| |
TPM Matrix |
|
This is a list of known Trusted Platform Module (TPM) manufacturers and implementations.
The Trusted Platform Modules are based on specifications produced by the Trusted Computing Group.
March 26, 2006:
The purpose of creating this table two years ago was to keep track of the nascent paradign shift in trusted computing. IBM (now Lenovo) led the way with their laptops, and early entrants to this list were view (by me at least) and leaders in security at the edge.
Today, every meaningful vendor has Trusted Platforms in their roadmap and Microsoft has an OS that requires TPM version 1.2 ready for enterprise users before the end of this year. There are no more real surprises -- the paradigm has shifted.
Going forward, I will only update this table to correct broken links. Adding new platforms is, for the most part, meaningless. It would be easier (and shorter) to maintain a list of vendors/platforms without TPM (and some of my correspondents -- of the EFF, anti-DRM ilk -- would probably prefer that).
Again, many thanks for the emails and private messages supplying the vast percentage of material found on this page.
Please report broken links here.
| Servers | Models | TPM Manufacturer |
Comments |
| IBM | x-Series 366 server | TBD | First server I've seen with TPM |
| Gateway | E-9220T server | TBD | In manual, TPM indicated as Enabled/Disabled in bios |
| Laptops | Models | TPM Manufacturer |
Comments |
| Toshiba | Portégé M205-S810 | TBD | Mentioned in PCWorld Magazine, with notation: Other features - SD Card slot, embedded security chip. |
| Toshiba | Dynabook SS LX | TBD, but v1.1b | Available in Japan in January and March (depending on screen size, I think) and, according to this quaint translation, Also security corresponding power is high e.g., with the LX and the L10 it loads the second HDD with option, it keeps the cipher key especially, and the TPM tip/chip which are prepared for the restoration of the data making use of RAID function frees the cipher key from the CPU and the HDD and retains. |
| Toshiba | Tecra M3 | TBD | Presented on the 19th of January, 2005 |
| HP/Compaq | nc6000,nc8000,nw8000, nc4010 notebooks (all models) |
Infineon (TPM Technical Overview) |
"When used in conjunction with Wave Systems' EMBASSY® Trust Suite, HP's Tools Embedded Security solution enables more secure and seamless file storage and business transactions. The combined solution from Wave Systems and HP provides customers with stronger PC security that is easy to administer and use, by IT staff and end-users alike." This, according to HP |
| IBM (Lenovo) | Select Thinkpad laptops | Atmel (older models)/ NSM Super I/O since Sept. 2004 | Over 16 mllion IBM trusted clients have been shipped as of June 25, 2004 (per Thorsten Stremlau, EMEA security consultant for IBM, as reported at TCG Business Community Day in Frankfurt) |
| IBM (Lenovo) | T43 | NSM | Also includes integrated fingerprint technology. |
| IBM (Lenovo) | New ThinkPad Notebooks... | Atmel | Search this file for 'Atmel' to find the complete list (X32, X40, etc). Note that the Atmel TCG1.2 chip is bundled with NTRU TSS and Wave ESC/CSP. |
| Fujitsu | Lifebook S7010 and LifeBook E8000 series | Infineon (see page 3 of datasheet) |
Shipping |
| Fujitsu | Lifebook B6000 | Assumed to still be Infineon, but not known for sure | Article here |
| Samsung | Samsung's X-Series of laptops, as well as P40 HZM 750 P40 LVC 730 and P40 MZM 730 |
Infineon | Announced by PCPro on October 19th, 2004. According to WhatLapTop.com the X-series will start shipping in January, 2005. Samsung recently (March 2005) announced that "[We] have since incorporated the Infineon Trusted Platform Module into all our education notebooks" |
| Dell | Precision,Latitude and X1 | Broadcom | TPM v1.1 available in select models (Latitude D410, D610 and D810) in January, V1.2 available in mid-2005. Information available in Dell security whitepaper. (pdf file -- right click and 'save as') "The TPM 1.1b security hardware device comes standard on the following Latitude(TM) notebook systems: Latitude D410, D610, D810 and Dell Precision Mobile Workstations M20, M70." |
| NEC | VersaPro/VersaProJ | Not known at this time (but translations of this would be appreciated) | Available January 19, 2005 |
| NEC | La Vie RX | TPM1.2, manufacturer not known | Available "Spring 2006" |
| Gateway | M250E Series | Broadcom v1.2 | Gateway has not officially announced that their machines include Trusted Platform Modules. However, this article ("Gateway Goes for Business Gold", with the following 'The E-Series desktops will incorporate a security chip for encrypting files, Elsasser hinted'), combined with the information on the support page for M250 machines indicates that at the very least the M250E comes with the Broadcom integrated TPM. |
| Gateway | M460ES | Broadcom v1.2 | September 17, 2005. TPMs have higher visibility on Gateway Web Site. |
| Mitsubishi | Apricot AL B2 (?) (e-translated from Japanese.) |
1.1b | Link is to translation from Japanese of a Mitsubishi spec sheet. In the apricot series the security tip/chip TPM (the Trusted Platform Module) v1.1b conformity was loaded for the first time. So far, as for the key which is used with code it was general to be kept in the hard disk and the like, but by the fact that it houses in this tip/chip moving the hard disk in another personal computer, it becomes impossible to read contents. |
| Sony | VAIO® BX Series | 1.1b | From spec sheet for VGN-BX540B CTO, "Security Trusted Platform Module (TPM) TCG Ver 1.1b Compliant with Wave Software" There are a number of other Sony models with TPM, in Japanese, here. |
| ASUS | U5A | 1.1b from Infineon | See page 26 in this Chinese language PDF file. |
| Tablet PCs | Models | TPM Manufacturer |
Comments |
| Fujitsu | T4000 Tablet PCs | Based on previous Fujitsu offerings, Infineon. | Begins shipping October 21, 2004 |
| Fujitsu | ST5020 Tablet PCs | Based on previous Fujitsu offerings, Infineon. | More detailed info from Fujistsu here. Fujitsu is marketing the Tablets (with TPM) to the Health Care industry |
| Motion Computing | LS800 ,LE1600 Tablet PCs | Infineon 1.1b | Includes fingerprint readers also. |
| Toshiba | Tecra M4 | Infineon 1.1b | Acticle here in South African e-Zine |
| Reference Designs |
Models | TPM Manufacturer |
Comments |
| Intel | 852GME (pdf) | N/A | Intel Platform Design Guidelines |
| Intel | 865G/865GV/865PE/865P (pdf) |
N/A | Intel Platform Design Guidelines |
| Intel | 875P (pdf) | N/A | Intel Platform Design Guidelines |
| Intel | 848P (pdf) | N/A | Intel Platform Design Guidelines |
| Intel | Kessler Flyer (pdf) |
N/A | 200 "Kessler" Showcase Platforms, including the "2004 Recommended Corporate Stable Platform", containing TPM 1.2 |
| IBM | e-LAP | Atmel | Linux/IBM PDA reference design |
| Motherboard | Models | TPM Manufacturer |
Comments |
| Intel | D865GRH | Infineon | Ships with Infineon management software and Wave Systems EMBASSY Trust Suite |
| Intel | D915GUX | Infineon | Ships with Infineon management software and Wave Systems EMBASSY Trust Suite |
| Intel | D915GEV | Infineon | Ships with Infineon management software and Wave Systems EMBASSY Trust Suite |
| Intel | D925XCV | Infineon | Ships with Infineon management software and Wave Systems EMBASSY Trust Suite |
| Intel | D915GMH | Infineon 1.1b | Two of three available configurations equipped with TPM. Ships with Infineon management software and Wave Systems EMBASSY Trust Suite. |
| Intel | D925XECV2 | Infineon 1.1b | One of two available configurations equipped with TPM. Ships with Infineon management software and Wave Systems EMBASSY Trust Suite |
| Intel | D945GCZ | STMicro (v1.2) | Ships with Wave Systems EMBASSY Trust Suite. Product brief here (pdf file) |
| Intel | D945GTP | STMicro (v1.2) | Ships with Wave Systems EMBASSY Trust Suite. Product brief here (pdf file) |
| Intel | D945GNT | STMicro (v1.2) | Ships with Wave Systems EMBASSY Trust Suite. Product brief here (pdf file) |
| Intel | D955XBK | STMicro (v1.2) | Ships with Wave Systems EMBASSY Trust Suite |
| Intel | LAD975XBXLKR | STMicro (v1.2) | Ships with Wave Systems EMBASSY Trust Suite |
| Radisys | Endura BG845G, Endura LS855 |
? | Wording in user document suggests Atmel TPM (older motherboard model) |
| Radeon Express | ATi Radeon Express 200 Series | Broadcom Gigabit Ethernet w/TPM | Found in Hothardware review November 8, 2004 |
| ASUS | P5LD2-VM | Not explicitly stated, but probably Infineon 1.1b, based on laptop adoption. | Found for sale (with scant details) at ComputerHQ |
Intel ships their motherboards with the TPM disabled and tells System Builders/Integrators NOT to use or activate the TPM or use the Infineon or Wave Systems software (page 6, Trusted Platform Module Ownership)
This is stated due to the TCG specification requiring that all TPM be delivered "unactivated" to the final customer. Only the final customer can activate and "take ownership" of the TPM.
| White Box Manufacturer |
Models | TPM Manufacturer |
Comments |
| Bestbyte Computers | EXPERT PC 2 System (pdf file) |
Infineon | Manufactured with Intel D865GRH mobo |
| Link Computers | Ultra P4T-2800 | Infineon | Manufactured with Intel D865GRH mobo |
| Micaela | Custom Health Care builds |
Infineon | Manufactured with Intel D865GRH mobo |
| Neutron Computers |
Custom build | Infineon | Manufactured with Intel D865GRH mobo |
| Neatware | Custom Build | Infineon | Manufactured with Intel D865GRH mobo |
| Neatware | Digital Media Platform | Infineon | Manufactured with Intel D865GRH mobo |
| Link Computers | Ultra P4T/PCX PC | Infineon | Manufactured with Intel D915GEV mobo |
| XWorks | X6 Workstation | Infineon | Manufactured with Intel D925XCV mobo |
This is only a sample. Judicious use of google will find many more.
| Other Use | Models | TPM Manufacturer |
Comments |
| Densitron | DPX-114, DPX-115 | Infineon/Atmel | In trial production for evaluation (gaming board) |
| Infinium/Phantom Games |
Phantom Gaming console | ? | Security of content, and attestation of console by unknown party at this point. |
| NextBend | UniStac | EMBASSY 2100 (PDF file) |
EMBASSY 'deployment' /WaveXpress application |
| Sentivision | SV-503 | Atmel | Set top box |
| Sentivision | SV-510 IP STB | Atmel | Set top box |
| Arcom | Apollo EBX Embedded PC (pdf file) |
Atmel AT97SC3201 | TPM is a factory build option. Product information here. |
| Microsoft | XBox 360 | Infineon (modified?) | Some discussion whether this is a TCG compliant TPM, or one modified specifically for XBox by Infineon. |
| Seagate | Momentus 5400 FDE | see comments | Not strictly a TPM application. Seagate has developed a secure HD that ties to the onboard TPM (regardless of vendor). Pictures from a trade show demonstrating this capability here |
| Trusted Platform Module | Model | Comments |
| Atmel | AT97SC3201 TCG ver 1.1b |
"The AT97SC3201 is a fully integrated security module designed to be integrated into
personal computers and other embedded systems. It implements version 1.1b of the
Trusted Computing Platform Alliance (TCPA) specification for Trusted Platform
Modules (TPM). This specification has been adopted by the Trusted Computing Group
(TCG)." Over 16 mllion IBM trusted clients have been shipped with Atmel TPM as of June 25, 2004 (per Thorsten Stremlau, EMEA security consultant for IBM, as reported at TCG Business Community Day in Frankfurt) |
| Atmel | AT97SC3202 TCG ver 1.2 (pdf file) |
The AT97SC3202 Trusted Platform Module (TPM) is a fully integrated security module designed to be integrated into personal computers and other embedded systems. It implements version 1.2 of the Trusted Computing Group (TCG) specification for Trusted PlatformModules (TPM) |
| Atmel | AT97SC3201S TCG ver 1.1b |
The AT97SC3201S Trusted Platform Module (TPM) is a single-chip hardware security subsystem designed specifically for embedded systems, such as voting machines, gaming systems, PDAs, set top boxes, POS terminals, ATMs, portable mass storage devices, and industrial controls. |
| Broadcom | BCM5751M | Broadcom HW/ Infineon SW (Gigabit Ethernet Controller) |
| Infineon | SLD9630TT 1.1 TCG ver 1.1b (PDF file) |
"Infineon's TPM solution includes a security IC and software that provides computing platforms with a safer subsystem. This solution builds trust into every computing transaction." Intel's D865GRH, D915GUX, D915GEV and D925XCV motherboards ship with the Infineon TPM. See the motherboard section for more information. |
| On March 14th, National Semiconductor announced the sale of it's PC Super I/O business to Winbond, a Taiwanese company. This includes all of the NatSemi TPM business. Future TPM announcements in this space (for example, TPM v1.2 products) formerly from National Semiconductor will be from Winbond, however, existing products will retain the National Semiconductor name in this table. | ||
| National Semiconductor | Safekeeper PC21100 TCG ver 1.1b |
The PC21100 is no longer offered for new designs |
| Winbond (National Semiconductor) |
Trusted I/O for Desktop TCG ver 1.1b |
Winbond 1.1b product |
| Winbond (National Semiconductor) |
Trusted I/O for Laptop TCG ver 1.1b |
Winbond 1.1b product |
| Winbond (National Semiconductor) |
Trusted I/O for Desktop TCG ver 1.2 |
Winbond 1.2 product |
| ST Microelectronics | ST19WP18 TCG ver 1.2 (PDF file) |
Compliant with TCG 1.2 specification for TPM. ST announced volume availability on September 7, 2004 Wave Systems announces on 7 Sept, 2004 that ST has licensed secure software from Wave for use in ST's Trusted Computing Group (TCG) 1.2 Solution for trusted personal computers |
| Sinosun | SSX35A TCG ver 1.2 |
New TPM entry out of China. Quoted as "Compliant with TCG 1.2 specification for TPM". Introduced March 5, 2005. A TCG Product showcase. 1.2 compliant. Langchao Electronics, Founder Technology Group, Tsinghua Tongfang Co., Ltd and TCL Computer Technology Co.,Ltd are Sinsun TPM customers. |
| Processor Manufacturer | Processor Model | Comments |
| Transmeta | Crusoe Processor | Transmeta announced the first silicon shipment of TM5800 'Crusoe' processors with embedded TPM functionality on January 14, 2003. Crusoe (TM5800) processors are used in tablet PC's and thin client machines. |
| Company/ Organization Name | Software | Description |
| NTRU | Core TCG Software Stack (CTSS) | "The CTSS provides a set of software components that allow applications running under various operating systems to take advantage of the platform's 1.1b compliant TPM in a coordinated, consistent, and portable manner." This from Press release, although the CTSS has been licensed to ST, who has released the first V1.2 compatible TPM. |
| IBM | TrouSerS | Open source (inux only) TSS developed by IBM |
| Infineon | HP ProtectTools/Infineon TPM drivers | Infineon's software is rebranded as HP's ProtectTools software. |
| HP | HP ProtectTools/Infineon TPM drivers | Infineon's software is rebranded as HP's ProtectTools software. |
| HP | HP ProtectTools Credential Manager | BioScript rebranded as HP's credential Manager |
| IBM | IBM Client Security Software | Intended only for IBM machines with Security Chip installed. Currently (September 13, 2004) the security chip installed is the Atmel AT97SC3201 (see TPM Manufacturers section) |
| Atmel | IBM's TCG TSS Stack supplied by Atmel under license | "Atmel provides the necessary driver software for integration into certain operating systems, along with BIOS drivers. A TCG Software Stack (TSS), also supplied by Atmel and available under license, provides communication support to any application using MSCAPI or PKCS #11 Cryptographic APIs. It is understood that this software is Atmel TPM specific and provided by IBM |
| Utimaco | Utimaco Safeguard® for IBM ESS | Data protection software. Specific to IBM platforms. |
| Wave Systems | Embassy Trust System Pro | Supported TPM Platforms: IBM ThinkPad notebooks, IBM NetVista desktops, HP d530 desktops HP nc4010, nc6000, nc8000, and nw8000 notebooks, Intel D865GRH, D915GEV, and D915GUX desktop motherboards, Fujitsu Lifebook S series notebooks. Software includes Document Manager, Private Information Manager and Smart Signature. |
| Wave Systems | Key Transfer Manager | Key Transfer Manager (KTM) is a key archive system for end-users and enterprises to securely archive, restore and transfer keys having migratable properties that are secured by the TPM. Compatible with all TPM brands currently offered. |
| Wave Systems | KTM Enterprise Server AD | KTM Enterprise Server AD is a server software product for secure backup and restoration of protected keys from one TPM-enabled system to another according to security policies defined on the server. Compatible with all TPM brands currently offered. |
| Wave Systems | EMBASSY(r) Security Center | Wave's EMBASSY Security Center is an application for managing Trusted Platform security settings including TPM owner management, user management, and key management. Features include: Centralized TPM Management, Strong Authentication, Robust Password Management, TPM Key Archive Management. Compatible with all TPM brands currently offered. |
| Wave Systems | TCG-enabled CSP | "...allows developers to easily enable their applications to utilize the enhanced hardware-based security of a Trusted Platform." |
| Wave Systems | TCG-enabled toolkit | "...a compilation of tools designed to assist application developers to write new applications, or modifying existing ones, to function on TCG-compliant personal computers having Trusted Platform Module (TPM) security chips" |
| Wave Systems | EMBASSY® Trust Suite Enterprise Security, Dell Edition 1.0 | Dell labeled EMBASSY Trust Suite from Wave. |
| Wave Systems | EMBASSY® Trust Suite Enterprise Security, Dell Edition 2.0 | Dell labeled EMBASSY Trust Suite from Wave. [Dell SKU: A0489031] |
|
Updated March 26, 2006
© 2006 Tony McFadden |
|