TPM as an API for attestation in big, distributed environments

Date Published: January, 06, 2022

By Chris Fenner & Jeff Andersen, Google
Google’s data center platforms currently lean on proprietary Titan hardware and APIs to attest to platform integrity. These APIs provide advanced features like first-instruction integrity of platform firmware and self-attestation of Titan’s application firmware.

Titan hardware and APIs are complementary: for example, advanced self-attestation features are only possible because of the hardware capabilities of the Titan chip. However, this specialized hardware can only be leveraged by Google infrastructure through proprietary APIs. This presents a problem for Google when aiming to ingest off-the-shelf hardware.

In this talk, Google presents how we approach attestation in our data center fleet. We also propose new TPM APIs that, along with identity features like DICE, would provide security features similar to Google’s proprietary solutions. This will allow data center operators to leverage third-party roots of trust that support these enhanced security features, from a wide range of vendors, rather than relying on proprietary hardware or APIs.

Google’s Project PINT (Platform INTegrity) is an effort to advance the state of industry-standard platform integrity through open APIs. Project PINT complements other efforts to advance the state of industry RoT security, e.g., OpenTitan. Google is invested in contributing to transparency at both the hardware and API levels, envisioning a future where both are considered foundational.


Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more


Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read More