Show Mobile Navigation

Saturday, January 07, 2017

, , , ,

How to Check if your Computer Has a Trusted Platform Module (TPM) Chip

Oyetoke Tobi - Saturday, January 07, 2017

Trusted Platform Module (TPM) Chip hardware provides a tamper-resistant way to keep encryption keys on a computer. TPM is usually required to enable and use encryption features like BitLocker inn Windows 10, 8, and 7. 

What is Trusted Platform Module (TPM)?

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator. It also includes capabilities such as remote attestation and sealed storage.

What is TPM Chip?

It’s a chip on your computer’s motherboard that helps enable tamper-resistant full-disk encryption without requiring extremely long passphrases. The TPM generates encryption keys, holding part of the key to itself. So, in case you’re using BitLocker encryption or device encryption on a computer with the TPM, part of the key is kept in the TPM itself, rather than just keeping it on the disk only. This means that an attacker can’t just remove the drive from the computer and try to access its files somewhere else.

The TPM chip provides hardware-based authentication and tamper detection, so that an attacker won’t try to remove the chip and place it on another motherboard, or meddle with the motherboard itself to attempt to bypass the encryption.

Here’s how to check whether your PC has a TPM chip, enable your TPM if it’s disabled, or add a TPM chip to a PC without one.

How to Check if your PC has TPM with the TPM Management Tool

The first thing to do here is to check whether your PC is using a TPM. Windows 10 has a built in TPM management tool. The TPM management tool will show you whether your PC has a TPM or not. So to open it, press the Windows+R keys on your keyboard. Then a run dialog window box will open. Now enter “tpm.msc” in the textbox and press Enter to open the tool.

If your PC supports for TPM, you’ll be able to see information about the TPM in the PC which includes a message at the bottom right corner of the window. The message indicates which TPM specification version your chip supports.

However, in case you see a “Compatible TPM cannot be found” message instead, then your PC does not have a TPM.

How to check if your Computer TPM Hardware is Disabled

It’s very likely that the TPM chip in the computer’s UEFI firmware or BIOS is disabled in some computers. If the TPM chip is disabled on your PC, that means it’s deactivated and won’t appear in Windows at all even if the PC actually have the hardware.

To know whether you have a disabled TPM hardware, you’ll need to boot your PC into BIOS or UEFI settings screen. The precise procedure in doing this is different on every PC. Some modern PCs like Windows 10 or 8 requires you go through the advanced startup options menu, while some others still requires you to press a special key such as Delete, F12, or Escape during the boot-up process. So refer to your computer’s documentation for more information about, or check your motherboard’s documentation if you built the PC yourself.

In the settings, go through the settings menu and look for any option named “Trusted Platform Module”, “TPM”, “TPM Support” or anything that’s related to TPM.

Once you’ve found it, enable it from there if it’s disabled, then save your settings, and reboot your PC. Then from there TPM will now be available for use on Windows.

TPMs chip also appears in the Device Manager, so ensure that your TPM isn’t also disabled in the Device Manager too. In case you can’t find TPM listed under Security Devices in Device Manager, and there isn’t any option related to TPM in the BIOS, your PC probably don’t have one.

How to Add a TPM Chip to a PC

In case the PC was built by yourself, you may have and able to add a TPM chip to it. You can ust purchase a TPM chip that’s sold as an add-on module. You’ll need the one that supports the exact motherboard you are using for your PC.

Laptops and desktop PCs you buy off the shelf usually have a TPM chip that’s being soldered permanently attached to the motherboard. It’s not possible to add TPM chips to an older PC that doesn’t have the hardware to accept one. You can check your motherboard manufacturer’s documentation for more information about whether your PC supports a TPM chip or not and which one it requires.



0 comments:

Post a Comment