TPM 2.0: What is the Windows 11 chip and what is it for?

Windows 11 was presented by Microsoft recently and brings as one of its requirements the Trusted Platform Module 2.0 (TPM 2.0), a component that improves the security of the operating system. The existence of the chip is nothing new and the previous version of the device already appeared as a requirement in Windows 10.

However, not all PCs come with the secure boot feature enabled or present in their settings. As a result, many computers are receiving a negative diagnosis when they pass the Microsoft tool’s compatibility test. Check out what the TPM chip is and how to know if your machine has the technology.

What is TPM 2.0?

In short, the Trusted Platform Module, abbreviated as TPM, is a security chip used in motherboards that ensures more security for the operating system. In addition to state-of-the-art encryption, the component also comes with hardware enhancements to ensure tamper-resistance.

According to Microsoft, one of the main functions of the TPM is to manage the system’s encryption keys more robustly. Thanks to the use of physical solutions, the chip guarantees security in the use of the OS and can prevent certain types of security attacks that can be harmful to a PC with software-only solutions, such as antivirus.

Icon representing the TPM in Windows.

“The most common functions of the TPM are for system health measurements and key usage and creation,” explains Microsoft’s official website. “During the process of booting a system, boot code that is loaded (including firmware and operating system components) can be measured and written to the TPM.”

TPM 2.0 vs TPM 1.2

The use of mandatory TPM 2.0 in Windows 11 also promises to please government institutions and businesses. According to Microsoft, version 1.2 of the technology, which has appeared on PCs since the beginning of the last decade, has some limitations in the use of algorithms.

According to the company, TPM 1.2 “only allows the use of RSA and the SHA-1 hash algorithm”, which is being abandoned by some entities. On the other hand, TPM 2.0 supports newer algorithms, which promise to guarantee more performance in the generation of keys and digital signatures.

TPMExample of TPM module.

In addition, version 2.0 of the chip promises more cryptographic agility and a “more consistent experience” when using it in different applications. According to Microsoft, all “Windows 11 certified” systems will come with TPM 2.0 enabled to ensure state-of-the-art security right out of the box.

Does my PC have TPM 2.0?

While the news promises to be positive for new Windows 11 systems, the move is raising questions for users looking to upgrade Windows 10 to the new version of the system. After all, not all computers have the security chip enabled at the factory.

The good news is that Microsoft has encouraged the use of TPM 2.0 chips in processors and motherboards since the advent of the technology. With this, your PC may already have the novelty, but perhaps you have never looked for it or the chip is disabled. According to David Weston, director of system security at Microsoft, almost all CPUs from the last 5-7 years have TPM.

While verifying the presence of the chip on your PC is easy, enabling the use of TPM 2.0 can be more complicated for regular users. Below, see how to check if the security chip is enabled on your computer:

Checking the presence of a TPM chip in your computer

TPMWindows Powershell allows you to check the presence of the TPM chip.

  • Open Start Menu, search for Windows Powershell, right-click and open the program as Administrator.
  • Enter the command get-tpm and click the enter key

The option TpmPresent will display the True of False results. While the first indicates that the chip is present in your PC, False indicates that the system has not found the component in your computer or it is disabled.

the line TpmReady also displays True or False results. While true indicates that the chip is already active, False indicates that the component is not working..

How to check the TPM version

  • Open the start menu and search for “Device Manager”
  • find the tab “Security devices”
  • If your computer has TPM 2.0, the item will be listed as Trusted Platform Module 2.0.

Another way to check the presence of the item is through a system command. In this case, follow these steps:

WindowsPage displaying TPM status and version on Windows.

  • Press Windows + R keys to open Run
  • type it tpm.msc and click the enter button
  • A new tab showing the TPM status will open. The component version can be seen at the bottom of the page, under TPM Manufacturer Information.

My TPM is disabled. How to enable?

If your computer has not displayed TPM 2.0, the module may be disabled. If this is the case, you will need to access the computer’s BIOS to activate the chip, which is a more complicated process and varies depending on the hardware.

The BIOS access menu can be opened during computer startup, usually by pressing keys like F2, F10 or F12, but it depends on the motherboard or computer manufacturer. The menus also vary and the option to enable TPM 2.0 may also change depending on the brand of your components.

OMGOption to enable TPM on a Gigabyte motherboard with an AMD Ryzen processor.

THE Intel, for example, calls TPM 2.0 the PTT, while the OMG usually lists the component’s use with the acronym fTPM. Therefore, the name of the solution may vary depending on your processor.

Also, each motherboard manufacturer has a different BIOS menu. As a result, the location of the option to activate TPM 2.0 may also vary. In the image above, for example, you can see a Gigabyte motherboard menu, which places the option inside the “Peripherals” tab.

It is also worth noting that the TPM may be linked with secure boot mode and UEFI. So, this part of the BIOS is worth checking out when searching for the option. Another option is to look for your product’s instruction manual, which should also contain specific instructions on how to enable the functionality.

I don’t have TPM 2.0, now what?

If your computer does not have a TPM 2.0 chip, be aware that it is also possible to buy the component separately. However, the Windows 11 craze has ended up pushing the price of the security solution.

While the component could be found for about $15 in the United States, prices already reach $100 in some eBay offers, according to Tom’s Hardware. With that in mind, the tip is to wait and see how Microsoft will deal with the chip requirement in the final release of Windows.

Since the introduction of the operating system, Microsoft has changed the requirements of Windows 11 several times. In addition, the company released the preview of the system without the mandatory use of TPM 2.0.

With that in mind, it’s worth waiting, as there will possibly be ways to use the system without the need for a security chip. In addition, over time, the trend is that the price of the single component will return to normal, as Windows 11 is not expected to be fully released for everyone until 2022.

Leave a Comment