New
#1
Secure Boot and TPM (what does it do to the system drive)
Hi
I'm becoming more and more confused over TPM and perhaps to a lesser extent on Secure Boot. Sure, I've got both enabled on my PC but exactly what do they do, particularly TPM? Yes, the TPM stores keys (or parts of keys) and generally provides a higher level of security of which I fully approve. However, what I'm uncertain of is: what does it do to the System Disk? I've heard all sorts of people imply that it actually encrypts the system drive but I've not found anything definitive about this. I've read many articles hoping to get the answer but no-one is saying anything about this so can it be assumed that it doesn't encrypt the System Drive? What I do know is that it enables a disk to be encrypted using Bitlocker but beyond this I have little idea what it does. One thing I'm sure of is that the TPM does a lot more than my current understanding suggests.
There's also the question of what should be done when installing a new OS, Windows 11 for example. Should both Secure Boot and the TPM be disabled? Are there any other times that these two items should be disabled, for example when stripping the PC down ready for a re-build? Perhaps both items should be disabled before doing anything which changes its configuration, e.g. installing a new GPU or even a hard drive/SSD. I just don't know what the implications are with both Secure Boot and TPM enabled.
I'm hoping someone on this forum can help me on this matter and perhaps point me towards web pages that may explain it and help clear up my confusion. Any help would be most appreciated. Thank you.
Tracey
PS I'm currently on the latest version of Windows 10 (21H1) with all updates installed as they come in.