What is TPM and how to use it on Windows 10? Safety is one of our main concerns not only in our home or when we go out, but also in the different devices we use every day. We are talking about our mobiles and computers. They are full of data, and that’s why we have to protect our personal information from the outside world. Microsoft has TPM (trusted platform module) technology and we are going to explain how to use it.
- How to enable DNS over HTTPS protocol in Windows 10?
- How to open ports in Windows 10 Firewall?
- How to use Windows 10 like a pro: All keyboard shortcuts
What is TPM and how to use it on Windows 10?
Windows 10 TPM is a hardware and software based solution from Microsoft that is part of the computer startup process and it protects our data by preventing anyone from accessing stored information. TPM chips are increasingly used and are physically separated from the main CPU but attached to the main circuit of the computer. Thus, when the software generates a key or a certificate of encrypted data, this information is stored in the TPM of the computer.
TPM stands for Trusted Platform Module, it is a hardware chip that includes several physical security mechanisms that allow your computer to be protected. The chip is a secure cryptography processor “designed to perform cryptographic operations”. To achieve this, it includes several security mechanisms that ensure even if there is malware or a virus on your computer, it won’t be able to reach TPM.
Windows’ TPM technology allows us to store encrypted keys to protect the information. Its main mission is to store keys or encrypted information about our credentials, which will allow us to have this information in a much more secure environment, an environment that will not be accessible in most cases.
Since 2016 it is mandatory to implement TPM 2.0 in the hardware of computers using Windows. All manufacturers launching tablets, mobiles or computers compatible with Windows 10 will have to have the TPM security module to achieve the corresponding certification from Microsoft.
This change in the requirements for hardware certification is a security improvement for the end-user, something that Windows has been working on, as we can see with other measures such as Windows Defender or multi-factor authentication. In this case, the obligation to include TPM 2.0 in all their computers responds to the need to protect our information from possible external attacks.
How to know if our equipment is compatible?
The first thing we will have to do is open the Run window in Windows and then we can check it.
- Press “Windows + R”
- The Run window will open in the lower-left corner
- Write tpm.msc
- Click on OK
This will open the TPM Secure Platform module on the local computer. Specifically, you will open the TPM management or configuration window and see if it is compatible or not. From here we can create the password, block or allow commands or clear the TPM. We will be able to manage the “added” security in the computer if we learn to handle all the functions in this window.
Benefits of using a computer with TPM
Now we know what TPM is, the next step is to learn its benefits when you are working on a Windows 10 PC. There are many benefits of working on a computer that has a TPM chip installed, as specified by Windows. For example, if we make arrangements with the administration that require certificates, electronic signatures or other cryptographic solutions, it protects the values of the PIN to use a certificate. It also protects the computer against attacks, as in the event of a threat, the private key associated with the certificate cannot be copied from the device.
Using a computer with TPM will help us obtain security similar to that of physical smart cards, without having to have a smart card reader. And, as we have seen, it will also be important in the case of using BitLocker or Windows Hello type applications for companies. In short, being sure that our encrypted data is not in danger always gives us a plus of peace of mind, and that’s why Microsoft has wanted to ensure, forcing manufacturers who want to use Windows 10, to install this technology.
Can I delete the TPM?
We are not talking about removing it from our computer, but you can delete the TPM keys in some cases. For example, as a preliminary preparation of our computer before performing an installation of a new operating system. We can delete all the keys stored in the TPM so that the installation is clean and the new operating system can implement all the functionalities based on this security technology. Deleting the TPM will restore it to a non-proprietary state, so when it starts up again, Windows 10 will take possession of it again.
We have to take into account that deleting these keys will cause us to lose keys and data protected by the TPM, such as logins, PINs or virtual smart cards, so we have to make sure we have backups or recovery of those data first. And also that we should not do it in a computer that is not of our property, if we are at work or at the university, for example.
The process to perform this deletion is very simple. We open the Windows Defender application. We click on Device Security, enter Security Processor Details (where we can see the TPM information or its status in case we need it for any other check), look for the Security Processor Troubleshooting option and, once inside, click on Delete TPM. After this, it will ask us to restart the computer to finish the task. This way, you’ve learned what is TPM and how to use it on Windows 10.