TPM
Stands for "Trusted Platform Module."
TPM is a technology that enables hardware-based security functions. It requires a "crypto-processor," separate from the primary CPU, used exclusively for security purposes.
Some functions of a TPM chip include:
- Providing secure authentication
- Generating and storing cryptographic keys
- Encrypting and decrypting data
- Verifying and recording software loading operations
The TPM is a small chip, typically soldered onto a computer's motherboard. It has a unique ID, also called an Endorsement Key (EK), that cannot be changed. Because the key is unalterable and tied to the motherboard, it provides a reliable means of device authentication. However, replacing a motherboard on a TPM-enabled system may require reformatting the startup disk.
TPM 2.0
Windows 11 requires TPM 2.0 and a Secure Boot capable PC. These technologies work together to prevent unverified software from loading during the boot process. TPM 2.0 provides several security improvements over the previous standard, including:
- support for the SHA-256 hashing algorithm
- support for newer hashing algorithms (TPM 1.2 only supports RSA and the SHA-1)
- more consistent "lockout policy," defined at an OS-level
- a single semiconductor package (TPM 1.2 hardware may use discrete components)
Most Windows PCs developed after 2015 have TPM 2.0 chips, which require UEFI firmware. If TPM 2.0 is not enabled by default, it may be possible to enable it in the UEFI interface.
Test Your Knowledge