TPMs or HSMs and Their Role in Full-Disk Encryption (FDE)

Introduction

Your data can’t be secured without establishing a root of trust! Even when you perform a full-disk encryption to encode all of your data, you must first place your trust somewhere. Why not place it in a TPM or HSM?

You might be asking yourself: What are these technologies, and how do they actually help to keep your data safe and secure? To find out, we’ll have to look at each one to discover what makes them tick and which is the better of the two in 2019.

The two technologies are similar in a sense, because they both relate to encryption and security. However, we’ll soon see the way that they operate and the way that they are implemented are very different.

What Is a TPM?

TPM stands for Trusted Platform Module and is basically an electronic chip that is built into a circuit such as a system board or main board on a computer or laptop. This chip stores special encoding information and holds the keys that your system needs to encrypt certain data relating to your system. The most common task associated with a TPM is FDE, or Full-Disk Encryption.

This could be thought of as a local security measure that lets your system communicate securely with your operating system. This means that if your hard drive is cloned and connected to another machine, it will not be readable without the cryptographic data contained on the TPM, making the data useless to anyone but you. This makes your system secure before the login screen even appears when booting into the operating system, which is great for corporate users and government IT equipment with confidential data stored on it. FDE ensures that your data cannot be read by anyone else.

Most TPM chips contain a special encryption (Read more...)