New
#1021
We need a PC with a TPM chip for testing.
We need a PC with a TPM chip for testing.
Try this:
Code:WMIC /namespace:\\root\CIMV2\Security\MicrosoftTpm path Win32_Tpm get /value|Find "PhysicalPresenceVersionInfo"
TPM can be on a chip or in firmware.
Some computer manufacturers may provide firmware upgrades.
What commands if any can indicate whether it is by chip or firmware?
Code:Microsoft Windows [Version 10.0.19043.1288] (c) Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>powershell get-tpm TpmPresent : True TpmReady : True TpmEnabled : True TpmActivated : True TpmOwned : True RestartPending : False ManufacturerId : 1229346816 ManufacturerIdTxt : IFX ManufacturerVersion : 4.32 ManufacturerVersionFull20 : Not Supported for TPM 1.2 ManagedAuthLevel : Delegated OwnerAuth : OwnerClearDisabled : True AutoProvisioning : Enabled LockedOut : False LockoutHealTime : Not Supported for TPM 1.2 LockoutCount : Not Supported for TPM 1.2 LockoutMax : Not Supported for TPM 1.2 SelfTest : {128, 0, 1, 255}
Code:C:\WINDOWS\system32>WMIC /namespace:\\root\CIMV2\Security\MicrosoftTpm path Win32_Tpm get /value|Find "PhysicalPresenceVersionInfo" PhysicalPresenceVersionInfo=1.2 C:\WINDOWS\system32>
Code:Log Collection... (V1.6.3) Getting TPM Status... TPMPresent : True TPMReady : True TPMEnabled : False TPMActive : True TPMVersion : 1.2 Press any key to exit.
Code:DateExecuted : Sat 10/23/2021 TimeExecuted : 2:07:08.45 TimeCompleted : 2:09:10.18 CPUArchitecture : AMD64 OSArchitecture : BIOSMode : Legacy CPUName : Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz CPUCoreCount : 4 Cores, 8 Threads CPUFrequency : 2701 DirectXVersion : DirectX12 InternetConnection : True MonitorResolution : 1920x1080 SecureBoot : TotalPhysicalRAM : 15GB TotalFreeSpace : 513GB TPMActive : True TPMEnabled : False TPMVersion : 1.2 WDDMVersion : 2.0 IsCompatible : False
Version 1.63 results look good.
If there is a command to determine whether the TPM is a chip or firmware may be useful in determining whether there are upgrade options.
https://www.dell.com/support/kbdoc/e...-and-bitlocker
Perhaps the people on Windows 11 Forum know if there is such a command.
Maybe this command is best for TPM as it appears to distinguishes chip from firmware:
tpmtool getdeviceinformation
Code:Microsoft Windows [Version 10.0.19043.1288] (c) Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>powershell get-tpm TpmPresent : True TpmReady : True TpmEnabled : True TpmActivated : True TpmOwned : True RestartPending : False ManufacturerId : 1229346816 ManufacturerIdTxt : IFX ManufacturerVersion : 4.32 ManufacturerVersionFull20 : Not Supported for TPM 1.2 ManagedAuthLevel : Delegated OwnerAuth : OwnerClearDisabled : True AutoProvisioning : Enabled LockedOut : False LockoutHealTime : Not Supported for TPM 1.2 LockoutCount : Not Supported for TPM 1.2 LockoutMax : Not Supported for TPM 1.2 SelfTest : {128, 0, 1, 255}
Code:C:\WINDOWS\system32>tpmtool getdeviceinformation -TPM Present: True -TPM Version: 1.2 -TPM Manufacturer ID: IFX -TPM Manufacturer Full Name: Infineon -TPM Manufacturer Version: 4.32 -PPI Version: 1.2 -Is Initialized: True -Ready For Storage: True -Ready For Attestation: False -Information Flags Description: INFORMATION_EK_CERTIFICATE INFORMATION_TPM_OWNERAUTH -Is Capable For Attestation: False -Clear Needed To Recover: True -Clear Possible: True -TPM Has Vulnerable Firmware: True -TPM Firmware Vulnerability: 0x00000001 ADV170012 - IFX ROCA/Riemann -PCR7 Binding State: 0 -Maintenance Task Complete: True -TPM Spec Level: 2 -TPM Spec Revision: 3 C:\WINDOWS\system32>