Yesterday Apple showed us the T2 chip, a border checkpoint with aluminum manners.

Today we inspect the smaller, older bureaucrat:

the Trusted Platform Module.

The TPM is one of the most misunderstood chips in computing.

People think it encrypts the disk.

It does not.

People think it proves the computer is safe.

It does not.

People think “trusted” means trusted by the owner.

Adorable.

I. What A TPM Is

The TPM is a standardized security component defined by the Trusted Computing Group. TPM 2.0 is standardized as ISO/IEC 11889.

It can be a discrete chip, firmware-backed implementation, integrated security processor function, or virtualized TPM.

Its job is not to run your operating system.

Its job is to preserve small pieces of security state and perform cryptographic operations under policy.

TPM feature	What it does	What it does not do
key storage	protects keys under TPM policy	encrypt your whole SSD by itself
PCRs	record measurements of boot state	decide morality
sealing	release a secret only when conditions match	make the OS honest forever
attestation	quote measurements to another party	prove the user is happy
random generation	provide hardware-backed randomness	fix bad software design

The TPM is a notary.

It stamps documents.

It does not run the country.

II. PCRs: Registers That Remember The Boot

The most important concept is the Platform Configuration Register, or PCR.

A PCR is not normally assigned a value directly.

It is extended.

Conceptually:

new_pcr = HASH(old_pcr || measurement)

This means each new measurement depends on all previous measurements.

Change one stage of boot, and the final PCR value changes.

flowchart TB
    RESET["reset PCR"]
    FW["measure firmware"]
    BOOT["measure bootloader"]
    KERNEL["measure kernel"]
    POLICY["measure policy"]
    PCR["final PCR value"]

    RESET --> FW --> BOOT --> KERNEL --> POLICY --> PCR

The TPM remembers the chain as hashes.

It does not know whether your kernel is beautiful.

It knows whether the measurements match the previous paperwork.

III. Secure Boot vs Measured Boot

Civilian confusion is severe here.

Concept	Meaning	Kim translation
Secure Boot	checks signatures before executing boot components	guard says yes or no
Measured Boot	records what was loaded into TPM measurements	clerk writes everything down
BitLocker sealing	releases disk unlock material only when measurements match policy	vault opens if paperwork matches
Remote attestation	reports measurements to another system	foreign inspector reads the file

Secure Boot is enforcement.

Measured Boot is memory.

Attestation is diplomacy.

BitLocker is the citizen discovering that a BIOS update changed the paperwork and now the vault wants a recovery key.

IV. The BitLocker Ritual

A common Windows pattern is:

1. The firmware and boot path are measured.
2. PCR values end up in a known-good state.
3. BitLocker stores or seals disk unlock material using TPM policy.
4. On the next boot, if measurements match, the TPM releases the secret.
5. If measurements do not match, recovery is required.

The technical story is clean.

The emotional story is:

“I changed one setting and now Windows wants the emergency scroll.”

Example inspection on Windows:

Get-Tpm
manage-bde -status

Example Linux-world curiosity:

tpm2_pcrread
tpm2_getrandom 16

Do not run commands from a blog as religious practice.

Run them because you know which ministry you are interrogating.

V. Why Windows 11 Made Everyone Learn The Acronym

Microsoft made TPM 2.0 a Windows 11 requirement.

Suddenly civilians who had never heard of PCRs were in firmware setup screens toggling “PTT,” “fTPM,” “Security Device,” or “AMD PSP fTPM” while wondering whether the motherboard had joined a cult.

This was educational.

Cruel, but educational.

Firmware label	Usually means
TPM	generic TPM support
PTT	Intel Platform Trust Technology firmware TPM
fTPM	firmware TPM, often via platform security processor
dTPM	discrete TPM chip
Pluton	Microsoft integrated security processor with TPM functionality

The tragedy is that the requirement taught the name before the concept.

Citizens learned the checkbox.

They did not learn the trust model.

VI. Trusted By Whom?

This is the entire political question.

Trusted Computing sounds comforting until you ask:

who is doing the trusting?

The TPM can help the owner protect disk keys.

Good.

The TPM can help an enterprise verify fleet state.

Also reasonable.

The TPM can help a remote service decide whether your machine is acceptable.

Now the room becomes cold.

Use	Owner benefit	Control risk
disk encryption	protects data after theft	recovery pain
measured boot	detects boot tampering	false alarms after updates
enterprise attestation	fleet security	employer policy over machine
DRM / anti-cheat style checks	service integrity	user loses local sovereignty

The TPM is not evil.

The TPM is a tool.

But tools used for trust become tools used for permission.

VII. The Real Story (Suppressed)

Officially, TPM means Trusted Platform Module.

Suppressed name:

Trust Permission Machine.

The first prototype had only one LED.

It lit up when the machine trusted you less than the vendor did.

Engineers proposed calling PCRs “Platform Configuration Registers.”

The Ministry corrected them:

Paperwork Cannot Reverse.

Because once a measurement enters the chain, the clerk does not erase it.

He extends it.

Like a dictatorship budget.

VIII. The Lesson

The TPM is not magic.

It is not spyware by itself.

It is not disk encryption by itself.

It is a small cryptographic bureaucrat that stores keys, records measurements, signs statements, and enforces release policies.

Used well, it protects owners.

Used aggressively, it lets systems decide whether the owner is still allowed to act like the owner.

The decree:

• Secure Boot blocks
• Measured Boot records
• TPM seals
• attestation reports
• recovery keys are not decoration
• “trusted” always requires a subject

Tomorrow Microsoft moves the notary into the CPU:

Pluton.

— Kim Jong Rails, Supreme Leader of the Republic of Derails