IT OT Convergence

Trusted Platform Module

2 min read

What is a Trusted Platform Module (TPM)?

A Trusted Platform Module (TPM) is a hardware-based security chip used to securely store and manage cryptographic keys, certificates and other security data. TPMs are designed to safeguard the integrity and confidentiality of systems — even if the operating system is compromised.

In OT environments, TPM is used to provide devices such as Engineering Stations, HMIs, SCADA servers and Firewalls with trusted identity and secure key storage.

🧠 How does TPM work?

  1. Hardware-based security
  • The TPM is physically soldered onto the motherboard or integrated into a module
  1. Cryptographic functions
  • Generates, encrypts and stores keys in a secure environment
  1. Integrity verification
  • Measures critical components during boot (BIOS, bootloader, OS)
  • Verifies that nothing has been altered (Secure Boot / Measured Boot)
  1. Secure storage
  • Keys are never exposed unencrypted outside the TPM

TPM provides security at the lowest level of the system — the hardware itself.

🏭 TPM in industrial networks

  • Authentication of OT devices on a network
  • Disk encryption for HMIs and Engineering Stations with TPM-based key storage
  • Secure Boot or Measured Boot in industrial PCs
  • Trusted identity for certificate-based authentication
  • Integration with Remote Attestation for remote management

Applied in, among others:

  • Industrial Windows/Embedded systems with TPM 2.0
  • Secure storage for VPN or SSH keys
  • Manufacturer-installed TPMs in industrial gateways and edge devices

🔍 TPM vs. HSM vs. software key storage

Characteristic TPM HSM Software (soft keys)
Storage form Hardware, on the motherboard External hardware module In a file on disk
Application Endpoint security Enterprise key management Basic use or legacy applications
Physical security Yes Very strong None
Use in OT Embedded devices, PCs Central key servers Not recommended

🔐 Security aspects

  • TPMs are resistant to physical attacks and tampering
  • Keys can only be used on the original device
  • Used in combination with BitLocker, Secure Boot, HTTPS
  • TPM 2.0 is required for modern OS security functions
  • Meets requirements from IEC 62443 and ISO 27001 for secure key storage

TPM provides trusted baseline security, independent of software integrity.

📌 In summary

Trusted Platform Modules provide a fundamental hardware basis for confidentiality, integrity and authentication in OT and IT systems. TPMs strengthen system security from the moment of startup through to key management and device identity.

Graph View