With approaches dating back to the 20th century, the idea of a TPM is simple: An
isolated, constrained environment to offload trust establishment in a larger
computing environment. That implies cryptography, firmware, hardware, and per
application, different requirements. This talk elaborates on how the seemingly
simple concept has been expanded over the years, enumerating implementations in
hardware, firmware, other layers of software, and even web browsers, explaining
why it is in fact far more complex than anticipated by looking at contemporary
use-cases, ending up with a discussion around the controversy about Microsoft
mandating presence of a TPM in order to run Windows 11.