Intel Platform Trust Technology (PTT): TPM For The Masses

In the last few years, Intel® Platform Trust Technology (PTT) has truly arrived. For years, the last word in securing personal computers, industrial PCs, and servers has been the Trusted Platform Module (TPM) specification. TPM established a set of standards and interfaces that enable system makers to bake their digital bona fides into system hardware. So you may be wondering – what is PTT? And how is it different from TPM? Keep reading to learn more. 

What is Trusted Platform Module – TPM?

Trusted Platform Module or TPM uses unique cryptographic keys burned into physical media that are soldered directly onto the motherboard. With this, TPM creates what is known as the “root of trust.” With TPM, operating system makers like Microsoft can enable secure, whole-disk encryption to lock up data even if a disk is removed, and enable system checks that verify low-level boot code before allowing it to execute. We wrote a whole blog on it that you can check out here. 

What is Platform Trust Technology – PTT?

Intel Platform Trust Technology (PTT) architecture implements TPM in system firmware. To your operating system and applications, PTT looks and acts like TPM. However, the difference between PTT vs TPM is that computers with Intel PTT don’t require a dedicated processor or memory. Instead, they rely on secure access to the system’s host processor and memory to perform low-level system authentication and verification.

The result: PTT is being deployed on low-power PCs, tablets, and other devices that in the past could not bear the additional cost, complexity, power consumption, or required physical space that comes with hardware-based TPM.

Understanding Trusted Platform Module

TPM is currently in version 2.0, and its role has become more vital as cyber threats continue to target the lowest levels of system operation (including the Master Boot Record, system firmware, and operating system files) where traditional anti-malware solutions can be vulnerable.

TPM works by storing protected key information in a tamper-proof chip. It includes a unique Endorsement Key baked into the silicon at manufacture (like a digital fingerprint) to authenticate host system hardware. A dedicated cryptographic microprocessor processes key data and verifies the integrity of low-level system assets like boot files and system firmware. If a change is detected, TPM prevents the compromised files or software from loading. As a result, attacks are halted before they can start.

Implementing TPM in dedicated hardware has a key benefit; TPM isolates the security infrastructure from the host system. This makes it exceedingly difficult to spoof, tamper, or defeat. However, it also adds cost and complexity to system designs. That means that a lot of devices that could benefit from this level of security simply don’t have it. That shortfall is changing with firmware-based implementations of TPM like PTT.

Understanding Platform Trust Technology

Intel introduced PTT in 2013 on select fourth-generation Intel Core processors and chipsets, including Intel Haswell ULT multichip packages, as well as on Atom-based, system-on-a-chip solutions like Bay Trail. PTT enables low-cost and low-power devices to support the same root of trust concepts enabled by hardware-based TPM. Furthermore, it supports all of Microsoft’s latest OS requirements for TPM 2.0.

A similar implementation (ARM’s TrustZone scheme) provides TPM capabilities for low-power, ARM processor-based portable devices like tablets.

And finally, AMD also has their own fTPM implementation. That means, if you purchased a computer in the last few years, there’s a very good chance it has some form of TPM already onboard.

TPM vs PTT for industrial applications

PTT and other firmware implementations of TPM are especially important in the industrial PC space. They let organizations establish the same rigorous levels of security in their compact, fanless systems and devices as they do for desktop PCs, workstations, and servers. PTT-enabled industrial computers radically shrink the attack surface for systems that often sit unattended in remote or public spaces.

There was a time when IT managers were forced to choose between power hungry computers with robust security or compact, low-power designs. Computers with Intel PTT put an end to that need to choose. If you’d like to learn more, download our one-pager (link below) and contact our technical sales team who can answer all your security questions.

Note: This article was originally written on December 20, 2017. It was updated for content on October 2, 2023.