What is TPM (Trusted Platform Module)?

TPM 2.0

What is TPM (Trusted Platform Module)?

TPM stand for Trusted Platform Module. It is a discrete or firmware chip in modern computers that provides hardware-based security to generate, store and protect encryption keys. TPM is also known as ISO/IEC 11889.

TPM generally installed on a motherboard of a computer that communicates with the entire system through a hardware bus. TPM cannot control the SOFTWARE that is running on a system.

TPM is available in two versions: 1.2 and 2.0. The latter is the more suitable system, and that is the type of TPM processor required for Windows 11.

What does a TPM do?

TPM is a microcontroller chip that guards the platform (PC or Laptop) against intruder attacks through securing artefacts and authenticates the platform in case of intrusion with these available artefacts. 

These artefacts can be in the form of passwords, certificates, or encryption keys.

Basically, this chip does the function of authentication and attestation to ensure safer computing in all environments.

TPM Chip contains an RSA key pair called Endorsement key. The pair is maintained inside the chip and cannot be accessed by any software. The storage root key is generated when some take ownership of the platform. A second key called the attestation identity key safeguards the platform from unauthorized attacks. 

RSA is a public-key encryption method that is extensively used to secure sensitive data, particularly when it is transmitted across an insecure network such as the internet. RSA stands for Rivest Shamir Adleman Encryption.

Why you need TPM for Windows? 

First Reason:

TPM checks the integrity of the operating system before it is loaded. This ensures that your system's Operating System is not compromised by malware or rootkits.

A rootkit is a sort of malware that is made to dwell in your operating system undetected. It frequently loads into your operating system during boot time and infects the bootloader or kernel. This allows a hacker to obtain unexpected access to your machine. 

Second Reason:

TPM is derived from a chip on your motherboard. It is a dedicated CPU that performs hardware encryption, allowing users to sign in with Windows Hello and use BitLocker.

As this chip is also utilized by the Windows Hello program and protecting biometric data captured by this program is indeed a potential risk. Storing such information on your computer is a threat within itself. In the lacking of dedicated encryption hardware, such data is most likely to be hacked and dedicated encryption firmware is much more difficult to crack than software methods.

In computing, firmware is a sort of computer software that provides low-level control over the hardware of a device. Firmware, such as a personal computer's BIOS, may simply include the most basic operations of a device and may only provide services to higher-level software.

How many types of TPM are there?

There are mainly two types of TPM – one is discrete dTPM & another is Firmware fTPM. 

(There are three more types of TPM but they are out of scope right now.)

Discrete TPM: dTPM is a dedicated chip that implements TPM capabilities in its own tamper-resistant semiconductor packaging.

Firmware TPM: This type of TMP is a firmware (UEFI) based solution that runs in the ambit of CPU.

TPM is implemented in system firmware using the Intel Platform Trust Technology (PTT) and AMD Platform Security Processor (AMD PSP fTPM). PTT & AMD CPU fTPM enables low cost and lower power devices to support the same root of trust concepts enabled by hardware-based TPM. In other words, Intel and AMD both have already implemented this technology in their many CPU after 2013.

It is managed through UEFI BIOS only.

Does My PC Already Have TPM 2.0? 

Method-1

  • Run the following command to see if your computer has a TPM 2.0 chip.
  • Press Window Icon + R key together 
  • Then type “tpm.msc”
  • It will display the status of TPM in your system.

Method-2

  • Press Windows Key + X, Now Select Device Manager from the Menu 
  • Click Security Devices 
  • If it shows Trusted Platform Module 2.0
  • Then your system is TPM ready.

In most of the computers, this facility remains off and if you find the negative result on both the way then you have to make it on in the BIOS / UEFI settings.

How to Enter the BIOS on a Windows 10 PC to turn on TPM?

If you want to get into BIOS, hold down the shift key while clicking on shutdown in the power icon options. This will disable Windows 10 fast startup and force the computer to turn off completely.

Now to enter the BIOS on a Windows PC, press the BIOS Key (DEL, F1, F2, F10, or F12) as specified by the motherboard manufacturer during the start of the system.

******

Comments

Popular posts from this blog

WHAT SIDE OF THE PAPER DOES THE PRINTER PRINT ON ?

Metaverse a Virtual Universe Parallel to Real Universe

Keyboard Types, Layout & Technology