... known-software and are up-to-date using a TPM feature called quoting or attestation. The boot-log can also be used to protect keys for disk encryption, because the TPM incorporates a feature called sealing that can be used to make sure that the encryption key is only disclosed to authorized ...