HP Client Security Commercial Managed IT Software Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteBook Revolve 810 G2 Tablet

HP Client Security Technical Whitepaper

August 2016

747889-002

Infineon Trusted Platform Module 33

14 Infineon Trusted Platform Module

HP PCs feature a Trusted Platform Module (TPM) embedded security chip on select HP business notebooks, desktops and

workstations. This embedded security chip is certified to the Trusted Computing Group (TCG) Evaluation Assurance Level 4+

(EAL4+) standard. HP platforms support the latest TPM v1.2 and TPM v2.0.

The Trusted Computing Group (TCG) is an international industry standards group. The TCG develops specifications amongst

its members. Upon completion, the TCG publishes the specifications for use and implementation by the industry. Table 6

provides a list of TPM features and benefits on an HP PC.

TPM Management uses a Microsoft Management Console (MMC) snap-in tool. The TPM Management can be run as a stand-

alone console or it can be added/used with MMC.

Table 6 TPM Features and Benefits on HP PCs

Feature

Benefit

Designed to the TCG standard

As a standards-based technology, TPM security chips are designed to work with a growing

number of third party software solutions while providing a platform to support future

hardware and operating system architectures.

Supports Microsoft CAPI and

PKCS#11 cryptographic

software interfaces

Enables the TPM security chip to enhance a broad range of existing applications and

solutions that take advantage of these interfaces (for example, Microsoft Outlook®,

Netscape Navigator, RSA SecurID and public key infrastructure solutions from leaders like

Microsoft, VeriSign and Entrust)

Enhanced Microsoft EFS

Helps protect sensitive user data stored locally on a PC, where access to Microsoft EFS

encrypted files are protected by the embedded security chip, providing a higher degree of

hardware-based protection

Support for TPM v.1.2

HP PCs support the latest TPM v1.2

Support for TPM v.2.0

HP PCs support the latest TPM v2.0

Some scenarios supported by the embedded TPM module include:

 A computer with the TPM can create encryption keys that can only be decrypted by the same TPM. The TPM "wraps"

encryption keys with its own storage root key, which is stored within the TPM. Storing the storage root key in the TPM

microchip, rather than on your hard disk, offers better protection against attacks designed to expose your encryption

keys. This can benefit multiple security applications that use encryption.

 Also, a TPM owner password is created when TPM is first initialized. The TPM owner password helps ensure that only the

authorized owner can access and manage the TPM on the computer.

For more information on trusted computing solutions from HP, including more information on the embedded security chip

solution for HP business desktop, notebook and workstation PCs.

For SLB9670 TPM v1.2, visit: http://www.infineon.com/cms/en/product/security-and-smart-card-solutions/optiga-embedd

ed-security-solutions/optiga-tpm/SLB+9670+VQ12+FW640/productType.html?productType=5546d4624ad04ef9014aed

2539cb0a71

For SLB9670 TPM v2.0, visit http://www.infineon.com/cms/en/product/security-and-smart-card-solutions/optiga-embedd

ed-security-solutions/optiga-tpm/SLB+9670+VQ20+FW740/productType.html?productType=5546d462525dbac4015332

44509a2733