Trusted Platform Module (TPM) Overview

Learn about trusted platform module (TPM) technology, how it makes computers more secure, and why upgrading to TPM 2.0 is now imperative for all Windows 11 users.1

Key Takeaways:

  • A TPM is a security chip that resides on a PC’s motherboard or in its processor and applies security features to store sensitive information.

  • Most PCs purchased in the last five years are capable of supporting TPM 2.0.

  • Some users may need to enable TPM 2.0 on their device by accessing settings via the UEFI BIOS.

  • Windows 11 requires all PCs to use trusted platform module (TPM) 2.0.

author-image

By

What Is a Trusted Platform Module?

Businesses and consumers upgrading to Windows 11 will now benefit from new hardware-based security requirements that make their PCs more secure. One hardware-based security requirement is that all PCs running Windows 11 must have TPM 2.0 to run the operating system.2

A TPM, or a trusted platform module, is a physical or embedded security technology (microcontroller) that resides on a computer’s motherboard or in its processor. TPMs use cryptography to help securely store essential and critical information on PCs to enable platform authentication. They store a variety of sensitive information—such as user credentials, passwords, fingerprints, certificates, encryption keys, or other important consumer documentation—behind a hardware barrier to keep it safe from external attacks.

While the use of TPM technology has been part of enterprise IT for more than a decade, this is one of the first instances of Microsoft requiring its use for everyone, including for small and medium-sized businesses and consumers.

TPM implementations are typically designed to meet an international standard created by the Trusted Computing Group (TCG).TCG is a computer industry consortium that created the original TPM standard, which was later adopted by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and subsequently named ISO/IEC 11889.

How Does a TPM Work?

A TPM generates and stores parts of encryption keys for PCs.

For an example of how a TPM works, consider the power-up step for turning on a device, such as a laptop. When the device is powered up, the TPM authenticates it. The TPM provides a cryptographic key to unlock the encrypted drive, and if the key is validated, the computer will boot up as normal. If the cryptographic key is tampered with, the computer won’t start.

Why Do I Need a TPM?

Cyberattacks are at an all-time high and hackers’ abilities are becoming more sophisticated every day. TPM is a technology that can help businesses combat these attacks. Additionally, it’s important to have a PC capable of running TPM 2.0 to meet Microsoft’s new TPM 2.0 requirement for the Windows 11 operating system.

Windows 11 TPM 2.0 Requirement

Along with other processor, RAM, storage, and firmware requirements, using Windows 11 on a PC requires TPM version 2.0.

The TPM 2.0 requirement aims to elevate the Windows security baseline of the millions of individual PCs used around the world. Ultimately, this will help keep all computer users more secure while simultaneously making it much harder for hackers to commit cybercrimes.

Read more about the Windows 11 TPM 2.0 requirement.

How Do I Know If My PC Already Has TPM 2.0?

The good news is that if you have purchased a PC in the last several years, it’s highly likely that you already have a TPM capable of running TPM 2.0 installed on your computer. However, it’s possible that your TPM may have been turned off in the firmware by the computer manufacturer and may require you to enable it to meet the new requirement.

If your computer is based on the 8th Generation or later Intel® Core™ Processor family, you can rest assured knowing your system has Intel® Platform Trust Technology (Intel® PTT), an integrated TPM that adheres to the 2.0 specifications. Intel® PTT offers the same capabilities of a discrete TPM only it resides in the system’s firmware, thus removing the need for dedicated processing or memory resources.

Check to see if your specific Intel® processor model is supported on new Windows 11 devices.

How to Upgrade to TPM 2.0

If you purchased a PC recently, upgrading to TPM 2.0 should be relatively easy because your system should already have a TPM installed that is capable of running it.

Follow these recommended steps from Microsoft to enable TPM 2.0 on your PC:

1. Confirm your computer’s eligibility to upgrade to Windows 11.

2. After confirming eligibility, choose one of two options to check to see if your TPM meets the Windows 11 requirement.

  • Option 1: Use the Windows Security app.
  • Option 2: Use the Microsoft Management Console.

3. If you determine you need to enable the TPM on your machine, you will need to access settings that are managed in the UEFI BIOS.

  • If you are unfamiliar with how to make changes to TPM settings, we recommend checking your PC manufacturer’s support information. Links to support information for some common manufacturers include:

Staying Secure in Today’s Landscape Requires TPM 2.0

Cybersecurity today is anything but constant. Hackers are becoming more sophisticated by the hour. Attacks are accelerating, and the outrageous costs associated with cybercrimes and security breaches can easily put companies out of business. For businesses wanting to meet these challenges and stay secure, upgrading to TPM 2.0 is imperative. Not only does it provide deep, hardware-based security, but it also ensures your PC is ready to upgrade to Windows 11 when you’re ready to make the move.

Frequently Asked Questions

The Trusted Computing Group, a computer industry consortium that created the original TPM standard, defines TPM as, “A computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy.”1

TPM technologies generate and manage cryptographic keys that can be used to lock systems or sensitive information and protect them from intruders.

If you purchased a PC in the last five years, it is highly likely that your computer has a TPM chip and is capable of running TPM 2.0. However, it may have been disabled by your computer’s manufacturer. To see if your computer has TPM 2.0, visit your manufacturer’s website or follow these steps provided by Microsoft.

ข้อมูลผลิตภัณฑ์และประสิทธิภาพ

1Intel technologies may require enabled hardware, software or service activation. No product or component can be absolutely secure. Intel does not control or audit third-party data. You should consult other sources to evaluate accuracy. Your costs and results may vary. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.
2“Trusted Platform Module (TPM) Summary,” Trusted Computing Group, https://trustedcomputinggroup.org/resource/trusted-platform-module-tpm-summary/.