[Library] AMD CPU fTPM (Firmware Trusted Platform Module) [MiniTool Wiki]
What Is AMD CPU fTPM?
To learn the definition of AMD CPU fTPM, first of all, you need to know what is TPM. Trusted Platform Module (TPM), also called ISO/IEC 11889, is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.
And, fTPM is just a type of TMP. Therefore, AMD CPU fTPM refers to the trusted platform module of AMD (Advanced Micro Devices, Inc.) central processing unit (CPU). It is implemented in system firmware instead of using a dedicated chip.
Types of TPM
TPM was conceived by a computer industry consortium named Trusted Computing Group (TCG) and was standardized by ISO and IEC in 2009 as ISO/IEC 11889. TCG has assigned TPM vendor IDs to AMD, IBM, Intel, Lenovo, Samsung, etc. companies.
There are 5 types of TPM 2.0 implementations:
- Firmware TPM (fTPM): fTPM is a software-only solution that runs in a CPU’s trusted execution environment. So, it is more likely to be vulnerable to software bugs. AMD, Intel, and Qualcomm have implemented fTPMs.
- Discrete TPM (dTPM): dTPM is a dedicated chip that implements TPM functionality in their own tamper-resistant semiconductor package. So, it’s the most secure TPM type theoretically because the routines implemented in hardware should be more resistant to bugs compared to routines implemented in software.
- Software TPM (sTPM): sTPM is a software emulator of TPM that runs with only a regular program gets within an operating system (OS). It depends completely on the environment that it runs in. therefore, sTPM offers no more security than what can be provided by the normal execution environment; it is vulnerable to its own software bugs and attacks that are penetrating the normal execution environment. Yet, sTPM is useful for development purposes.
- Integrated TPM (iTPM): iTPM is a part of another chip. It uses hardware that resists software bugs, so it isn’t required to implement tamper resistance. Intel includes iTPMs in some of its chipsets.
- Hypervisor TPM (hTPM): hTPM is a kind of virtual TPM provided by and rely on hypervisors. The hypervisor is an isolated execution environment that is hidden from the software running inside virtual machines to secure their code from the software in the virtual machines. hTPM can offer a security level similar to a fTPM.
The Function of AMD CPU fTPM
The TPM ensures that if the boot drive is separated from the motherboard, it won’t be possible to decrypt it. If a computer has no TPM, then Bitlocker must ask the user for the password each time it boots. Without entering a Bitlocker password or enter a wrong password, the boot will fail.
Some users may find this annoying and search for solutions for this issue. For AMD motherboards, there is a TPM header and fTPM for AMD CPU. If you are using an AMD motherboard, you can enable fTPM in BIOS settings, decrypt your boot drive, and re-encrypt the drive with Bitlocker. Then, you don’t have to provide your Bitlocker password every time you boot up your machine!