Leveraging Trusted Platform Modules for Hardware Rooted Security and Robust Device Encryption

Authors

  • Dr. K V S R P Varma Senior Technical Architect, HCL America, NY, USA 14580. Author
  • Rama Kiran Kumar Indrakanti ROSS UofM, Michigan, USA 48109. Author
  • Nitin Vishnoi DBA Candidate: ESGCI, USA 48307. Author
  • Vamsi Chitta R&D Engineer, Broadcom, India 411047. Author

DOI:

https://doi.org/10.63282/3050-922X.ICAILLMBA-117

Keywords:

Trusted Platform Module (Tpm), Hardware Rooted Security, Secure Boot, Device Encryption, Cryptographic Key Protection, Platform Attestation, Firmware Integrity, Bitlocker, Hardware Trust Anchor, Secure Storage

Abstract

The TPM (Trusted Platform Module) has become a core building block in modern hardware-rooted security architectures, ensuring cryptography and device integrity through its tamper-resistant protection. As an independent microcontroller, it securely stores encryption keys, credentials, and platform measurements, which allow for strong authentication and attestation mechanisms. Its presence in modern operating systems and networked devices fortifies defences against unauthorized access, manipulation of firmware, and physical attacks. In disk encryption, TPMs are used to store the disk encryption key in hardware to prevent key extraction, even when the adversary gains physical possession of the storage media. BitLocker, Secure Boot, and virtual smart cards are just a few examples of technologies whose security relies on the TPM as a hardware root of trust for ensuring that only signed software executes during the boot process and sensitive data is protected throughout the life of the device. This paper revisits the architectural considerations of TPMs, assesses its contributions towards hardware security and encrypted storage, and underlines their increased applicability in heterogeneous computing environments.

References

[1] Trusted Computing Group. TCG Specification Architecture Overview Revision 1.4. 2007. Available online: [Online].

https://trustedcomputinggroup.org/wp-content/uploads/TCG_1_4_Architecture_Overview.pdf (accessed on 1 April 2024).

[2] Sailer, R.; Zhang, X.; Jaeger, T.; van Doorn, L. Design and Implementation of a TCG-based Integrity Measurement Architecture. In Proceedings of the 13th USENIX Security Symposium (USENIX Security 04), San Diego, CA, USA, 9–13 August 2004; pp. 223–238.

[3] Microsoft. Secure the Windows boot process- Windows security.

[Online].

https://docs.microsoft.com/en-us/windows/security/information-protection/

secure-the-windows-10-boot-process, December 2021.

[4] Intel Corporation. Hardening Intel® Trusted Execution Technology and Intel® Boot Guard. Security White Paper, Rev. 0.21, 2024. Document No. 824411.

[5] Arm Ltd., TrustZone Technology for the Armv8 A Architecture, Version 1.0, 2020.

[6] Arm Ltd., TEE Reference Documentation: TrustZone for Cortex A, 2023.

[7] NXP Semiconductors, ARM® TrustZone®: How to Use It to Make Devices Secure and Safe, 2019.

[8] V. Costan and S. Devadas, “Intel SGX Explained,” IACR Cryptology ePrint Archive, pp. 1–118, 2016.

[9] J. Lind, J. Kwon, D. Eyers, and R. Vitenberg, “EnclaveDB: A Secure Database Using SGX,” in Proc. IEEE S&P, 2019, pp. 264–278.

[10] Intel Corporation, “Intel® Software Guard Extensions (Intel® SGX) Developer Guide,” Intel White Paper, 2020.

[11] B. Gassend, D. Clarke, M. van Dijk, and S. Devadas, “Silicon Physical Random Functions,” in Proc. ACM CCS, 2002, pp. 148–160.

[12] R. Maes, “Physically Unclonable Functions: Constructions, Properties and Applications,” Proc. IEEE, vol. 103, no. 10, pp. 1868–1881, 2015.

[13] Sadeghi and D. Naccache (eds.), Towards Hardware-Intrinsic Security: Foundations and Practice, Springer, 2010.

[14] J. Butterworth, C. Kallenberg, and X. Kovah, “BIOS Chronomancy: Fixing the Core Root of Trust for Measurement,” in Proc. IEEE Security & Privacy Workshops, 2014, pp. 1–12.

[15] AMD, “AMD‑SB‑4011: TPM 2.0 Reference Implementation Vulnerability,” AMD Security Bulletin, 2023.

[16] Y. Zhang et al., “Firmware Attacks and Defenses: A Survey,” ACM Computing Surveys, vol. 54, no. 5, pp. 1–36, 2021.

[17] ISO/IEC 11889‑1:2015, Information Technology — Trusted Platform Module Library — Part 1: Architecture, 2nd ed., 2015.

[18] C. Shepherd and K. Markantonakis, “Building Execution Environments from the Trusted Platform Module,” in Trusted Execution Environments, Springer, 2024, pp. 79–95.

[19] C. Ryu et al., “A Comprehensive Survey of TPM for Defense Systems,” KSII Transactions on Internet and Information Systems, vol. 18, no. 7, pp. 1–20, 2024.

[20] R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn, “Design and Implementation of a TCG-Based Integrity Measurement Architecture,” in Proc. USENIX Security Symposium, 2004, pp. 223–238.

[21] S. Delaune, S. Kremer, M. D. Ryan, and G. Steel, “Formal Analysis of Protocols Based on TPM State Registers,” Journal of Computer Security, vol. 19, no. 5, pp. 1029–1069, 2011.

[22] National Institute of Standards and Technology, “Security Requirements for Cryptographic Modules,”

[Online]. http://csrc.nist.gov/publications/fips/fips140-2/ fips1402.pdf, accessed on April 15, 2014.

Downloads

Published

2026-02-12

Issue

Conference/Proceedings - 9th ICAILLMBA (ALLAM) 2025

Section

Articles

How to Cite

1.
K V S R P V, Kumar Indrakanti RK, Vishnoi N, Chitta V. Leveraging Trusted Platform Modules for Hardware Rooted Security and Robust Device Encryption. IJERET [Internet]. 2026 Feb. 12 [cited 2026 Feb. 12];:112-27. Available from: https://ijeret.org/index.php/ijeret/article/view/450