.0 Library Specification (cryptographic coprocessor), TCG PC Client Platform Firmware Profile (UEFI Secure Boot integration), measured boot specs, and the TCG Software Stack (TSS 2.0). TPM chips are now mandatory for Windows 11 and widely required for enterprise attestation.
Related Specs
Every modern x86-64 and AArch64 server, workstation, and PC uses UEFI. Required for OS development, bootloader work (GRUB, systemd-boot, shim), Secure Boot policy, and firmware engineering.
ACPI is how every OS discovers hardware topology, manages CPU power states, handles thermal throttling, and receives platform events. Required for kernel, power management, and firmware development on all modern x86/Arm platforms.