A Trusted Platform Module 2.0 (TPM 2.0) is a specialized security chip integrated into the motherboard of a computer that provides a hardware-based layer of protection. It creates a secure environment for storing cryptographic keys, passwords, and certificates, authenticating users and devices, and checking system integrity during boot-up to prevent unauthorized manipulation of software or hardware components. TPM 2.0 was released in 2018 as an upgrade from TPM 1.2. It supports advanced cryptographic algorithms and functions such as:
- Secure storage of cryptographic keys
- Cryptographic operations like digital signing and encryption
- Monitoring the security state of the system
- Enhancing user and device authentication
- Supporting features like BitLocker disk encryption and Windows Hello identity protection in Windows 11 and beyond
Unlike earlier versions, TPM 2.0 supports a broader set of algorithms, better key management, and policy authorization mechanisms, making it a fundamental requirement for newer systems, especially to meet Windows 11's security standards. The TPM chip functions independently from the processor and operating system, ensuring that security operations happen at a hardware level, which is less vulnerable to attacks than software-only solutions. It helps ensure that a computer boots up using trusted and unaltered software and hardware configurations. In summary, TPM 2.0 is a trusted hardware security module designed to provide systems with enhanced protection against threats by managing cryptographic keys, ensuring system integrity, and supporting secure authentication.
