Hardware-based TPM provides hardware-backed security solutions and a root of trust for various mission critical applications. However, hardware-based TPM has several intrinsic problems such as extremely low performance, off-chip security vulnerability, and a lack of incident response agility. In the upcoming Quantum computing era, it is critical to provide Quantum-Resistant (QR) cryptography functions without harming performance. Unfortunately, hardware-based TPM's rigid hardware and software architecture model makes it extremely difficult for hardware-based TPM to transition to accommodate future QR cryptographic systems. On the other hand, software-based TPMs (e.g., firmware-based TPM) provide a CPU-based, on-chip security solution. They utilize low-level on-chip primitives offered by chipsets such as ARM TrustZone or Intel Software Guard Extensions (SGX) to build a system with a high-level of trust computing environment. A software-based TPM solution provides higher performance, on-chip security, and incident response agility. However, it is lacking in hardware-backed protection and several vital features such as secure key storage, robustness against side-channel attacks, true random number generation, among others. In addition, its implementation is highly dependent on low-level primitives provided by each hardware vendor, which makes it difficult for it to be provided as a generalized solution. In this paper, we propose hybrid-TPM (hTPM), which fully utilizes the advantages of a hardware-based TPM and diminishes a hardware-based TPM's weaknesses through software-based TPM solutions inside a secure container, e.g., Virtualization-Based Security (VBS). We implemented hTPM as a fully dual mode TPM, i.e., giving end-users full control in choosing between a hardware TPM mode and a software TPM mode based on their needs. We performed and will provide a full risk analysis of the proposed hTPM to show how to best overcome security challenges in realizing hTPM. Finally, we provide a performance analysis of our proposal to show the drastic improvements in cryptographic operations.
