A
hardware root of trust is an inherently trusted hardware component (TPM, secure enclave) whose integrity is guaranteed by the manufacturer — forming the foundation of a chain of trust.
Chain of trust: hardware root of trust → bootloader → OS → applications. Each layer verifies the next. If the root of trust is compromised, the entire chain is untrustworthy. TPM is the most common hardware root of trust.