What is a TPM?

A TPM is a hardware security module that provides secure key storage and platform attestation. It’s a dedicated processor on the motherboard (or a separate module) that stores cryptographic keys in protected, non-volatile memory and performs cryptographic operations in hardware, helping prevent keys from being extracted by software. It can seal data to specific platform states and generate attestation evidence that proves the system’s boot and configuration haven’t been tampered with. This enables secure boot, trusted encryption keys, and remote verification of a server’s integrity. The other options describe unrelated concepts: a thermal protection mechanism is about cooling or throttling, a memory type is a different component, and a RAID configuration is about disk redundancy.