Trusted Platform Module – My understanding

ByFaris

Recently in my line of work, I was required to use a TPM to generate a pair of keys, which to be honest I don’t really understand how it works. So I went on the net and scoured what relevant things that can make sense. I don’t where I get this link but it explains what the TPM is and does.

I still don’t understand everything but I’ll try to summarise from the video and other posts I have read. TPM stands for Trusted Platform Module, where a protocol/standard(??) specifies a hardware (mostly, though I read there is also software) that validates/verifies processes, by using cryptographic keys. Most likely TPM is invoked during startup because that is the moment where malicious software or firmware might try to load (I think).

Analogically, it is like having a guard (TPM) in a guardhouse that allows people(firmware/software) to enter. The guard has a list which he compares when someone tells him their name. But this guard only confirms whether the person is on the list or not and can’t prevent them from trespassing. He does take not and mentions if any of the software or driver are different than the allowed value. End of analogy.

In the video above, one philosophical question was asked, whether we can trust the TPM manufacturer, because they are in essence creating a component that is needed to validate whether we can trust a PC or not, hence the component itself and its manufacturer needs to be trusted too. The speaker did say if we apply the same question to other components, we also face the same problem as Intel or Nvidia can also inject malicious code into their product.

They wouldn’t, not only because they want people to trust them, but also because it is against their existence to compromise. Their survival dictates any notion of malpractice will have dire consequence. It will be very bad for them, even if there is a rumour of something along the line, happening. That is my opinion. It is a trusted platform module, where the trust equals commercial value.

I am sure there is a better post or even a paper describing this in a more eloquent manner but this is what I observer from my brief understanding of TPM. Let’s see in the future if I can find similar cases where my views can be applied. As for now, I trust (and am trying to understand what I am trusting, ha!) what I am working on right now.

Thank you for reading.

Similar Posts

  • Where Do You See Yourself…

    ByFaris

    … in 5 years time? That’s the question that is normally asked in interviews, or something along the line. Whether it’s a 3-years, 5-years, or a decade long plan into the future, they all ask the same thing; to project or foretell the future. I was asked the question today during a discussion with my…

  • Thank you and see you again!

    ByFaris

    Today is the last day of me working in MRT Corp, after a tenure of 8 years. Words escape me, so I expressed in this poem, one which I read during my farewell luncheon. ___________________________________________________________________ Sorong papan, tarik papan, buah keranji dalam perahu; sebelum makan ada ucapan, sebelum pergi, saya nak bagitahu Kalau ada sumur…

  • Solicited Advice

    ByFaris

    A nephew of mine came to visit recently and I had the opportunity to bring him around the places in Manchester. As we traveled a bit, we talked quite a bit too. As common when we visit another country, we complained and thrashed our country, while at the same time saying that Malaysia has the…

  • Ad-hoc vs A System

    ByFaris

    A scene in a movie used to be when someone is on a phone call and he wants to write something, he’ll grab a post-it and scribble on it. This is what comes to my mind whenever someone says ad-hoc, a form of temporary solution that is required urgently, and normally is not for a…

Leave a Reply

Your email address will not be published. Required fields are marked *