TPM
Definition
A Trusted Platform Module (TPM) is a specialized hardware component designed to secure hardware through integrated cryptographic keys. It provides a range of security functions, including secure generation and storage of cryptographic keys, device authentication, and ensuring platform integrity. TPMs are commonly used in devices to enable secure boot processes, protect sensitive data, and support encryption technologies such as BitLocker.
Secure Settings Example
# Example of enabling TPM in a Linux environment for disk encryption
# Ensure TPM is enabled in BIOS/UEFI settings
tpm2-tools:
- tpm2_createprimary -C o -c primary.ctx
- tpm2_create -C primary.ctx -G rsa -u key.pub -r key.priv
- tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx
- tpm2_evictcontrol -C o -c key.ctx 0x81010001
Insecure Settings Example
# Example of insecure TPM usage where keys are stored in plaintext
# This configuration does not utilize TPM for key storage
unencrypted_keys:
- private_key: "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASC..."
- public_key: "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A..."