Windows 11 New System requirement TPM, What is it?

Microsoft announced the arrival of New Windows in the Market this 24th Jun 2021, with the announcement came to new Hardware System requirements to run Windows 11, I have written in detail about Intel Supported Processors and AMD support Processors for Windows 11, along with this there is also a detailed Minimum Systems requirement page here, but in this new requirements there is a mention of new system requirement i.e. What is Trusted Platform Module (TPM), what is it anyway? Let’s find out more about This TPM Module.

What is a TPM Module/ Chip

The TPM is a discrete cryptographic processor attached to a daughterboard that plugs into the motherboard. The TPM securely stores your cryptographic key which can be created with encryption software such as Windows BitLocker, the data on our PC will be safe not only from external software threats but also physical theft

Trusted Platform Module (TPM) Management is a new feature used to administer the TPM security hardware in your computer. The feature set includes the TPM Management console, and an API called TPM Base Services (TBS).

TPM is a security device that stores encryption keys and passwords to protect your system. The TPM is installed on the motherboard and communicates with the rest of the system using a hardware bus. Computers that incorporate a TPM have the ability to create cryptographic keys and encrypt them so that they can be decrypted only by the TPM. This process, often called “wrapping” or “binding” a key, can help protect the key from disclosure.

Computers that incorporate a TPM can also create a key that has not only been wrapped, but also tied to certain platform measurements. This type of key can only be unwrapped when those platform measurements have the same values that they had when the key was created.

How to Enable the TPM Module

If the TPM Chip is present in the motherboard, it can be enabled from BIOS, Under Advanced settings – > Security – > Trusted platform module, enable it.

Once enabled it has to be initialized on your computer, steps to initialize the TPM are:

Step 1: Turn on the TPM
Step 2: Set ownership in TPM

Step 1 Turn on the TPM: TPM must be initialized before it can be used to secure your computer

1. Click Start, click All Programs, click Accessories, and then click Run.
2. Type tpm.msc in the Open box, and then press ENTER.
3. If the User Account Control dialogue box appears, confirm that the action it displays is what you want, and then click Continue. For more information, see Additional resources at the end of this document.
4. The TPM Management console is displayed.
5. In the Actions pane, click Initialize TPM. The TPM Initialization Wizard is started.
6. Click Shutdown (or Restart), and then follow the BIOS screen prompts.
7. This ensures that the user is physically present and that it is not malicious software attempting to initialize the TPM.
8. After logging on to Windows, right-click the Windows Defender icon in the notification area, point to Run blocked program, and then click TPM Initialization Wizard.
9. If the User Account Control dialogue box appears, confirm that the action it displays is what you want, and then click Continue.
10. Continue with Step 2: Set ownership of the TPM.

Step 2: Set ownership of the TPM

To perform the following procedure, you must be logged on to a TPM-equipped computer with administrator credentials.

To set ownership of the TPM

1. On the Create the TPM owner password page, click Automatically create the password (recommended).
2. In the Save, your TPM owner password dialogue box, click Save the password.
3. In the Save As dialogue box, select a location to save the password, and then click Save. The password file is saved as computer_name.tpm.
4. Click Print the password if you want to print a hard copy of your password.
5. Click Initialize.
6. Click on close

Steps to Turn off the TPM

1. Click Start, click All Programs, click Accessories, and then click Run.
2. Type tpm.msc in the Open box, and then press ENTER. The TPM Management console is displayed.
3. If the User Account Control dialogue box appears, confirm that the action it displays is what you want, and then click Continue. For more information, see Additional resources at the end of this document.
4. In the Actions pane, click Turn TPM Off.
5. In the Turn off the TPM security hardware dialogue box, select a method for entering your password and turning off the TPM

Check your motherboard manual to see if your Motherboard supports TPM module, if your motherboard supports TPM Module you may need to purchase a TPM Module that supports your motherboard

ASUS Supported TPM Module

Gigabyte Supported TPM Module