Trusted Platform Module

Re: Trusted Platform Module

A TPM has been standard in most business class desktops and laptops for several years. Anyone using Bitlocker in the Windows world has needed one since the Windows 7 days. With the amount of cryptographic information needed to store in the modern world this is going to be a standard issue hardware on almost everything going forward.

Re: Trusted Platform Module

I see a lot of Windows 10 Home computers installed in SMB customer locations when I install print drivers or configure scan to email. A lot of Windows 10 Home computers have rec'd automatic Windows 11 updates.

I do not know but maybe this new TPM chip installed in near future Toshiba copiers is a move to get ahead of this new Microsoft security requirement.

Could this also put the used equipment market in disarray and maybe obsolete when a customer attempts to connect a print device to a Windows 11 computer?

Re: Trusted Platform Module

TPM has nothing to do with an external device. Nothing external to the machine communicates with it or interacts in any way with it. It allows for encryption keys or other similar information to be stored outside of the operating system. An attacker may be able to remotely access an operating system, but it's much harder to remotely access a piece of discrete hardware that sits on the motherboard of the system, so it's the perfect place to keep data securely.

As for the Windows Home machines: Microsoft has required secure boot for any Windows 10 machine since at least 2016 and many consumer grade machines have a software based TPM equivalent that runs off the motherboard as opposed to a dedicated hardware component. For my own customers, anyone we do IT services for is required to be running a Pro version of Windows: the policy features alone, even if not in a domain and just locally set, make it worth it. Not to mention, full BitLocker.

Sent from my BlackBerry using Tapatalk

Re: Trusted Platform Module

Another master class from real world. We are simply honoured and enlightened.

Re: Trusted Platform Module

... so for an IT Manager who has to make a purchase decision, would you choose a print device with TPM built in or without any form of TPM protection?

Does this make the used equipment market obsolete for those customers whose network is under a Managed IT service contract?

... there are millions of installed Windows computers in the market that are not Professional versions.

... I see it to be pretty easy for SMB buyers to be ill informed and indifferent about TPM and to become vulnerable to sales reps pitching that they must have this feature.

Re: Trusted Platform Module

At this point it's more of a selling point for a new machine than anything else. There are other ways of protecting printers besides hardware: VLAN's, limited access, TLS, etc. Used equipment will still be perfectly valid for most use cases.

Without knowing what exactly they're using it for, it's likely just a component that's included on the board from the contract manufacturer. For customers with compliance requirements, it may be a good opportunity for an upgrade.


Sent from my BlackBerry using Tapatalk

Re: Trusted Platform Module

... Bingo! Thanks, TBD.

Re: Trusted Platform Module

Just to throw in my $.02. A big feature of TPM is that it holds the private key which is used in decryption, public key is used in encryption. The private key is randomly burned into the chip in the factory. So when you are working with anything encrypted by your public key, you need the private key to decrypt. In olden times private key was hashed and stored on hard drive. Hackers could gain access and if they had enough computing power and time they might crack it. TPM it is burned to a chip and supposedly out of reach. I believe eventually someone will figure out how to get it though. Bitlocker is impossible to hack without the private key. So in theory, if a hard drive gets separated from it's computer, it's totally useless for obtaining data on it, because the private key always stays with the motherboard. Also it is my understanding that if you use bitlocker on a flashdrive, the flash drive data will only work on the computer that created it. It's a great security tool especially with flashdrives which have a tendancy to be lost.

Re: Trusted Platform Module

... the next generation of Toshiba copiers, ETA summer 2022, will feature a 128 GB SSD and not a Toshiba original Secure Encrypted HDD.

Maybe the SSD and TPM have something to do with each other as the explanation by Tonerhead sounds a lot like the technology that Toshiba introduced in it's Secure Encrypted HDDs (SED-HDD).

Toshiba is the #3 volume supplier of SSDs to the world and invented the technology. I am sure they have a few ideas about what they are doing. The new product will also include proprietary anti-malware technology built in.

Re: Trusted Platform Module

Not entirely accurate on BitLocker. During the encryption process, a recovery key is generated that will allow you to unlock the drive. In an Active Directory environment, you can have the key become part of the computer object's attributes. An administrator on the machine when booted can also make a backup of the recovery key. The key can be regenerated with new values at any time. The TPM can trigger needing the recovery key if enough changes are made to the computer (additional memory, new hardware installed, etc), or because of a completely discharged battery on a laptop. From just a hard drive, there is no way to access the content without this key.

For flashdrives, you have to create a password to unlock the drive on a different computer.

Sent from my BlackBerry using Tapatalk

Re: Trusted Platform Module

Supposedly next gen Ricoh will do the same this summer. I think Canons are already to this point.

Re: Trusted Platform Module

Canons have had tpm since the advance series, maybe 8 years ago, I have read on this forum that canon hard drives are unusable anywhere apart from inside the machine.

Re: Trusted Platform Module


Yes/no. I was involved with that thread you are thinking of. I have never been able to take a canon hdd from a machine going to copier heaven (dumpster) and format it for other use like in a computer. Apparently that is something Canon burned into the bios of the hdd. I asked a canon instructor why this was so, the only explaination he gave me is in other equipment thieves will steal hdds not for the info, but to use personally in computers or sell cheap on street corners. Let's face it in 2 minutes I could steal a Ricoh hdd from a machine. The price of hdds have decreased quite a bit but maybe that was the case back when. Personally I think it helps canon line their pockets as you need to buy hdds from them.

I haven't had opportunity yet, but techs I work with have had canon hdds fail. So they will recover a drive from a copier going to heaven and use it.

So yes tpm protects the data, but not the physical drive. You can take a windows bitlocker drive, erase it and reuse it elsewhere. But you can't do that with a canon drive because it is burned into the hard drive bios. That is the info I got from a Canon trainer. AFAIK, the only way to erase data on a canon hdd is to do it in the machine, if you try to do it outside, it can't be done.



BTW: "When you think you have made a procedure idiot proof your company employs a better idiot" I love it, so true.