HP’s hardware solution to stop physical TPM bus attacks, closing a known BitLocker security gap (claim based on HP internal analysis of business class PCs with discrete TPM implementations, actual protection effectiveness may vary depending on system configuration and attack methods).
HP Inc. has launched HP TPM Guard – the first hardware solution to stop physical TPM bus attacks, delivering the world’s first business notebook to prevent physical-access attacks that defeat BitLocker drive encryption (claim based on HP internal analysis of business notebooks with discrete TPM architectures, BitLocker effectiveness and overall security depend on system configuration, security policies, and threat environment). HP TPM Guard is only available on specific PC platforms and may require a BIOS update.
Closing the BitLocker Security Gap with HP TPM Guard
PCs are at the centre of modern, hybrid work, and with the rise of AI applications processing voice, video and screenshots, the volume of sensitive data held on PCs is only increasing.
BitLocker has been widely used by enterprises to protect this data if PCs are lost or stolen, but vulnerabilities uncovered in recent years can enable an attacker with physical access to a device to bypass BitLocker and extract the data.
Commonly referred to as “TPM bus attacks”, this technique relies on attackers intercepting communication between the certified Trusted Platform Module (TPM) and CPU, and can be performed in under a minute with minimal training.
HP TPM Guard protects against this threat by introducing an encrypted link between the TPM and CPU, preventing interception and probing attacks. The TPM is cryptographically bound to the device, rendering it inoperable if removed or tampered with, closing this industry wide security gap, without adding complexity for IT teams.
Dr. Ian Pratt, VP, Security & Commercial Systems CTO, Personal Systems, HP Inc. said:
“PCs already hold huge amounts of sensitive information, and new multi-media AI applications are pushing more sensitive workloads to the edge. The security of the underlying PC platform is ever more critical in securing the Future of Work. While BitLocker has previously been relied upon to protect data, today an attacker with a couple of hours of training and a $20 hardware kit can bypass that protection.”
“Working closely with our silicon partners, HP has developed a hardware and firmware solution that prevents this entire class of threat, delivering the stronger protection customers have been asking for,” continues Dr. Ian Pratt. “This solves an industry-wide problem and will be relevant for all businesses – particularly those in regulated industries, government, and other organizations that manage highly sensitive information on their PCs and need to take every precaution to safeguard their data.”
HP has submitted a proposal to the Trusted Computing Group to contribute TPM Guard technology as an industry standard.
New HP Wolf Security Capabilities across HP commercial PC portfolio
HP is strengthening security across its commercial PC portfolio by announcing new HP Wolf Security capabilities. They are focused on increasing the synergy between Workforce Experience Platform (WXP), HP Wolf Security, and the enterprise architecture to reduce operational overhead and cyber-risk.
These new capabilities include:
- Wolf Controller / WXP Integration to lower risk and operational friction
- Next Gen Wolf Connect cellular card to deliver better accuracy with less power consumption
- Broader Sure Recover platform support at lower cost
- Centralized security log collection on the Wolf Controller
However, HP Wolf Security for Business requires Windows 10 or 11 Pro and higher, includes various HP security features and is available on HP Pro, Elite, RPOS, Workstation and Thin Client products.
