{
	"id": "d780107c-a45b-4ce1-9d4a-4894050b9ef2",
	"created_at": "2026-04-06T00:12:22.286964Z",
	"updated_at": "2026-04-10T13:11:47.814631Z",
	"deleted_at": null,
	"sha1_hash": "6c3e5ec8252469e57b53ad7ccbc2feb55600c2f5",
	"title": "Increase Security with TPM, Secure Boot, and Trusted Boot",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43234,
	"plain_text": "Increase Security with TPM, Secure Boot, and Trusted Boot\r\nBy Vibhoosh Gupta\r\nPublished: 2024-08-27 · Archived: 2026-04-05 17:56:14 UTC\r\nIncrease Security with TPM, Secure Boot, and Trusted Boot\r\nControl systems must be secure by design and should have a hardware root of trust as the foundation of all the\r\nsecurity constructs in the control system. Emerson PLC/PAC controllers come with Trusted Platform Module\r\n(TPM) technology that enables hardware root of trust. All PLC/PAC boot firmware is signed by Emerson with the\r\nprivate key stored in the TPM to ensure only Emerson-signed firmware will run on the hardware. Patches supplied\r\nby Emerson are also signed for verification purposes prior to loading. Here’s why TPM is important.\r\nTrusted Platform Module\r\nThe Trusted Platform Module (TPM) is a separate hardware module with a dedicated microcontroller providing\r\ncryptographic key generation and key storage capability. Since each TPM chip has a unique and secret RSA key\r\npair burned in, it can perform platform authentication. Software can use the TPM to authenticate other hardware\r\ndevices. The TPM can be used for both encryption and decryption operations and is an excellent source of entropy\r\nfor random number generation. The random number generator makes it virtually impossible for any other system\r\nto guess the generated sequence. This capability, when combined with the server public key, creates an encrypted\r\nlink between two ends. The TPM generates a non-repeatable number that makes it difficult for outside influences\r\nto decipher the data being transmitted. The TPM can be implemented on any computer platform and is required by\r\nthe United States Department of Defense (TPM version 1.2 or higher) for many of their devices, including phones\r\nand computers. TPM forms a “hardware root of trust” when used in conjunction with BIOS. Root of Trust (RoT)\r\nis a set of functions in the trusted computing module that is always trusted by the computer's operating system\r\n(OS). The RoT serves as a separate computer engine, controlling the trusted computing platform cryptographic\r\nprocessor on the device in which it is embedded. TPM allows secure storage and reporting of security metrics that\r\ncan be used to randomly validate the system’s configurations to ensure changes haven’t occurred. Remote\r\nAttestation, an authentication process, can be facilitated when the TPM creates a nearly unforgeable hash key that\r\nis a signature of the hardware and software configuration. This could allow third-party systems to verify that the\r\nsoftware has not been changed.\r\nSecure Boot\r\nWith Secure Boot, the control system firmware checks that the system boot loader is signed with a cryptographic\r\nkey authorized by Emerson and stored in a database contained in the firmware. It is used by UEFI (Unified\r\nExtensible Firmware Interface) in conjunction with BIOS for controlled boot to prevent the execution of unsigned\r\nprograms.\r\nTrusted Boot\r\nTrusted Boot takes over where Secure Boot leaves off. Trusted Boot verifies the digital signature of the OS. In\r\nturn, the OS verifies the components it will use in the startup process, such as startup files and boot drivers. If a\r\nfile has been modified, the boot loader detects the change, then refuses to load the corrupt component. Trusted\r\nhttps://emersonexchange365.com/products/control-safety-systems/f/plc-pac-systems-industrial-computing-forum/8383/increase-security-with-tpm-secure-boot-and-trusted-boot\r\nPage 1 of 2\n\nBoot will only use trusted software, often implemented by using signed and certified software from the\r\nmanufacturer, resulting in proper configuration and patch management.\r\nThis discussion is one of a series of blogs discussing security in industrial PLC/PAC control systems. If you’d like\r\nto see others, click here.\r\nAre you currently relying on hardware root of trust?\r\nunified architecture framework\r\nEdge controller\r\nIndustry 4.0\r\nEdge Computing\r\nIIoT\r\nOPC UA\r\nIndustrial Computing\r\nIndustrial Processes\r\nPLC\r\nPAC\r\nIoT\r\nSource: https://emersonexchange365.com/products/control-safety-systems/f/plc-pac-systems-industrial-computing-forum/8383/increase-securit\r\ny-with-tpm-secure-boot-and-trusted-boot\r\nhttps://emersonexchange365.com/products/control-safety-systems/f/plc-pac-systems-industrial-computing-forum/8383/increase-security-with-tpm-secure-boot-and-trusted-boot\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://emersonexchange365.com/products/control-safety-systems/f/plc-pac-systems-industrial-computing-forum/8383/increase-security-with-tpm-secure-boot-and-trusted-boot"
	],
	"report_names": [
		"increase-security-with-tpm-secure-boot-and-trusted-boot"
	],
	"threat_actors": [],
	"ts_created_at": 1775434342,
	"ts_updated_at": 1775826707,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6c3e5ec8252469e57b53ad7ccbc2feb55600c2f5.pdf",
		"text": "https://archive.orkl.eu/6c3e5ec8252469e57b53ad7ccbc2feb55600c2f5.txt",
		"img": "https://archive.orkl.eu/6c3e5ec8252469e57b53ad7ccbc2feb55600c2f5.jpg"
	}
}