HP Launches New Hardcore Security Layers

HP Computer has unveiled HP TPM Guard, an encrypted communication channel between Trusted Platform Module (TPM) and CPU, preventing interception and probing attacks during boot process.

The new hardware-rooted security has mattered more than ever given that traditional security strategies have focused heavily on software controls such as endpoint protection platforms, operating system hardening, and network monitoring.

Although these layers remain essential, they cannot fully protect a device if attackers can directly access the hardware, which informs the growing interest in hardware-rooted security – systems designed with protection built in from the silicon up.

The TPM is cryptographically bound to the device itself, meaning it cannot simply be moved into another device and tricked into revealing encryption keys. This closes a long-standing industry security gap while avoiding additional complexity for IT teams.

The laptop which is the centre of everything done at the organisation, holding most important work—from confidential documents and messages to credentials and sensitive data about customers and employees has become an increasingly attractive target for attackers.

At the same time, the value of these devices to attackers is increasing. Modern laptops are processing more sensitive information locally than ever before. The rapid adoption of AI-powered applications is accelerating this shift, as tools that analyze documents, images, and voice recordings expand the amount of sensitive data handled directly on endpoints.

A compromised laptop may also contain cached credentials, locally stored corporate data, or authenticated access to internal applications. Attackers can use this foothold to extract sensitive information or move deeper into enterprise networks.

The need for enhanced security has become stronger out of recognition that BitLocker disk encryption, which most organisations rely on and deploy to ensure that data on lost or stolen laptops remain protected, can indeed be bypassed if an attacker has physical access to a device.

One example is a technique known as ‘TPM bus snooping’ which allows attackers to intercept communications between the device’s TPM, a specialized security chip responsible for several critical security functions. It securely stores cryptographic keys, supports authentication mechanisms, and enables secure boot processes.

In its default configuration, the TPM releases the disk decryption key during system startup once the device verifies that the boot environment is trusted. This default TPM-only configuration of BitLocker is attractive for ease of deployment, meaning many devices automatically unlock the encrypted drive during boot without requiring additional authentication.

Importantly, this isn’t a vulnerability that can simply be patched through software updates. The issue lies in how hardware components communicate during startup. Once an attacker has physical access to the device, they are operating outside many of the assumptions that software protections rely on.

For organizations, this creates an uncomfortable compliance question as to whether standard BitLocker can still be treated as a sufficient mitigating control when deciding if the loss of a device containing PII must be reported to national data protection authorities.