You can run the following cmdlet in an elevated PowerShell session. Lastly, if you are using BitLocker to encrypt disk as a way to wipe out old SSD drives, you will need to clear the TPM to destroy the encryption key so no one can recover it. Secondly, since there are ways to extract BitLocker keys from a TPM, it’s better to be safe to clear TPM on a computer you are about to dispose of. Not saying that not-cleared TPM will screw up the system but it’s just better with a clean TPM. Why do we need to clear TPM?įirst of all, if you are to start a clean installation of a new Windows system on a used computer, clearing TPM ensures that the new system can fully deploy any TPM-based functionality. If you see the “false” on TpmPresent, sorry, you don’t have the TPM chip on the motherboard. The “false” on TpmReady means that I have the TPM chip on my motherboard but I will have to enable it in BIOS before I can use it. To check the status of TPM on your computer, you can either use TPM.msc management console or the following PowerShell cmdlet on an elevated PowerShell session. Moreover, Windows 10 makes extensive use of the TPM and integrate it deeply inside the Windows system for its security enhancements such as Device Guard and Windows Hello for Business. You can still use BitLocker to encrypt an entire disk on a computer that doesn’t have a TPM chip but you will end up typing in the long passphrase every time you turn it on. That’s why BitLocker usually works way better on a computer with a TPM chip. But for older hardware, why pull another Vista at the worst time?" another Twitter user wrote.TPM, Trusted Platform Module, is a chip embedded on your computer motherboard that helps enable tamper-resistant full-disk encryption without the need of an extremely long complicate passphrase. For new PCs/motherboards, it should be included. “I work at Microsoft (not on Windows), and I think the TPM requirement is stupid for upgrading users. “Microsoft, can you not impose a TPM requirement during a silicon shortage? Especially considering most desktop motherboards support TPM only as a purchasable accessory," he wrote. Shen Ye, Senior Director of Global Head of Hardware Products at HTC Vive, questioned Microsoft’s move on Twitter. “Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust," he added.īut adding such a requirement could make it more difficult to produce affordable PCs.
“PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states," Weston said in his post. But Microsoft is changing that, saying any Windows 11 user should at least have access to such a chip. The rationale seems simple - a PC that may be used for work or enterprise use cases needs this chip.
0 kommentar(er)
