Word Notes 7.26.22
Ep 109 | 7.26.22

Trusted Platform Module (TPM) (noun)


Rick Howard: The word is: TPM.

Rick Howard: Spelled: T for Trusted, P for Platform, and M for Module.

Rick Howard: Definition: A computer chip designed to specifically handle all the computer's cryptographic functions, but is separate from the running operating system in the underlying CPU. 

Rick Howard: Example sentence: Most PCs that have shipped since 2016 have a TPM. 

Rick Howard: Origin and context: In 1976, Whitfield Diffie and Martin Hellman published their research on the Diffie-Hellman key exchange, the beginnings of asymmetric encryption. Before, if I wanted to pass encrypted messages with a trusted source, say Alice, we both had to first agree on the secret key that we each would use to encrypt and decrypt the messages. With the Diffie-Hellman key exchange, that all changed.

Rick Howard: Each party would generate two keys: a private key, and a public key. Alice and I would post our public key somewhere that everybody on the internet could see, say our bio footer at the end of all of our email messages. We would list our name, phone number, and public key for example. To send an encrypted message to Alice, I would use her public key to encrypt the message and mail it off. Alice would use her private key to decrypt it. Diffie-Hellman invented the math, they called it a one-way function, that made it impossible to decrypt the message with the public key, but the only way for Alice to decrypt it was to use her private key. Brilliant! The question that comes to the fore immediately then is how do you secure your private key so that any would be man-in-the-middle ne'er do wells can't steal it and use it to decrypt all your secret messages?

Rick Howard: You could store it on your computer's random access memory, your hard drive, or maybe even in your boot sector, but if the Fancy Bear hackers compromised your machine, they would have access to your private key. Enter the Trusted Platform Module or TPM. The idea was to build a computer chip that would sit on the motherboard, separate from the CPU, and designed to specifically handle all the computer's cryptographic functions.

Rick Howard: The TPM chip would have a private key hardwired on it. The operating system could send public keys and hashes into the TPM and the TPM could verify authorized keys and hashes and send out new public keys. But, Fancy Bear couldn't get access to the private key on the chip. The first accepted specification of TPM came in 2003. By 2008, most personal computers and servers had TPMs and in 2009, the International Organization for Standardization published the standard. But there were issues with the specification and it didn't really catch on in the mainstream. Work continued though and in 2019, ISO published version 2.0 of the specification designed to fix most of the issues. 

Rick Howard: Two years later in October 2021, Microsoft released Windows 11 with a strict requirement that the underlying hardware running the operating system must have a TPM 2.0 module.

Rick Howard: Nerd reference: In a YouTube Computerphile episode in July of 2021, Dr. Steve Bagley explains how a separate TPM module on your computer works.

Steve Bagley: One of the things that Windows 11 is gonna require a PC to have is to have a trusted platform module. As part of it, so basically the trusted platform module is a little chip, which is effectively a very small computer in its own, right? It's running software that can store keys, it can generate random numbers, secure random numbers. It provides a sort of support that you would need in the computer system to do cryptographic type of functions in a secure way. 

Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe, and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.