Hey where is my editiongs. The Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a [[hardware]] pseudo-[[random number generator]]. It also includes capabilities such as [[Trusted computing#Remote attestation|remote attestation]] and [[Trusted computing#Sealed storage|sealed storage]]. "Remote attestation" creates a nearly unforgeable [[Cryptographic hash function|hash key]] summary of the hardware and software configuration. The extent of the summary of the software is decided by the program encrypting the data. This allows a third party to verify that the software has not been changed. "Binding" encrypts data using the TPM [[Trusted computing#Endorsement key|endorsement key]], a unique [[RSA]] key burned into the chip during its production, or another trusted key descended from it.<ref>{{cite web|url=http://linux.die.net/man/3/tspi_data_bind|title=tspi_data_bind(3) - Encrypts data blob|publisher=Trusted Computing Group|accessdate=2009-10-27}}</ref> "Sealing" encrypts data similar to binding, but in addition specifies a state in which the TPM must be in order for the data to be decrypted (unsealed).<ref>{{cite web|url=http://www.trustedcomputinggroup.org/files/static_page_files/72C33D71-1A4B-B294-D02C7DF86630BE7C/TPM%20Main-Part%203%20Commands_v1.2_rev116_01032011.pdf|title=TPM Main Specification Level 2 Version 1.2, Revision 116 Part 3 - Commands|publisher=Trusted Computing Group|accessdate=2011-06-22}}</ref>
A Trusted Platform Module can be used to authenticate hardware devices. Since each TPM chip has a unique and secret [[RSA]] key burned in as it is produced, it is capable of performing platform [[authentication]]. For example, it can be used to verify that a system seeking access is the expected system.
