A
TPM (Trusted Platform Module) is a dedicated security chip providing: secure key storage, random number generation, platform integrity measurement (PCRs), and remote attestation.
TPM enables BitLocker (seals encryption key to TPM PCR measurements — changes to boot process lock the drive), remote attestation (prove device integrity to a server), and hardware-based credential storage. TPM 2.0 required for Windows 11. Discrete TPM chips are more secure than firmware TPMs (fTPM).