分析了可信平台模块(TPM)2.0密钥复制相关流程,对于其中存在的密钥隐私泄露的安全问题进行了改进.在用户不安全复制传输情形下,从TPM管理者的角度出发提出了一套基于TPM自身的加密传输协议.通过利用TPM自身产生安全密钥,对未受保护的用户敏感数据进行加密,并通过签名的方式保障传输的可靠性.本文描述出了安全增强方案的实现方式,证明了其安全性和有效性,同时对性能进行测试,结果表明本方案开销与原始方案保持在100ms以内,不会对实际性能造成影响. This paper analyzes the related process of Trusted Platform Module (TPM) 2.0 key duplication, and improves the security of key privacy leak in it.Under the condition of user insecure duplication transmission, from the point of view of TPM manager, Based on the TPM’s own encryption and transmission protocol, TPM encrypts the sensitive data of unprotected users by using the TPM itself to generate the security key, and the reliability of the transmission is guaranteed by signature.This paper describes how to implement the security enhancement scheme , Proved its safety and effectiveness, and tested the performance at the same time. The results show that the cost of this solution remains within 100ms from the original solution without any impact on the actual performance.