Trusted Platform Modules (TPMs) have been around for a while. A lot of laptops and even phones built after 2006 come with a TPM inside them. This has been happening for 15 years with no one the wiser. Laptop sellers never bothered to mention what version of TPM a laptop had until now. Thanks to the all-new Windows 11, the TPM acronym is on everyone’s lips now and sellers have seized on it. But what really is TPM?
Just to be clear this is not a computer science class we are only going to look at basic features of TPM here as well as a brief history. As already stated TPM stands for Trusted Platform Module. Basically, it’s a chip (or a software implementation thereof) designed to help make your hardware and by extension your entire system more secure. Usually, it comes with built cryptographic keys too.
So what are the use cases for TPM? As already said it is meant to make sure that the platform behaves as intended. For example, it ensures that the boot process is not compromised by enhancing UEFI or making UEFI possible. If there is a change in the system e.g. you change the fingerprint reader or camera the system’s TPM registers these changes securely and the system can decide what to do based on these changes.
TPM can also be used to make technologies such as Linux Unified Key Setup (LUKS), BitLocker and PravateCore more secure. For example, BitLocker which offers full disk encryption can rely on TPM to protect its encryption keys and ensure that no one tries to bypass it in order to brute-force their way into the system. It can also be used to make password authentication safer. Take for example a normal Windows installation, you can just boot into a live Linux environment and try to guess/remove the password. This would be thwarted if you have TPM.
A note about China
It appears China doesn’t like TPM that much probably because it would interfere with their snooping and makes them reliant on another piece of US technology. To prevent this Chinese computers can only have a Hengzhi chip also known as TCM (Trusted Cryptography Module). It’s not clear whether Windows 11 will work on TCM machines though. The use of TPM is also restricted in Russia, Belarus and Kazakhstan. All these governments require you use the TPM module only to ensure integrity and UEFI. Full disk encryption is frowned upon.
How to check for TPM on your computer
As already said, the easiest way to see if your computer is compatible with Windows 11 is to download and run the Microsoft PC Health Check program from the link here. So if you just want to see if your computer is recommended for Windows 11 use the health checker as your first port of call. Just to be clear, you can still install Windows 11 even on a computer that doesn’t meet the required minimum settings. Just don’t expect a smooth experience.
Anyway, on Windows you can see if you have TPM 2.0 (the latest version of TPM) by following these steps:
- Open the run program dialog by pressing the Windows Key + R
- Type the following tpm.msc in the dialogue and press the enter/return key
- You will get a dialogue that tells you that TPM is ready for use as well as a specific version at the bottom
- If your computer doesn’t have TPM you will get a dialogue with an error telling you that TPM could not be found.
If you are on Ubuntu/Linux in general like me you can follow these simple commands:
- Open a terminal
- Type dmesg |grep -i tpm
You will get something like this:
As you can see I have the latest version of TPM on my laptop.