{"id":15999,"date":"2026-03-24T13:32:27","date_gmt":"2026-03-24T13:32:27","guid":{"rendered":"https:\/\/newestek.com\/?p=15999"},"modified":"2026-03-24T13:32:27","modified_gmt":"2026-03-24T13:32:27","slug":"hp-launches-tpm-guard-to-help-defeat-physical-tpm-attacks","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15999","title":{"rendered":"HP launches TPM Guard to help defeat physical TPM attacks"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>The Trusted Platform Module (TPM), developed by the Trusted Computing Group (TCG), is a mandatory security component in any computer running Windows 11. It stores sensitive information such as encryption keys in a separate, secure chip, passing it to the CPU as required.<\/p>\n<p>However, there\u2019s a problem. If an attacker can get physical access to the device, they can use hardware costing less than $20, running readily available software, to grab those encryption keys as they are sent to the CPU, allowing data on the system to be readily decrypted by the attacker and stolen.<\/p>\n<p>At its Imagine event this week, HP announced a product that it says prevents this kind of attack without the need to make changes to device encryption software such as BitLocker. <a href=\"https:\/\/threatresearch.ext.hp.com\/tpm-guard-advancing-endpoint-protection-against-physical-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\">TPM Guard<\/a> is a combination of hardware and firmware that creates an authenticated and encrypted tunnel between the TPM and the CPU to protect the communication between them, said <a href=\"https:\/\/uk.linkedin.com\/in\/ianpratt\" target=\"_blank\" rel=\"noreferrer noopener\">Ian Pratt<\/a>, HP\u2019s vice president of security and commercial systems. The TPM is cryptographically bound to the host processor so if the chip is removed from the system, the TPM will cease to function.<\/p>\n<p>\u201cThis isn\u2019t just about espionage agents sneaking into hotel rooms of executives while they\u2019re out at dinner,\u201d he said during a media briefing. \u201cMany laptops get stolen every day, and if a laptop is owned by an enterprise, there\u2019s potentially a lot more value to the data it contains than the resale value of the device itself. And hence, opportunity for that device to work its way through the black market to a crime group that is capable of extracting the data and monetizing it, perhaps using the credentials it contains to gain access to enterprise systems or threatening to leak customer data.\u201d<\/p>\n<p>Most companies today rely on BitLocker to encrypt that data, but the TPM issue can negate that protection, putting organizations at risk.<\/p>\n<p>TPM can prevent a whole class of bus interception and interposition attacks, Pratt said.<\/p>\n<p>HP wants the technology behind it to become an industry standard, and has already submitted a proposal to the TCG, he said.<\/p>\n<p>Starting in July, TPM Guard will be available as a firmware update at no additional charge on \u201cselected\u201d HP G2 commercial PCs, and will be built in to supported PCs in the future.<\/p>\n<h2 class=\"wp-block-heading\" id=\"structurally-significant\">Structurally significant<\/h2>\n<p>\u201cHP TPM Guard is arguably the most structurally significant announcement [at HP Imagine] for enterprise, government, and high-compliance customers,\u201d said <a href=\"https:\/\/www.linkedin.com\/in\/anuragagrawal1\/\" target=\"_blank\" rel=\"noreferrer noopener\">Anurag Agrawal<\/a>, chief global analyst at Techaisle. \u201cFrom an architectural standpoint, it closes a massive physical edge loophole.\u201d<\/p>\n<p>It\u2019s \u201ca brilliant maneuver\u201d against <a href=\"https:\/\/www.csoonline.com\/article\/571873\/microsofts-pluton-security-processor-tackles-hardware-firmware-vulnerabilities.html\">Microsoft\u2019s Pluton architecture<\/a>, Agrawal said, noting that Pluton eliminates the bus by putting security directly on the CPU die, while TPM Guard gives highly regulated customers the physical security of Pluton without forcing them to abandon their preferred TCG-certified discrete TPMs.<\/p>\n<p>HP\u2019s proposal of TPM Guard to the Trusted Computing Group (TCG) as a new industry standard \u201ccreates immediate security debt for HP\u2019s rivals,\u201d he said.<\/p>\n<p>\u201cBy positioning TPM Guard as the first and only solution to this physical bus attack, HP is implicitly stating that the existing \u2018secure\u2019 fleets from competitors like Dell and Lenovo carry a known, exploitable vulnerability, giving HP and its channel partners a highly aggressive wedge issue to force early device refresh cycles,\u201d he said.<\/p>\n<p>TPM hasn\u2019t been significantly updated for some time, making HP\u2019s TPM Guard all the more important, said <a href=\"https:\/\/www.linkedin.com\/in\/rob-enderle-03729\/\" target=\"_blank\" rel=\"noreferrer noopener\">Rob Enderle<\/a>, principal analyst at Enderle Group. \u201cIn the face of rising threats, it is always important to reinvest in defense, and that is what they are doing here.\u201d<\/p>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The Trusted Platform Module (TPM), developed by the Trusted Computing Group (TCG), is a mandatory security component in any computer running Windows 11. It stores sensitive information such as encryption keys in a separate, secure chip, passing it to the CPU as required. However, there\u2019s a problem. If an attacker can get physical access to the device, they can use hardware costing less than $20,&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=15999\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15999","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15999","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15999"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15999\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}