Trusted Platform Modules and Measured Boot
· 05/29/2025 ·
A Trusted Platform Module (TPM) is a chip that provides several security functions, including but not limited to securely storing and quoting platform measurements that help ensure the platform remains trustworthy. These platform measurements can be used as evidence in remote attestation to prove that the platform remains trustworthy.
A Virtual TPM (vTPM) provides the functions of a TPM in software (typically in the hypervisor), providing TPM functions to virtual machines.
System components (such as the UEFI/BIOS, OS kernel, boot loader, Secure Boot policy, etc) are measured before execution during the boot process, and these measurements can be used to detect any modifications or unauthorized changes to those measured components. These measurements, represented as cryptographic hashes, are stored in the TPM's Platform Configuration Registers (PCRs). Each new measurement extends its corresponding PCR, where extension means to concatenate the previous PCR value with the new has, and then hash the result. This means that the value of a PCR can be used to ensure the integrity of all components measured in that PCR.
The TPM can generate a signed quote for use with a remote attestation verifier, such as Intel® Trust Authority. By attesting the TPM quote against a policy asserting expected system measurements, you can prove that the platform booted in a trustworthy state.
For more information about TPM, visit: Trusted Computing Group: TPM Library Specification
For details on the components measured by firmware during a measured boot, see the Trusted Computing Group PC Client Platform Firmware Profile Specification.
Trusted boot and Azure* confidential virtual machines(VM) with Intel® Trust Domain Extensions (Intel® TDX) and vTPM
Microsoft Azure* implements Intel TDX and vTPM together, using an Intel TDX Trust Domain (TD) to protect the function of the vTPM. By combining attestation of the TD and vTPM, you can prove the authenticity and integrity of the vTPM and the VM image.
For example, PCR values from the vTPM can be used to ensure the integrity of the TD's UEFI BIOS, boot loader and kernel image.