Example: your laptop is stolen.
- Your drive is encrypted.
- The thief removes the drive and plugs it into another PC.
- Without the right key (protected by TPM + your login), the data looks like random noise.
Security chip π
TPM (Trusted Platform Module) in simple words
A TPM is a small security chip that can safely store secrets (like encryption keys) and prove the computer is trusted. Think of it like a locked safe built into the motherboard.
Firmware
Operating System
What TPM is
- π A secure chip (or secure part inside CPU)
- Stores encryption keys safely
- Can βmeasureβ startup parts and remember what happened
Hover: encryption key, startup measurement.
Why TPM exists
- Stops thieves from easily reading your disk
- Helps detect βfakeβ or changed boot parts
- Makes it harder for malware to steal keys
Real-world examples
- πͺ Windows uses TPM for security features
- π§ BitLocker (disk encryption) can store keys in TPM
- β Secure Boot + TPM can reduce boot tampering
Security flow diagram (click the boxes)
π§ Firmware
Starts first
π TPM
Locked safe
π₯οΈ OS
Uses TPM safely
If boot parts change unexpectedly, TPM-backed checks may refuse to unlock automatically.