Trusted Platform Module (TPM)

A Trusted Platform Module (TPM) is a secure cryptoprocessor, standardized as ISO/IEC 11889, that provides hardware-based cryptographic functions and tamper-resistant key storage. Usually a discrete chip soldered to a motherboard (or integrated into firmware), a TPM generates and holds keys so that private material never leaves the device in cleartext. It also includes physical defenses that make extracting secrets by probing the silicon difficult and expensive.

Platform Configuration Registers and Measured Boot

The TPM's defining feature is its set of Platform Configuration Registers (PCRs). PCRs are reset to zero at power-on and can only be "extended", each new value is a hash combining the old value with a fresh measurement, never set arbitrarily. During boot, each component is hashed into a PCR before it runs, producing a tamper-evident record of exactly what the system loaded. This is called measured boot, and it differs from Secure Boot: Secure Boot blocks unsigned code, while measured boot records what ran so it can be audited afterward.

Attestation and Sealing

Because PCR values reflect the real boot state, a TPM can produce a signed "quote" for remote attestation, cryptographically proving to another party that the platform booted into an expected configuration. The TPM can also seal data so it only decrypts when the PCRs match a known-good state, meaning a disk key is released only if the boot chain is unaltered. For a sovereign Bitcoiner, this turns a vague "my machine is probably fine" into a verifiable claim.

See also the Secure Boot feature it complements, the secure element used in hardware wallets, and the cold boot attack that targets keys outside such protected hardware.