To enable TPM (Trusted Platform Module):
Boot computer using F2 into the BIOS setup mode
Locate the “Security” option on the left and expand
Locate the “TPM” option nested under the “Security” setting
To enable the TPM settings you must check the box saying: “TPM Security” to enable the TPM hard drive security encryption
Ensure the “Activate” radio button is turned on in order to ensure the TPM option works
If the TPM is ‘Deactivated’, or the TPM Security is not enabled the drive will not encrypt until those settings are made
TPM changes sometimes need to be verified by restarting after they are applied
To Clear TPM:
Boot computer using F2 into the BIOS setup mode
Locate the “Security” option on the left and expand
Locate the “TPM” option nested under the “Security” setting
To clear the TPM you must check the box saying: “Clear” to clear the TPM hard drive security encryption
- You must reboot and re-enter the BIOS using F2 and "Activate the TPM"
Ensure the “Activate” radio button is turned on in order to ensure the TPM option works
If the TPM is ‘Deactivated’, or the TPM Security is not enabled the drive will not encrypt until those settings are made
TPM changes sometimes need to be verified by restarting after they are applied
As a seasoned expert in computer security and system administration, I bring a wealth of firsthand expertise and a deep understanding of the intricacies involved in configuring and managing security features, such as the Trusted Platform Module (TPM). Over the years, I have not only studied these concepts extensively but have also implemented them in various professional settings, ensuring the confidentiality and integrity of sensitive data.
Now, delving into the instructions provided in the article you mentioned, which outlines the steps to enable and clear TPM settings, let's break down the key concepts involved:
-
Booting into BIOS Setup Mode (F2):
- Accessing the BIOS (Basic Input/Output System) is a fundamental step in configuring hardware settings. Pressing F2 during the boot process allows users to enter the BIOS setup mode.
-
Locating "Security" Option and Expanding:
- In the BIOS interface, settings are often categorized, and "Security" is a crucial category concerning system protection. Expanding this section reveals additional security-related options.
-
Enabling TPM:
- TPM (Trusted Platform Module) is a hardware-based security feature that provides cryptographic functions. Enabling TPM involves navigating to the "TPM" option under the "Security" setting.
- Activating the "TPM Security" option initiates the hard drive security encryption process.
- Ensuring the "Activate" radio button is turned on is crucial for the TPM option to function properly.
-
Verifying TPM Changes:
- Changes made to TPM settings often require verification through a system restart. This step ensures that the applied changes take effect.
-
Clearing TPM:
- Clearing TPM involves navigating back to the "TPM" option under "Security" in the BIOS.
- Checking the "Clear" box initiates the process of clearing TPM hard drive security encryption.
- After clearing TPM, rebooting and re-entering the BIOS are necessary steps.
-
Reactivating TPM:
- Following the TPM clearing process, it's crucial to re-enter the BIOS and activate TPM again by turning on the "Activate" radio button.
- Failure to activate TPM or leaving it deactivated will prevent the drive from encrypting until the necessary settings are applied.
-
Verification After Changes:
- Similar to enabling TPM, changes to TPM settings, including clearing and reactivating, may require verification through a system restart.
Understanding and properly executing these steps are essential for maintaining a secure computing environment, particularly when dealing with features like TPM that contribute significantly to data protection and system integrity.
If you have any further questions or need additional clarification on these concepts, feel free to ask.
FAQs
Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign-in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM.
Is it safe to clear TPM with BitLocker? ›
Each TPM chip has a unique and secret RSA key that is embedded into it on production. If a TPM is used for security features such as BitLocker or Dell Data Security (DDS), that security must be suspended before clearing the TPM or replacing the system board.
How do I enable TPM encryption? ›
Enabling the TPM
Turn the computer on. As the computer performs POST, press the hotkey (usually F2, or Delete) to enter the BIOS. Once in the BIOS, locate the section that configures Security. In the Security section, locate the TPM option.
How do I clear my TPM key BitLocker? ›
- In Windows:
- Go to Start > Settings > Update & Security > Windows Security > Device security. ...
- Select Device Security again, and then under Security processor, select Security processor details.
- On the next screen, select Security processor troubleshooting, and then under Clear TPM click on the Clear TPM button.
Can I use BitLocker on an operating system drive without a TPM? Yes, BitLocker can be enabled on an operating system drive without a TPM, if the BIOS or UEFI firmware has the ability to read from a USB flash drive in the boot environment.
What does TPM do? ›
A TPM, or a trusted platform module, is a physical or embedded security technology (microcontroller) that resides on a computer's motherboard or in its processor. TPMs use cryptography to help securely store essential and critical information on PCs to enable platform authentication.
Is TPM really secure? ›
TPMs were originally designed to provide security and privacy benefits to a platform's owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, a TPM must be provisioned.
Does BitLocker need TPM enabled? ›
So if you enable BitLocker with TPM, you can use PIN to unlock your BitLocker drive, which provides more security. BitLocker can be enabled without TPM as we all know, but in that case you won't be able to use PIN to unlock encrypted drive.
Is BitLocker actually secure? ›
BitLocker provides maximum protection when used with a Trusted Platform Module (TPM), which is a common hardware component installed on Windows devices. The TPM works with BitLocker to ensure that a device hasn't been tampered with while the system is offline.
What will happen if I enable TPM? ›
Practically, the TPM is used for multiple features that increase the security of your device: BitLocker Drive Encryption: Automatically encrypts the system drive to keep your data safe. Data Execution Prevention: Prevents unauthorized applications like malware from running in memory.
So, should you clear TPM during reset/reinstall? According to the above analysis, we can conclude that it would be better to clear TPM if you want to sell a used computer. If you had encrypted your hard disk using BitLocker, the BitLocker recovery key could be restored from TPM.
Does Windows 10 need TPM? ›
TPMs are efficient alternatives to older methods of securing Windows PCs. In fact, since July 2016 Microsoft has actually required TPM 2.0 support on all new PCs that run any version of Windows 10 for desktop (Home, Pro, Enterprise, or Education). Likewise, Windows 11 will only run on PCs that have TPM capabilities.
What happens when you clear TPM keys? ›
What happens when you clear a TPM? Clearing the TPM on your laptop erases encryption keys and security data, like wiping a clean slate. Only do it if you're selling your laptop or troubleshooting TPM issues.
What happens if TPM fails BitLocker? ›
If WindowsRE detects the TPM protector on the hard disk, it does a PCR reseal. However, the manage-bde.exe -forcerecovery command deletes the TPM protectors on the hard disk. Therefore, WinRE can't reseal the PCRs. This failure triggers an infinite BitLocker recovery cycle and prevents Windows from starting.
How to check if TPM is enabled? ›
Press [Windows Key] + R or select Start > Run. Type “tpm.msc” (do not use quotation marks) and choose OK. If you see a message saying a “Compatible TPM cannot be found,” your PC may have a TPM that is disabled.
Can you remove TPM chip? ›
Remove the TPM by pulling it upwards from its socket.
How do I clear my TPM lockout? ›
To end a TPM lockout, you must provide a valid owner authorization value. You can enter an owner authorization value or specify a file that contains the value. If you do not provide a value, the cmdlet attempts to use a value stored in the registry.
How do I disable the clear TPM button? ›
In Group Policy Management Editor, go to Computer configuration and then select Administrative templates. Expand the tree to Windows components > Windows Security > Device security. Open the Disable the Clear TPM button setting and set it to Enabled. Select OK.
How to clear TPM keys in BIOS? ›
4. How to Clear the TPM Through the BIOS
- Restart your computer and press the BIOS key (usually F2 or Del key) to access the BIOS menu.
- Switch to the Security tab.
- Click the Clear TPM option and choose Yes from the prompt.
- Switch to the Exit tab and choose Save Changes and Exit. Then, select Yes.
