What is a TPM (Trusted Platform Module)?

A Trusted Platform Module (TPM) is a specialized security microchip that provides a hardware-based approach to managing credentials and cryptographic keys, including those associated with passkeys. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM. Key functions of a TPM include:

• Generation of secure and unique cryptographic key, as in the application of passkeys
• Remote attestation: Creates a certificate of a device's authenticity that can be used to ensure that a system is trusted and not tampered with or substituted.
• Sealed storage: Encrypts data in such a way that it can be decrypted only on the same TPM, ensuring data security.
• Platform integrity: A TPM can store platform measurements that help ensure that the platform remains trustworthy.

---

In the context of passkeys and authentication, the Trusted Platform Module (TPM) offers significant benefits:

The TPM's secure cryptoprocessor capabilities ensure that passkeys, which are a part of modern authentication protocols like WebAuthn, are stored in a tamper-resistant way. This security is critical as it helps to prevent phishing and other forms of account compromise.

With the increasing adoption of passwordless authentication methods, TPMs provide a hardware anchor for the cryptographic operations needed to create and use passkeys. This makes the authentication process both secure and user-friendly.

TPMs can verify the integrity of the authentication process by ensuring that the passkeys are untampered and genuine, providing a trustworthy mechanism for user verification.

TPM technology is standardized across devices and platforms, offering a universal solution for secure authentication processes. This standardization is key for cross-platform compatibility and interoperability in authentication systems.

---

• A TPM is a secure microcontroller that provides hardware-based security functions. It's important because it protects a computer by integrating cryptographic keys into devices, offering a hardware-based approach to security that can bolster system integrity and authenticate user access.

• A TPM enhances security by providing secure generation and storage of cryptographic keys, protecting against unauthorized software modification, and ensuring data security through its sealed storage capabilities.

• TPMs are instrumental in authentication by storing cryptographic keys that are used in authentication protocols like passkeys and WebAuthn, ensuring that user credentials are not only secure but also remain confidential.

• A TPM is not strictly required for passkeys, but it greatly enhances the security of passkey storage and management. Passkeys can be used in conjunction with TPM to provide a more robust authentication mechanism.

• To determine if your PC has a TPM, you can check the BIOS or UEFI settings, use the Windows Device Manager, or run a command in the operating system's command prompt or PowerShell to query the TPM status.

• Adding a TPM to a computer depends on the motherboard’s compatibility. Some motherboards have a TPM header to which a TPM module can be added, while others may not support this upgrade.

• No, you cannot directly view the passkeys stored in your TPM. The TPM is designed to securely store and manage cryptographic keys, including passkeys, without exposing them to users or software.

• While a TPM is not an absolute requirement for WebAuthn, it is highly recommended. A TPM can provide a secure environment for cryptographic operations that WebAuthn requires, thus enhancing the security of the authentication process.

• No, passwords are not saved in the TPM. The TPM manages cryptographic keys and other security functions but does not store passwords. It may, however, help secure the processes that verify passwords during user authentication.