What is a TPM (Trusted Platform Module)?

Q: What is a TPM (Trusted Platform Module)?

A TPM is a hardware chip on a motherboard that provides secure storage for cryptographic keys and enables platform integrity verification.

D5 · Crypto · CompTIA Security+ SY0-701

A TPM (Trusted Platform Module) is a specialized microcontroller chip integrated into a computer's motherboard that provides hardware-based security functions: secure key storage, random number generation, and platform integrity measurement.

Key capabilities: measured boot (records hash of each boot component), BitLocker key storage, attestation (proves device configuration hasn't changed).

TPM 2.0 is required for Windows 11.

TPM enables full-disk encryption keys to be tied to specific hardware — if you move the drive to another machine, it won't boot. It also detects bootkit/rootkit tampering via measured boot. TPM ≠ HSM: TPM is on-board, HSM is a standalone device.

← Back to Glossary Practice Questions →

What is a TPM (Trusted Platform Module)?

// Related Terms