HP Announces Future of Work Capabilities with HP TPM Guard, a New Defense Against Physical Access Attacks Stealing PC Data

News Highlights

• Eliminates known BitLocker security vulnerabilities with the world's first hardware solution to block physical TPM bus attacks (*1)

• Enhances PC security with new HP Wolf Security features

• Introduces a new LaserJet portfolio with quantum-resistant security

This release is a Japanese translation based on a press release issued by HP Inc. (Headquarters: Palo Alto, California, hereinafter "HP") on March 24, 2026 (local time).

At the global event "HP Imagine 2026," HP announced "HP TPM Guard," the first hardware solution to prevent physical TPM bus attacks (a method of physically connecting a probe to a PC's motherboard and stealing encryption keys like BitLocker via communication). This has led to the world's first business notebooks that prevent physical access attacks that disable BitLocker drive encryption (*2). HP also enhanced the capabilities of its "HP Wolf Security" PC portfolio and incorporated quantum-resistant features into a wider range of HP printers.

〈Resolving BitLocker Security Gaps with "HP TPM Guard"〉

PCs are at the heart of hybrid work, storing vast amounts of sensitive information, from confidential documents and credentials to customer and employee data. With the proliferation of AI applications that process audio, video, and screenshots, the amount of sensitive data stored on PCs is increasing even further.

BitLocker has been widely used by enterprises to protect this data in case of PC loss or theft, but recent vulnerabilities have made it possible for attackers with physical access to a device to bypass BitLocker and extract data. This method, commonly referred to as a "TPM bus attack," relies on an attacker intercepting communication between a certified TPM and the CPU, and can be executed in less than a minute with as little as $20 worth of hardware and minimal training.

"HP TPM Guard" protects against this threat by introducing an encrypted link between the TPM and the CPU, preventing interception and probing attacks. The TPM is cryptographically tied to the device and will cease to function if removed or tampered with. This allows IT teams to close an industry-wide security gap without increasing complexity.

Ian Pratt, Vice President and CTO of Security & Commercial Systems, HP Personal Systems, commented: "PCs already store a vast amount of sensitive information, and with new multimedia AI applications, more sensitive workloads are moving to the edge. The security of the underlying PC platform is more critical than ever in protecting the Future of Work. Previously, BitLocker was relied upon for data protection, but today, with just a few hours of training and a $20 hardware kit, attackers can bypass that protection. HP has worked closely with its semiconductor partners to develop hardware and firmware solutions that prevent all such threats, providing the stronger protection our customers have been asking for. This solves an industry-wide problem and has significant implications for all businesses, especially those in regulated industries, government agencies, and organizations that manage sensitive information on PCs and need to take every precaution to protect their data."

"HP TPM Guard" is the latest in a long line of security innovations that have emerged from the HP Security Lab over the past two decades. HP proactively identifies new threats, develops solutions for HP products, and then works with industry standardization bodies to raise the security bar across the entire IT ecosystem. Based on this philosophy, HP has already proposed the TPM Guard technology to the Trusted Computing Group for adoption as an industry standard.

For the technical background of "HP TPM Guard," please refer to this blog.

〈New "HP Wolf Security" Features to Reduce Enterprise Costs and Risks〉

HP has also enhanced the security of its commercial PC portfolio with new "HP Wolf Security" features. These focus on increasing synergy between the "HP Workforce Experience Platform (WXP)," "HP Wolf Security," and enterprise architectures to reduce operational costs and cyber risks. These new features include:

• Integration of security features and WXP to reduce risk and operational friction

• Next-generation "Wolf Connect" cellular cards for reduced power consumption and improved accuracy

• Expanded "Sure Recover" platform support at a lower cost

• Centralized collection of security logs

〈Quantum Resistance – The Future of Print Security〉

Experts predict that by 2034, quantum computers will have up to a 34% chance of breaking existing asymmetric encryption (*1), increasing the urgency for quantum-resistant protection measures. With printers increasingly targeted as entry points into networks, HP is extending quantum-resistant cryptographic technologies to a wider range of devices.

• HP LaserJet Pro 4000/4100 Series: The world's first small and medium-sized business printers with quantum-resistant protection (*3). In addition, they feature tamper-resistant toner chips, firmware, and packaging. They also enable streamlined security compliance and centralized management across all devices through the "HP Workforce Experience Platform" and optional "HP Security Manager."

• HP LaserJet Enterprise 5000/6000 Series: The world's first enterprise printers with factory-installed protection against quantum computer attacks (*4). This reduces the risk of information leakage (*5). This series also features HP Wolf Enterprise for cyberattack detection, isolation, and automatic recovery (*6). Furthermore, it is the only printer with detection and recovery capabilities for zero-day threats during memory code execution (*7).

The "HP LaserJet Enterprise 5000/6000 Series" also includes Automated Guided Redaction, which detects and removes sensitive information such as personal data and financial information, helping organizations meet compliance requirements without requiring additional review by IT departments.

About HP

HP Inc. (NYSE: HPQ) is a global technology leader that supports the Future of Work. Operating in over 180 countries, HP provides innovative AI-powered devices, software, services, and subscriptions that drive business growth and empower professionals.

About "HP Wolf Security" (*8)

"HP Wolf Security" is world-class endpoint security. HP's portfolio, reinforced by hardware and consisting of endpoint-focused security services, is designed to help organizations protect their PCs, printers, and employees from cybercrime. "HP Wolf Security" provides comprehensive endpoint protection and resilience, starting at the hardware level and extending to software and services. For information on "HP Wolf Security," please visit https://hp.com/wolf.

*1: Based on HP's internal analysis of business PCs with discrete TPMs as of February 2026. "HP TPM Guard" is a hardware-based security feature that protects communication between the TPM and CPU from specific physical attack methods, including bus probing. Actual protection effectiveness may vary depending on system configuration and attack methods.

*2: Based on HP's internal analysis of business notebooks with independent TPM architecture as of February 2026. "HP TPM Guard" is designed to prevent specific physical access attacks that attempt to disable BitLocker drive encryption by intercepting TPM communication. The effectiveness of BitLocker and overall security depend on system configuration, security policies, and the threat environment. "HP TPM Guard" is only available on specific PC platforms and may require a BIOS update.

*3: Based on HP's internal analysis of business-class Pro printers with pre-installed encryption, authentication, Secure Boot BIOS verification, write-protected memory, post-quantum digital signatures, and initial BIOS firmware integrity protection as of January 2026, no other printers in the same class were found to implement quantum-resistant cryptography for BIOS and firmware integrity protection.

*4: Based on HP's internal analysis of enterprise-class printers with pre-installed encryption, authentication, malware protection with Sure Start BIOS verification, post-quantum digital signatures, and initial BIOS firmware integrity protection with automatic self-healing capabilities, as of March 2025, no other printers in the same class were found to implement quantum-resistant cryptography for BIOS and firmware integrity protection.

*5: Relative reduction in cyberattack exposure risk for business Pro printers: Risk reduction estimates are based on HP's internal analysis and modeled comparisons. An estimated maximum effective risk reduction of approximately 20% reflects a comparative evaluation of HP's SMB/Pro printers and the security features of other major printer OEMs under a defined threat model. This estimate does not guarantee security and does not cover all attack vectors. Actual risk reduction may vary depending on device model and firmware version, configuration and security policies, network environment and usage patterns, scope of EDR integration, and attacker capabilities and behavior. Relative reduction in cyberattack exposure risk for enterprise devices: Risk reduction estimates based on HP's internal analysis and modeled comparisons. An estimated maximum effective risk reduction of approximately 80% reflects a comparative evaluation of HP enterprise printers and the security features of other major printer OEMs in the same class under a defined threat model. This estimate does not guarantee security and does not cover all attack vectors. Actual risk reduction may vary depending on device model and firmware version, settings and security policies, network environment, usage patterns, scope of EDR integration, and attacker capabilities and behavior.

*6: HP's advanced embedded security features are available on HP Managed and Enterprise devices with HP FutureSmart Firmware 4.5 or later. This claim is based on HP's research into the capabilities of competing printers in the same class publicly available as of June 2025. Only HP provides a combination of security features that comply with NIST SP 800-193 guidelines for device cyber resilience, automatically detecting, isolating, stopping attacks, and recovering through self-healing reboots. Printers are most vulnerable to attack during startup and operation (sleep mode and in use). Only HP enterprise printers protect devices for 99.9% of their operating time with Sure Start BIOS protection, Memory Shield with hardware-based runtime intrusion detection, and Control Flow Integrity (CFII) for detecting and recovering from zero-day threats. In addition, network behavior anomaly detection by Connection Inspector is also provided, all combined with self-healing recovery.

For a list of compatible products, please visit hp.com/go/PrintersThatProtect .

For more details, please visit hp.com/go/PrinterSecurityClaims .

*7: HP's advanced embedded security features are available on HP Managed and Enterprise devices with HP FutureSmart Firmware 4.5 or later. This claim is based on HP's research into the capabilities of competing printers in the same class publicly available as of June 2025. Only HP provides quantum-resistant BIOS firmware integrity and a combination of security features that comply with NIST SP 800-193 guidelines for device cyber resilience, enabling automatic detection, isolation, stopping of attacks, and recovery through self-healing reboots. Printers are most vulnerable to attack during startup and operation (sleep mode and in use). Only HP enterprise printers protect devices for 99.9% of their lifecycle with Sure Start BIOS protection, Memory Shield with hardware-based runtime intrusion detection and control flow integrity, zero-day threat detection and recovery, and network behavior anomaly detection by Connection Inspector, all combined with self-healing capabilities.

For a list of compatible products, please visit hp.com/go/PrintersThatProtect .

For more details, please visit hp.com/go/PrinterSecurityClaims.

*8: "HP Wolf Security for Business" requires Windows 10 or 11 Pro or later and includes various HP security features, available on HP Pro, Elite, RPOS, Workstation, and Thin Client products. For details on security features, please check the specifications of each product.