Implementing Hardware Roots of Trust: The Trusted Platform Module Comes of Age

by Gal Shpantzer
Sept. 1, 2017 0 comments SANS Institute encryption & vpns

When the specification for the Trusted Platform Module (TPM) was introduced more than 10 years ago, it held the promise of a real breakthrough in information security, especially for defense agencies and other organizations with critical data to protect. Because its security is hardware based, systems containing TPMs can be scanned at boot for signs of change and attest to whether or not the machine meets security requirements, before boot is executed. This makes advanced malware such as bootkits (formerly known as “rootkits”) detectable, and on well-managed endpoints, it reduces the risk of data compromises.