Safety is one of our main concerns not only in our home or when we go out, but also in the different devices we use every day. Among others, our mobiles or our computers. They are full of data and private information, keys or personal information. And that is why we want to avoid at all costs that this data falls into other hands. To protect users, Microsoft relies on TPM, its Trusted Platform Module technology.
Windows 10 TPM is a hardware and software-based Microsoft solution that is part of the startup process of a computer and that protects our data by preventing anyone from accessing the stored information. TPM chips are increasingly used and are physically separated from the main CPU but linked to the main circuit of the equipment. Thus, when the software generates a key or an encrypted data certificate, this information is stored in the TPM of the computer or tablet and prevents an attack from recovering it.
What is TPM?
TPM is Trusted Platform Module or, what is the same, Trusted Platform Module technology. A hardware chip that includes various physical security mechanisms that allow the computer to be protected. The chip is a secure cryptographic processor “designed to perform cryptographic operations.” To achieve this, it includes several security mechanisms that mean that even if there are malware or viruses on your computer, they do not pose any risk or changes in it.
What Windows TP technology or Secure Platform Module (or trusted) allows us is to be able to store encrypted keys to protect information. Its main mission is to store keys or encrypted information about our credentials, which will allow us to have this information in a much more secure environment, an environment that will not be accessible in most cases. Thanks to the fact that it is a hardware-based chip, it is much more complicated for someone to access our data since it will not be in memory.
Since 2016 , the implementation of TPM 2.0 in the hardware of computers using Windows is mandatory . All manufacturers that launch tablets, mobiles or computers compatible with Windows 10 will have to have the TPM security module to obtain the corresponding certification from Microsoft.
This change in the requirements requested for hardware certification represents a security improvement for the end user, something that Windows has been working on as we can see with other measures such as Windows Defender or two-step authentication. In this case, the obligation to include TPM 2.0 on all your computers responds to the need to protect our information from possible external attacks.
When we use a full disk encryption application , for greater protection of our files and data in Windows, they are using the TPM to perform these operations. By generating and storing the encryption keys on the chip itself and not on the hard drive, we make sure that if someone steals the drive and installs it on another computer, it won’t work, they won’t be able to access our data.
How to know if our equipment is compatible
To find out if our equipment is compatible with TPM or not, we can do it from the computer itself by following a few very simple steps. The first thing we will have to do is open the Run window in Windows and then we can search for it.
- Tap the Windows + R keys on your keyboard
- The Run window will open in the lower left corner
- Type tpm.msc
- Click OK
This will open the TPM Trusted Platform module on the local computer as you can see in the attached screenshot. Specifically, you will open the management or configuration window of the TPM and we will see if it is compatible or not. It may be automatically detected from the administration window and you can test, update, manage or view the encryption. From here we can create the password, block or allow commands or delete the TPM . We can manage the “added” security on the computer if we learn to handle all the functions in this window.
It may or may not appear. In the event that you do not have TPM on your computer you will see that, when you follow the previous steps, it appears “ The compatible Trusted Platform Module (TPM) cannot be found on this computer. Check that this computer has a TPM 1.2 or later and it is enabled in the BIOS ”. If this happens, restart your computer and enter BIOS setup to see if you can enable or disable the module.
Benefits of using a computer with TPM
There are many benefits of working on a machine that has a TPM chip installed, as specified by Windows. In many of our usual personal procedures it will be important, but it will also be important if we use more advanced or company features. For example, if we make arrangements with the administration that require certificates, electronic signatures or other cryptographic solutions, protect the PIN values to use a certificate. It also protects the computer against attacks, since in the event of a danger, the private key associated with the certificate cannot be copied from the device.
Using a computer with TPM will help us to obtain a security similar to that of physical smart cards, without having to have a reader for them. And, as we have seen, it will also be important in the case that we use applications such as BitLocker or Windows Hello for companies. In short, being sure that our encrypted data is not in danger always gives an extra peace of mind and that is why Microsoft has wanted to ensure, forcing manufacturers who want to use Windows 10, to install this technology.
Can I delete the TPM?
We are not talking about removing it from our computer, but you can delete the TPM keys in some cases. For example, as a preliminary preparation for our team before installing a new operating system. In that case, we can erase all the keys stored in the TPM so that the installation is clean and the new operating system can implement all the functionalities based on this security technology. Clearing the TPM will reset it to an unowned state, so Windows 10 will take ownership of it again when it starts up again.
We have to bear in mind that deleting these keys will cause us to lose keys and data protected by the TPM, such as logins, PINs or virtual smart cards, so we have to first ensure that we have backup copies or recovery of those data . And also that we should not do it on a computer that is not our property, if we are at work or at university, for example.
The process to carry out this deletion is very simple. We open the Windows Defender application. We click on Device Security, enter Security Processor Details (where we can see the TPM information or its status in case we need it for any other check), look for the option to Troubleshoot the security processor and, once inside, we click on Clear TPM . After this, it will ask us to restart the computer to finish the task.
