A lot of folks using the IoT Hub Device Provisioning Service are starting to use hardware security modules (HSMs) in their devices because of how easy it is to use an HSM with the provisioning service. This is great, and the team loves hearing about customers increasing the security of their solutions. However, since a lot of customers are new to HSMs, particularly Trusted Platform Modules (TPMs), we've received a couple of questions about how TPMs specifically fit into the existing manufacturing process. This blog post should help clarify things.

This article is only relevant for devices using TPM 2.0 with HMAC key support and their endorsement keys and not for devices using X.509 certificates for authentication. Check out this blog post to learn more about secure hardware with the Device Provisioning Service using X.509 certificates. TPM is an industry-wide, ISO standard from the Trusted Computing Group, and you can read more about TPM at the complete TPM 2.0 spec or the ISO/IEC 11889 spec.

Read about it in the Azure blog.