312-50V10 · Question #930
What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?
The correct answer is D. TPM. The TPM is a dedicated hardware chip that generates and binds cryptographic keys to a specific machine, preventing an encrypted disk from being decrypted on different hardware.
Question
What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?
Options
- ACPU
- BGPU
- CUEFI
- DTPM
How the community answered
(21 responses)- C5% (1)
- D95% (20)
Why each option
The TPM is a dedicated hardware chip that generates and binds cryptographic keys to a specific machine, preventing an encrypted disk from being decrypted on different hardware.
The CPU performs computation but has no dedicated mechanism to generate or bind encryption keys to a specific hardware platform.
The GPU handles graphics and parallel processing workloads and plays no role in hardware-bound encryption key management.
UEFI is firmware that initializes hardware and loads the OS, but it does not generate or securely store hardware-bound cryptographic keys.
The Trusted Platform Module (TPM) is a microcontroller embedded on the motherboard that generates, stores, and manages cryptographic keys in hardware. It releases only partial key material during the boot sequence and ties full decryption to the specific chip it was created on, so a BitLocker-protected drive cannot be unlocked on a different system without the recovery key.
Concept tested: TPM hardware-bound encryption key generation
Source: https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/trusted-platform-module-overview
Topics
Community Discussion
No community discussion yet for this question.