Preface

Motivation

When I started my journey with TPMs (Trusted Platform Modules), I experienced two conflicting emotions: enthusiasm and confusion. Indeed, the principle of TPM seemed brilliant to me, but I struggled to understand how I could actually put it into practice.

After several months of perseverance, and thanks to the valuable work of the community (i.e. tools, blog posts, etc.), I reached a level of understanding that could be considered acceptable. In hindsight, I can clearly say that my learning cost was too high, but it doesn't necessarily have to be for everyone.

That is why, I am taking on the challenge of producing a (relatively) comprehensive introduction to the subject. In short, the content I would have dreamed of having when I started this journey.

What's `TPM Pills`?

TPM Pills is a direct tribute to Nix Pills, who has helped many people discover the nix language!

A series of articles that gradually introduce the key concepts about a TPM. The goal is that by the end of reading TPM Pills, you will have a solid understanding of the functionalities offered by a TPM in order to reduce the need to read the TPM 2.0 specification¹, unless you are dealing with an advanced use case. Additionally, each article will be accompanied by a reproductible example to make things more concrete.

Finally, it is important to emphasize that this content is free.

Who is this for?

To anyone who wants to understand TPM and its functionalities. Whether you are a developer, a security expert, or just curious, you will find something to satisfy your curiosity.

A developer background is recommended especially for the implementation part.

Other educational resources

If you want to explore the topic further or if the TPM Pills approach simply doesn't suit you, be aware that there are other alternatives:

Resource	Description	Format
A Practical Guide to TPM 2.0	At the time of writing, the most comprehensive book on the subject (my bedside book)! Note: PDF format is free	Book
Trusted Platform Module (TPM) courses	1101: Introductory usage 1102: Intermediate usage Note: courses are free	Online course
TPM.dev tutorials	To share developer-friendly resources about Trusted Platform Modules (TPM) and hardware security, including other Hardware Security Modules (HSM). Note: description from the repo	Tutorials
TPM-JS by Google	TPM-JS lets you experiment with a software TPM device in your browser. It's an educational tool that teaches you how to use a TPM device to secure your workflows. Note: description from the repo Warning: the repo is archived since 2022	Tutorials
TPMCourse by Nokia	A short course on getting started with understanding how a TPM 2.0 works. In this course we explain a number of the features of the TPM 2.0 through the TPM2_Tools through examples and, optionally, exercises. Note: description from the repo	Tutorials

Who Am I?

I'm Loïc Sikidi a passionate software engineer from France. I love to learn and share my (little bit of) knowledge with others.

I'm far from being an expert on the subject, but I want to contribute to the democratization of this technology because I'm convinced that the TPM is a powerful tool that can help us to build more secure systems.

🚧 TPM Pills is in beta 🚧

if you encounter problems 🙏 please report them on the tpm-pills issue tracker
if you think that TPM Pills should cover a specific topic which isn't in the roadmap, let's initiate a discussion 💬

The specification available here is a dense and relatively complex document.