Bulk encryption capabilities of a TPM

["Saqib Ali" <docbook.xml () gmail com>]

I have a question regarding bulk encryption capabilities of a TPM
(Trusted Platform Module). I was reading IBM/Intel documentation on
use of TPM, and they mention that TPMs can perform bulk encryption.
However according to Atmel's (a manufacturer of TPM) documentation, it
seems like bulk encryption is NOT supported by their TPM chip. They
says this is due to the cost, and NOT due to technical reasons. So I
am confused.

Maybe IBM's definition "bulk" is different than Atmel's. When I hear
the word "bulk", it means several (100+) GB of data to me. Can anyone
please clarify if TPM is the best option for performing bulk
encryption or not.

My follow up question is, if the cryptographic engine of the TPM can
NOT be used for let's say encrypting a whole drive, how does the
external encryption module (hardware (ASIC) or software (wavesys))
accesses the wrapped encryption keys from the TPM?
- Do the wrapped encryption keys get decrypted in the TPM and get sent
to the external encryption module for a short period of time; or
- does the external encryption module access the unwrapped key from
the TPM, without actually possessing a copy of it.

If possible, please give scenarios with assymetric / symmetric bulk
encryption keys.
Thanks.

--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------