+33 (0)4 76 92 20 01 – sales@ecrin.com
+33 (0)4 76 92 20 01 – sales@ecrin.com
Ecrin Systems
Ecrin Systems

What is TPM 2.0?

Jun 12, 2024 | News

Two types of tpm module chips for mother moards

This article will give you a brief overview of some of the basics you need to know about the TPM 2.0 module, exploring its role, operation and importance in industrial PC and embedded servers environments.

TPM 2.0 has become a fundamental element in system security and reliability, but what exactly is TPM 2.0?

TPM or Trusted Platform Module

The TPM, or “Trusted Platform Module”, is a hardware component (chip) dedicated to security.

It has been integrated into many industrial PCs and embedded servers for the past twenty years.

Example of a rugged computer from our ONYX "Intel® platform trust technology" range embedding TPM 2.0 modules.

Onyx

TPM 2.0 available since 2016 is the latest version of this module offering advanced features to increase the security of computing systems.

This TPM 2.0 module is a chip integrated on the computer motherboard (separate chip or in chipsets or processors >= Intel® Core™ from 8ᵉ generation) using cryptography, these encryption keys securely store all critical information (logins, passwords, fingerprints, keys, certificates, ...), authenticates the platform.

It provides physical protection against cyber-attacks or malware (phishing, ransomware, etc.), helping to secure your platforms against exponentially growing cybercrime.

Unlike other software-based security measures, TPM 2.0 is based on dedicated hardware, making it much more robust to external attacks.

The TPM chip activates Bitlocker under Windows® and encrypts your data so that a lost or stolen PC becomes unusable without access to your Windows® session, and locks access to encrypted data stored on your disks or SSDs.

It's like a hardware barrier to protect your PC from external attacks.

It should be noted that our industrial PCs and servers also integrate TPM 2.0 modules directly on their motherboards, available in various formats, eg. ATX, Mini-ITX, Micro-ATX, E-ATX, PICMG, COMe, ...

For example, our µOPALE V2 :

Opale v2

Some key features of TPM 2.0

  • Secure key storage:TPM 2.0 enables secure storage of cryptographic keys, protecting sensitive information from unauthorized access.

  • Integrity measurements:By recording system integrity measurements, TPM 2.0 helps detect attempts to modify or compromise the system.

  • Strong authentication :Thanks to its advanced authentication capabilities, TPM 2.0 enhances the security of system access and data exchange.

The importance of a secure platform in industrial and embedded environments

In environments where system reliability and security are essential, such as industrial PCs and embedded servers, TPM 2.0 plays a crucial role.

By guaranteeing system integrity, protecting sensitive data and strengthening authentication, TPM 2.0 helps maintain reliable and secure operations, even under extreme conditions.

Here are just a few of the areas in which TPM 2.0 has been implemented in constrained and demanding environments

  • Defense and security:TPM 2.0 is crucial in defense and security projects, where it secures critical communication and control systems, guaranteeing the confidentiality and integrity of sensitive data.

  • Aeronautics and aerospace:In the aerospace industry, TPM 2.0 is used to secure navigation systems, flight control and communications systems, ensuring safe and reliable operations in the most demanding environments.

  • Automotive :In the automotive industry, TPM 2.0 is widely used to secure embedded systems, protecting critical information such as driving data and safety functions.

  • Industrial automation:In industrial automation environments, TPM 2.0 is integrated into industrial PCs to guarantee the integrity of control, command and monitoring systems, reducing the risk of hacking and manipulation of industrial processes.
Tpm cadenas

Quid Windows 11® operating system? Bios?

As a reminder, Windows 11® requires an 8th-generation Intel® Core™ CPU and TPM version 2.0.

If the motherboard is not equipped with these, it will be necessary to upgrade or add a module in the dedicated slot usually available on recent computers.

David Weston, Director of Security and OS at Microsoft, explains very well in numerous blogs why TPM is the key of the solid and trusted foundation that forms an integral part of Microsoft's response to protect PCs & servers against highly sophisticated cybercrime attacks.

He also points out that most processors of the last five years include a TPM (Intel® name: PTT, AMD: PSP fTPM).

Which TPM version? To find out, enter: Windows+R, run tpm.msc and check the version indicated at the end.

Enable TPM: TPM can also be disabled in the BIOS, so check the settings beforehand to enable it.

Don't forget to check your updates, including Windows Update and UEFI BIOS.

And if your machines can't be upgraded to Windows 11® , they'll still be able to run Windows 10® until 2025, but that's just around the corner...

And to complete your information or find out much more:

The Trusted Computing Group (TCG or TGC) is the non-profit organization that publishes and manages the TPM specification. TCG aims to develop, define and promote global, vendor-independent industry standards.

The Trusted Computing Group (TCG or TGC) is working on specifications and standards for TPM "Trusted Platform Module", TNC "Trusted Network Communications", self-encrypting disks, network security, but also to extend the fundamental concepts of trust to other IT platforms and services, virtualization, cloud security, ...