What is Trusted Platform Module (TPM)?

Home
Blog
What is Trusted Platform Module (TPM)?

In order to increase security in industrial IoT, such as in the area of edge computing, device authentication via the Trusted Platform Module is increasingly being used. TPM is the abbreviation of Trusted Platform Module and describes a chip that improves the security of a computer and supports various Windows technologies such as BiTLocker (hard disk encryption) or Windows Hello (login with fingerprint, face or PIN). The small chip is installed on the mainboard and is intended in particular to prevent manipulation and cyber attacks, e.g. by viruses and Trojans, of the computer. In general, TPMs generate cryptographic keys, store them securely and use them to start the operating system securely.

Operating modes

The Trusted Platform Module has the central task of creating a trustworthy environment and enabling secure data handling. On the one hand, it offers the possibility to secure the identity and integrity of the industrial computer (IPC) in order to check whether the IPC has been manipulated or exchanged unnoticed. On the other hand, data is to be encrypted and decrypted so that only authorized persons can access, process and use this data.
Key custody and identity are handled directly by the TPM itself. Other, more complex requirements, such as compliance with data policies, are covered in synthesis with the operating system.

Chains of trust

When the TPM is activated, it receives measurement values or signatures from the individual components one after the other after the industrial computer is switched on, which are compared with previously stored values. If these values both match, it can be assumed that the component is functioning as expected and its integrity is intact. The next component is then checked, so that in this way trustworthy software instances are gradually brought up to the application level for execution.

TPM 2.0 and Windows 11

The Trusted Platform Module version 2.0 has already been available since 2015. While it was still optional in the previous Windows versions, an integrated TPM 2.0 is mandatory in the latest Windows 11 version. In combination with Secure Boot, TPM 2.0 is supposed to protect even better against (cyber) attacks. In order to comply with security standards and to protect the devices from cyber attacks, all Welotec industrial computers and edge gateways include an integrated TPM 2.0 module.

Authentication of devices with TPM during mass rollouts

A particular challenge in implementing mass rollouts is getting a large number of devices into the field securely. One solution is the Device Provisioning Service (DPS) from Microsoft Azure. This can be used to securely roll out mass devices via TPM 2.0. The exact steps of an auto provisioning, you will find described in detail in our whitepaper.

Products with TPM 2.0 module

Fanless Industrial Computer Arrakis-Mk4 Series

Fanless Industrial Computer Arrakis Mk3 Series

Arrakis-Mk3

Alderamin Pico MK4 Azure certified Edge managed — Industrial Computer

Fanless Industrial PC Alderamin Pico Mk4

Contact our specialist for more information.

Accept
Name	YouTube
Provider	Google LLC
Purpose	This website uses Youtube for marketing purposes. The data is transferred to a server in the USA and stored there. The personal data is transmitted on the basis of Art. 46 and/or Art. 49 para. 1 lit. a) GDPR.
Duration	Data is deleted as soon as it is no longer required for processing.
Further information	https://policies.google.com/privacy

Accept
Name	Google Adsense
Provider	Google LLC
Purpose
Duration	Daten werden gelöscht, sobald sie für die Bearbeitung nicht mehr benötigt werden.
Further information	https://policies.google.com/privacy

Accept
Name	Facebook Connect
Provider	Meta Platforms Ireland Ltd.
Purpose	Facebook Connect uses cookies within the framework of web tracking, which are stored on your computer and enable an analysis of the use of our website and your surfing behaviour (so-called tracking).
Duration	Data is deleted as soon as it is no longer required for processing.
Further information	https://www.facebook.com/about/privacy

Accept
Name	LinkedIn
Provider	LinkedIn Corporation
Purpose	LinkedIn Analytics uses "cookies", which are stored on your computer and which enable an analysis of your use of the website. LinkedIn uses this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services relating to website activity and internet usage.
Duration	Data is deleted as soon as it is no longer required for processing.
Further information	https://www.linkedin.com/legal/privacy-policy

Accept
Name	Google Double Click
Provider	Google LLC
Purpose	This website uses Google Double Click to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. The data is transferred to a Google server in the USA and stored there. The personal data is transmitted on the basis of Art. 46 and/or Art. 49 para. 1 lit. a) GDPR.
Duration	Data is deleted as soon as it is no longer required for processing.
Further information	https://policies.google.com/privacy