HP Imagine 2026: HP Leads Security for the Future of Work with Launch of HP TPM Guard: New Protection Against Physical Access Attacks that Steal PC Data

News Highlights:

• Launches the world’s first hardware solution to stop physical TPM bus attacksⁱ, closing a known BitLocker security gap
• Advances PC security with new HP Wolf Security capabilities
• Introduces new LaserJet portfolio with quantum-resistant security
  
  
  
  

NEW YORK, March 24, 2026 (GLOBE NEWSWIRE) -- Today, at HP Imagine 2026, the company launched HP TPM Guard – the first hardware solution to stop physical TPM bus attacks, delivering the world’s first business notebook to prevent physical-access attacks that defeat BitLocker drive encryptionⁱⁱ. HP also announced enhancements to its HP Wolf Security PC portfolio and brought quantum resistance to a broader range of HP printers.

Closing the BitLocker Security Gap with HP TPM Guard

PCs are at the center of modern, hybrid work, storing vast amounts of sensitive information – from confidential documents and credentials to customer and employee data. With the rise of AI applications processing voice, video and screenshots, the volume of sensitive data held on PCs is only increasing.

BitLocker has been widely used by enterprises to protect this data if PCs are lost or stolen, but vulnerabilities uncovered in recent years can enable an attacker with physical access to a device to bypass BitLocker and extract the data. Commonly referred to as “TPM bus attacks”, this technique relies on attackers intercepting communication between the certified Trusted Platform Module (TPM) and CPU, and can be performed in under a minute, using just $20 of hardware with minimal training.

HP TPM Guard protects against this threat by introducing an encrypted link between the TPM and CPU, preventing interception and probing attacks. The TPM is cryptographically bound to the device, rendering it inoperable if removed or tampered with – closing this industry wide security gap, without adding complexity for IT teams.

Dr. Ian Pratt, VP, Security & Commercial Systems CTO, Personal Systems, HP Inc. said: “PCs already hold huge amounts of sensitive information, and new multi-media AI applications are pushing more sensitive workloads to the edge. The security of the underlying PC platform is ever more critical in securing the Future of Work. While BitLocker has previously been relied upon to protect data, today an attacker with a couple of hours of training and a $20 hardware kit can bypass that protection.”

“Working closely with our silicon partners, HP has developed a hardware and firmware solution that prevents this entire class of threat, delivering the stronger protection customers have been asking for,” continues Dr. Ian Pratt, VP, Security & Commercial Systems CTO, Personal Systems, HP Inc. “This solves an industry-wide problem and will be relevant for all businesses - particularly those in regulated industries, government, and other organizations that manage highly sensitive information on their PCs and need to take every precaution to safeguard their data.”

HP TPM Guard is the latest in a long series of security innovations to come out of the HP Security Lab over the last 20 years. HP proactively identifies emerging threats, creates solutions for HP products, and then works with industry standards bodies to ultimately raise the bar for the whole IT ecosystem. With this in mind, HP has already submitted a proposal to the Trusted Computing Group to contribute TPM Guard technology as an industry standard.

To read about the engineering behind HP TPM Guard please visit this

New HP Wolf Security Capabilities to Reduce Cost and Risk for Businesses

HP is also strengthening security across its commercial PC portfolio by announcing new HP Wolf Security capabilities. They are focused on increasing the synergy between Workforce Experience Platform (WXP), HP Wolf Security, and the enterprise architecture to reduce operational overhead and cyber-risk. These new capabilities include:

• Wolf Controller / WXP Integration to lower risk and operational friction
• Next Gen Wolf Connect cellular card to deliver better accuracy with less power consumption
• Broader Sure Recover platform support at lower cost
• Centralized security log collection on the Wolf Controller
  
  
  
  

Quantum Resistance – The Future of Print Security

Experts predict that the possibility of a quantum computer breaking existing asymmetric cryptography is up to 34% by 2034¹ driving the urgency for quantum-resistant protections. With printers increasingly targeted as an entry point into networks, HP is expanding quantum-resistant cryptography to a wider range of devices:

• New HP LaserJet Pro 4000/4100 Series: The world’s first SMB printers with quantum-resistant protectionⁱⁱⁱ alongside tamper-resistant toner chips, firmware, and packaging. HP Workforce Experience Platform, and optional HP Security Manager, also enable streamlined security compliance and fleet-wide device management under one umbrella.
  
  
  
  
• New HP LaserJet Enterprise 5000/6000 Series: The world’s first enterprise printers shipped from the factory with protection against quantum computer-based attacks^iv, reducing the risk of exposure^v. The series is also powered by HP Wolf Enterprise to detect, isolate, and automatically recover from cyberattacks^vi and features the only printers with zero-day threat detection and recovery during memory code execution^vii.
  
  
  
  

The HP LaserJet Enterprise 5000/6000 Series will also feature Automated Guided Redaction, which detects and removes sensitive information, such as personal data or financial details, helping organizations support compliance requirements without adding extra review steps for IT.

More information on today’s news at HP Imagine can be found 

Frequently Asked Questions

      1.   What is a TPM? 

A Trusted Platform Module (TPM) is a security chip used for various security-related functions. Its primary purposes include: 

• • Cryptographic Key Storage – Generates, stores, and protects cryptographic keys in a tamper-resistant way, including by restricting access to the key based on boot-time firmware or software measurements.
  • Data Encryption – Used by features like BitLocker (Windows) or LUKS (Linux) to encrypt drives securely.
  • Authentication – Supports secure user or platform identity verification using stored credentials for authentication.  
  • Measured Boot and Remote Attestation – A security mechanism that allows a device to store firmware measurements during boot, enabling an external party (e.g., IT Admin) to securely verify that the firmware is running correctly. 
  • Defined by Trusted Computing Group (TCG) – International industry consortium that develops standards that helps technology manufacturers verify that their technology is secure for use by the public.
    
    
    
    

All modern business-class PCs include a TPM, and a TPM Version 2 chip is mandatory for Windows 11 (Microsoft requirement). 

      2.   How does HP TPM Guard work?   

• • HP created firmware for both the TPM and the CPU to establish an encrypted connection that protects against physical attacks.  HP TPM Guard combines firmware and hardware to cryptographically bind the TPM to the system's host processor, safeguarding it from advanced attacks, such as laboratory probing. This solution addresses known threats like BitLocker probing attacks and potential future threats. 
  • All TPM communications are encrypted, and the binding to the core logic ensures that the TPM becomes inoperable if removed. Importantly, this protection is transparent to the operating system and applications, requiring no modifications to benefit from the security enhancements.  
    
    
    
    

      3.   How is HP TPM Guard unique?

• • HP TPM Guard is the only solution that provides a certified TPM that isn’t vulnerable to TPM bus attacksⁱ.
  • HP TPM Guard delivers the world’s first business notebooks to prevent physical‑access attacks that defeat BitLocker drive encryptionⁱⁱ.
  • HP TPM Guard is the world’s first hardware solution to stop physical TPM bus attacks^viii.
    
    
    
    

      4.   Who should care about HP TPM Guard? 

• • Any organization that relies on BitLocker to keep their data safe in the event of loss or theft should be interested in HP TPM Guard, as it provides them with the peace of mind that their data is safe even if a device falls into the wrong hands – even if it’s just for a few minutes. 
  • HP anticipates TPM Guard will particularly appeal to regulated customers in the enterprise or government verticals, or other organizations that manage highly sensitive information on their PCs that need to take every precaution to safeguard their data. This includes protection against physical attacks on a device. It’s most relevant for customers concerned about scenarios where an attacker attempts to intercept data as it passes between the TPM and the CPU. 
    
    
    
    

      5.   What devices are HP TPM Guard available on, when will it be available and how much does it cost?

• • HP TPM Guard will be available from July 2026 on select HP G2 commercial PCs. Initially available as a firmware update for supported PCs, will ship built-in later.
  • There is no cost or extra SKU required to obtain HP TPM Guard. 
    
    
    
    

About HP

HP Inc. (NYSE:HPQ) is a global technology leader redefining the Future of Work. Operating in more than 180 countries, HP delivers innovative and AI-powered devices, software, services, and subscriptions that drive business growth and professional fulfillment. For more information, please visit: HP.com.

About HP Wolf Security*

HP Wolf Security is world class endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. Visit . 

*HP Wolf Security for Business requires Windows 10 or 11 Pro and higher, includes various HP security features and is available on HP Pro, Elite, RPOS, Workstation and Thin Client products. See product details for security features.

____________________________

¹ Source:

ⁱ Based on HP internal analysis of business class PCs with discrete TPM implementations as of February 2026. HP TPM Guard is a hardware enforced security feature that protects TPM to CPU communications against certain physical attack techniques, including bus probing. Actual protection effectiveness may vary depending on system configuration and attack methods. 

ⁱⁱ Based on HP internal analysis of business notebooks with discrete TPM architectures as of February 2026. HP TPM Guard is designed to help prevent certain physical‑access attacks that attempt to defeat BitLocker drive encryption by intercepting TPM communications. BitLocker effectiveness and overall security depend on system configuration, security policies, and threat environment. HP TPM Guard is only available on specific PC platforms and may require a BIOS update.

ⁱⁱⁱ Based on HP’s internal analysis of business-class Pro printers with preinstalled encryption, authentication, Secure Boot BIOS validation, write-protected memory, post-quantum digital signatures, and initial BIOS firmware integrity protection finding that no other in-class printers implement a quantum-resistant cryptographic scheme to protect the integrity of the BIOS and firmware as of January 2026.

^iv Based on HP’s internal analysis of Enterprise-class printers with preinstalled encryption, authentication, Sure Start BIOS validation malware protection, post-quantum digital signatures, and initial BIOS firmware integrity protection with automatic self-healing recovery finding that no other in-class printers implement a quantum-resistant cryptographic scheme to protect the integrity of the BIOS and firmware as of March 2025.

^v Relative reduction in cyberattack exposure for business-class Pro Printers: risk reduction estimate based on HP internal analysis and modeled comparisons. The approximate up to 20% reduction in effective risk reflects comparative evaluation of security capabilities in HP SMB / Pro printers versus other leading print OEMs under defined threat models. The estimate is not a guarantee of security and does not account for all attack vectors. Actual risk reduction may vary based on device model and firmware version, configuration and security policy, network environment and usage patterns, EDR integration scope, and adversary capability and behavior. Relative reduction in cyberattack exposure for Enterprise devices: risk reduction estimate based on HP internal analysis and modelled comparisons. The approximate up to 80% reduction in effective risk reflects comparative evaluation of security capabilities in HP Enterprise printers versus other in-class leading print OEMs under defined threat models. The estimate is not a guarantee of security and does not account for all attack vectors. Actual risk reduction may vary based on device model and firmware version, configuration and security policy, network environment, usage patterns, EDR integration scope, and adversary capability and behavior.

^vi HP’s most advanced embedded security features are available on HP Managed and Enterprise devices with HP FutureSmart firmware 4.5 or above. Claim based on HP review of published features as of June 2025 of competitive in-class printers. Only HP offers a combination of security features to automatically detect, isolate, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. Printers are most vulnerable to attack when they are booting up and during runtime (when the printer is in sleep mode and in use). Only HP Enterprise printers protect the device during 99.9% of the printer's life with Sure Start BIOS protection, Memory Shield with hardware -based Runtime Intrusion Detection and Control Flow Integrity to detect and recover from zero-day threats in addition to Connection Inspector network behavior anomaly detection all with self-healing recovery. For a list of compatible products, visit hp.com/go/PrintersThatProtect For more information, visit hp.com/go/PrinterSecurityClaims.

^vii HP’s most advanced embedded security features are available on HP Managed and Enterprise devices with HP FutureSmart firmware 4.5 or above. Claim based on HP review of published features as of June 2025 of competitive in-class printers. Only HP offers quantum resistant BIOS firmware integrity and a combination of security features to automatically detect, isolate, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. Printers are most vulnerable to attack when they are booting up and during runtime (when the printer is in sleep mode and in use). Only HP Enterprise printers protect the device during 99.9% of the printer's life with Sure Start BIOS protection, Memory Shield with hardware-based Runtime Intrusion Detection and Control Flow Integrity to detect and recover from zero-day threats in addition to Connection Inspector network behavioral anomaly detection all with self-healing recovery. For a list of compatible products, visit   For more information, visit

^viii Based on HP internal analysis of business notebooks with discrete TPM architectures as of February 2026. HP TPM Guard is designed to help prevent certain physical-access attacks that attempt to defeat BitLocker drive encryption by intercepting TPM communications. BitLocker effectiveness and overall security depend on system configuration, security policies, and threat environment. HP TPM Guard is only available on specific PC platforms and may require a BIOS update.