What Is TPM and How to Enable TPM 2.0 on Your PC? Advantages of TPM
Microsoft has significantly increased the system requirements for their new operating system Windows 11 when compared to previous versions of the operating system.
A 1GHz processor and at least 4GB RAM are required for the latest OS upgrade, but that’s not all. TPM requirements are almost certainly going to be required in Windows 11.
Following the release of Windows 11, users rushed to download Microsoft’s PC Health Check software to see if their systems could be upgraded to the new operating system.
Unfortunately, a large number of people received a message that their computer is not capable of running Windows 11.
This error indicates that you should haven’t TPM enabled on your PC.
To begin with, what exactly is TPM?
And how do you enable TPM on your PC so that you can get the most recent version of Microsoft’s operating system?
Here’s everything you need to know about TPM, how TPM work, how to determine whether or not your TPM version is compatible with Windows 11, what they’re useful for and how to enable TPM on your PC.
What Is TPM?
TPM is an additional layer of security at the hardware level.
TPM stands for Trusted Platform Module, and it is a hardware-based security solution. The Trusted Platform Module is a one-of-a-kind hardware-based security solution that installs a cryptographic chip, also known as a crypto processor, on the motherboard of a computer.
This physical hardware chip secures the device by storing encrypted data and ensuring a safe boot environment. The cryptoprocessor is directly installed on the motherboard and protects your computer from viruses and other threats.
It’s also an important part of Windows security software, such as Bitlocker drive encryption.
This chip protects sensitive data and defends against hacking attempts made possible by a computer’s hardware.
TPM chips are currently pre-soldered onto the motherboards of the majority of PCs, and each TPM contains computer-generated keys for encryption.
This TPM chip enables BitLocker Drive Encryption, Windows Hello PINs and biometrics, and PC hardware tamper prevention.
According to Microsoft, PCs running Windows 11 must have at least TPM 1.2 installed. TPM 2.0, on the other hand, is the recommended bare minimum.
TPM 2.0 was first released in 2015, but it is expected that most current PCs will have it. It is commonly enabled by default on most PCs and may be found in the majority of new systems bought in the past few years.
This isn’t always the case, particularly with older computers and gaming PCs.
Through BIOS settings, gaming computers, in particular, enable secure boot and Intel Platform Trust Technology (PTT).
In any case, you’ll need to determine which TPM version is installed on your PC motherboard.
What Is the Function of TPM?
We now understand what TPM is. We’ve seen that this chip handles fingerprint encryption, other biometric data encryption, and even Windows BitLocker.
TPM generates a pair of encryption keys, securely stores a portion of each key in the device, and detects tampering attempts.
It means that a portion of the private encryption key is stored in the TPM rather than on the disc.
As a result, if a hacker gains access to your computer, it will be unable to view the data stored on it.
Hackers will be unable to defeat encryption and gain access to the disc contents even if the TPM chip is removed or the disc is accessed on a different motherboard.
Each TPM is associated with a unique initialization signature during the silicon fabrication process, which improves its security efficacy.
To use a TPM, it must first have an owner, who must be physically present when the TPM is taken possession of. A TPM cannot be triggered in the absence of these two requirements
The Advantages of TPM
TPM provides a high level of trust and integrity, allowing for identification, identity verification, and encryption on any device that supports it.
TPM not only protects standard home PCs, but it also has benefits for businesses and high-end IT systems.
Here are a few of the most important applications for TPM.
1. Malicious Boot Loader Malware Is Safeguarded
Advanced malware can infect or rewrite the bootloader before any antivirus software can react.
Some viruses can even virtualize your operating system, allowing them to spy on you while remaining undetected by internet security measures.
A TPM safeguards the system by first verifying the boot loader and then allowing an Early Launch Anti-Malware to run.
By ensuring that your operating system has not been tampered with, you add an extra layer of security.
If TPM detects a breach, it simply refuses to start the machine.
2. Encryption of Data
Unencrypted data transactions continue to be common, despite increased security awareness.
TPM protects even plain-text data by encrypting it with a combination of software and hardware techniques.
3. Secure Storage
You can safely store encryption keys, certificates, and passwords required to access online services inside a TPM.
This is a better option than storing them on your computer within the software.
4. Digital Rights Protection
TPM chips provide copyright protection for digital media transmitted to hardware such as a BR player,set-top box, etc, making them a haven for media companies.
TPM chips manage digital rights, allowing creators to distribute content without fear of infringement.
5. Quarantine Procedure
Another fantastic feature is TPM’s automatic transition to Quarantine mode in the event of a compromise. If the TPM chip detects a breach, it enters Quarantine mode, which allows you to study the incident.
Other benefits of TPM in are includes
- Passwords and other digital credentials are stored in hardware-based vaults.
- Access is restricted by encrypting files and folders.
- Smart cards, fingerprint readers, and keyless entry systems can all be upgraded to support multi-factor authentication.
- The management of keys has been simplified.
- Passwords are easy to create.
- It can be combined with Full Disk Encryption to completely restrict access to sensitive data.
- Making use of a highly secure VPN, remote and wireless access to the system can be controlled.
- Encrypt state information before hard disc termination to ensure endpoint integrity.
How Do You Know What TPM Version You Have?
When using BitLocker to encrypt the hard disc, a TPM is typically built into the motherboard of most Windows 10 PCs to securely hold the encryption keys.
Checking your TPM version is simple.
The Run window can be opened by pressing the Windows key + R combination or by typing in the Windows search box.
Then, type tpm.msc and press the Enter key.
If you enable the functionality, a second screen, the TPM Management screen, will appear, displaying additional information.
The Trusted Platform Module (TPM) Management tool will be launched, which is a built-in feature.
If the TPM is installed, you can view the manufacturer’s information about it, including its version.
If your machine lacks a TPM or has been turned off in the BIOS/UEFI, you’ll get a similar warning that “a Compatible TPM cannot be found.”
TPM availability can also be checked in Device Manager.
To do so, launch Device Manager and navigate to the Security Devices section.
If you have TPM installed on your computer, it is listed here, along with its version.
How Do You Upgrade from TPM 1.2 to TPM 2.0?
If a TPM 1.2 chip is found, you may be able to upgrade to TPM 2.0.
The precise steps for updating TPM 1.2 to TPM 2.0 depend on your hardware, manufacturer, and firmware.
If you search for your hardware type and the term “upgrade TPM 1.2 to TPM 2.0” on the internet, you may find some useful search results that will guide you through the procedure that applies to your device.
Related: How Do Install Windows 11 on an Unsupported Computer?
How to Enable TPM 2.0 in BIOS?
If you have a modern computer that does not show the TPM management screen, your machine most likely supports TPM but has not yet been activated.
This is much more likely if you have a PC that you built yourself. Hope you understand the TPM terminology and never wonder what is TPM in BIOS when you see its settings.
To enable TPM, navigate to the BIOS settings and look for the TPM setting.
Your BIOS settings will differ depending on the manufacturer and model of your motherboard but look for an option that says TPM or PTT (Platform Trust Technology), which is usually found under an ‘Advanced‘ tab somewhere.
TPM 2.0 is also referred to as Security Device, Security Device Support, TPM State, AMD fTPM switch, AMD PSP fTPM, Intel PTT, or Intel Platform Trust Technology.
If you’re not sure if you’re checking the proper box for TPM 2.0 settings, see the support manuals for the manufacturer that built your PC.
After activating TPM, double-check the TPM version to ensure you’re ready for Windows 11.
The following video will give you a general idea of how to enable TPM in UEFI/BIOS.
As previously stated, BIOS settings may differ from one manufacturer to the next.
We should be able to figure out a general procedure for enabling or configuring TPM in your BIOS settings.
- Before booting into the operating system, access the BIOS settings.
- Locate the security tab in the BIOS settings.
- If your motherboard supports TPM, you will have the option to enable it here.
- Exit after saving the settings.
Hardware security is just as important as software-based security solutions, and it can be accomplished by encrypting your data.
This high level of security is achieved in modern PCs by incorporating TPM or cryptoprocessor chips into their motherboards.
Other security features of TPM include key generation, password and certificate storage, and encryption keys.
When it comes to hardware security, a small TPM chip promises a high level of security.
If your computer has a built-in TPM 1.2 chip or higher, all you need to do to install Windows 11 is enable the TPM.
TPM enabling differs depending on the motherboard’s manufacturer and model. Look through your computer’s manuals for proper instructions.
The availability of TPMs varies by motherboard, but they are standard on the majority of new devices.
Microsoft has mandated the use of TPM 2.0 chips in all new devices since 2016.
If you have an older PC that lacks a TPM chip and wants to install Windows 11 with future security updates, your only option is to upgrade your motherboard or PC.
We hope you found this post useful, and please like and follow us on Facebook and Twitter for regular updates.
We also request that you bookmark this page for future usage. Sign up for our free newsletter as well to receive new information in your inbox regularly and stay technically up to date.