The Four Hardware Encryption Technologies
| Technology | What It Is | Where It Lives | Primary Use | Scale |
|---|---|---|---|---|
| TPM | Chip on the motherboard | Built into device | Device encryption (BitLocker), measured boot, device attestation | Single device |
| HSM | Dedicated hardware appliance or PCIe card | Data center / server rack | CA keys, payment processing, enterprise key vault | Enterprise / many applications |
| KMS | Software service (often HSM-backed) | Server / cloud service | Key lifecycle management, rotation, audit, access control | Enterprise / cloud |
| Secure Enclave | Isolated coprocessor in main chip | Mobile device / modern PC | Biometric data protection, device encryption keys | Single device |
TPM Capabilities
Key Generation & Storage
The TPM generates its own cryptographic keys using its internal random number generator. Keys can be stored inside the TPM's non-volatile memory β they never need to be exported to the main system.
Keys bound to the TPM are hardware-bound: they can only be used on that specific device.
Measured Boot
At each boot stage, the TPM measures (hashes) the firmware, bootloader, and OS. These measurements are stored in Platform Configuration Registers (PCRs).
Keys can be "sealed" to specific PCR values β they will only be released if the system boots in exactly the expected state. Malware in the boot path = measurements don't match = key not released.
BitLocker Integration
Windows BitLocker uses the TPM to seal the drive encryption key. At boot, the TPM verifies the boot measurements match expected values, then releases the key to decrypt the drive.
Removing the drive and connecting to another machine fails β that machine has a different TPM with no record of the sealed key.
Remote Attestation
The TPM can produce a cryptographically signed report of the device's current PCR measurements. A remote server can verify this report to confirm the device is in a known-good state before granting access to a network or resource.
TPM vs. HSM: Key Differences
| Feature | TPM | HSM |
|---|---|---|
| Form factor | Chip soldered to motherboard | Network appliance or PCIe card |
| Access | Local to one device | Network-accessible by many applications |
| Throughput | Low β personal use | High β hundreds of ops/second |
| Tamper response | Limited | Active key destruction on tamper detection |
| Certification | TCG standard | FIPS 140-2 Level 3 or 4 (typically) |
| Cost | ~$1-5 (built into device) | $5,000 β $50,000+ |
| Use case | Device encryption, attestation | CA, payment keys, enterprise vault |
Key Management System β Lifecycle Flow
KMS generates cryptographic keys using a secure source of randomness (often backed by HSM hardware entropy). Keys are created with defined purposes and expiration policies.
Keys are stored encrypted within the KMS (backed by an HSM or protected master key). Applications never receive raw key material β they call the KMS API to perform operations.
Applications authenticate to the KMS and receive authorization to use specific keys. The KMS performs the cryptographic operation on the application's behalf, or issues a time-limited data encryption key.
KMS automatically rotates keys on a configured schedule. New data is encrypted with the new key; data encrypted with old keys can still be decrypted during the transition period. Old keys are retired.
If a key is suspected compromised, it is immediately revoked. The KMS logs all access and provides an audit trail. At end of life, keys are cryptographically destroyed (overwritten with zeros and confirmed).
Secure Enclave: Isolation Architecture
Isolation from the main OS
The Secure Enclave has its own boot ROM, encrypted memory, and dedicated storage. The main processor cannot read the enclave's memory through normal instructions β hardware memory protection barriers enforce isolation.
Biometric protection
On Apple devices, Touch ID fingerprint templates and Face ID mathematical models are stored exclusively in the Secure Enclave. The biometric sensor sends raw data to the enclave for comparison β the main CPU never sees the templates or the raw biometric data.
Device encryption key
The device's file system encryption key is stored in the Secure Enclave, protected by a unique device identifier (UID) fused into the enclave hardware during manufacturing. Apple cannot access this key β it is not stored anywhere else.
Even a compromised OS cannot access enclave data
If malware fully controls the main operating system, it still cannot extract keys or biometric data from the Secure Enclave. The hardware isolation is enforced at the silicon level, not by software.