How to Check if Windows PC has a Trusted Platform Module (TPM) Chip
Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can:
- Generate, store, and limit the use of cryptographic keys.
- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into itself.
- Help ensure platform integrity by taking and storing security measurements.
"Almost every CPU in the last 5-7 years has a TPM. For Intel its called the "Intel PTT" which you set to enabled. For AMD it would be "AMD PSP fTPM". TPMs have been required for OEM certification since at least 2015 and was announced in 2013," said David Weston, Director of Enterprise and OS Security at Microsoft.
The most common TPM functions are used for system integrity measurements and for key creation and use. During the boot process of a system, the boot code that is loaded (including firmware and the operating system components) can be measured and recorded in the TPM. The integrity measurements can be used as evidence for how a system started and to make sure that a TPM-based key was used only when the correct software was used to boot the system.
TPM-based keys can be configured in a variety of ways. One option is to make a TPM-based key unavailable outside the TPM. This is good to mitigate phishing attacks because it prevents the key from being copied and used without the TPM. TPM-based keys can also be configured to require an authorization value to use them. If too many incorrect authorization guesses occur, the TPM will activate its dictionary attack logic and prevent further authorization value guesses.
Different versions of the TPM are defined in specifications by the Trusted Computing Group (TCG).
Windows can automatically provision and manage the TPM. Group Policy settings can be configured to control whether the TPM owner authorization value is backed up in Active Directory. Because the TPM state persists across operating system installations, TPM information is stored in a location in Active Directory that is separate from computer objects. Depending on an enterprise’s security goals, Group Policy can be configured to allow or prevent local administrators from resetting the TPM’s dictionary attack logic. Standard users can use the TPM, but Group Policy controls limit how many authorization failures standard users can attempt so that one user is unable to prevent other users or the administrator from using the TPM. TPM technology can also be used as a virtual smart card and for secure certificate storage. With BitLocker Network Unlock, domain-joined computers are not prompted for a BitLocker PIN.
For more details about TPM, see:
- Trusted Platform Module Technology Overview | Microsoft Docs
- TPM recommendations (Windows 10) | Microsoft Docs
- Trusted Platform Module (Windows 10) | Microsoft Docs
- Trusted Plaform Module (TPM) 2.0 | Microsoft Docs
- BitLocker TPM Requirement FAQs | Microsoft Docs
- Enable TPM 2.0 on your PC | Microsoft Support
This tutorial will show you how to check if your Windows PC has a Trusted Platform Module (TPM) security hardware chip, and to see your TPM details and version if available.
Contents
- Option One: To See if PC has a TPM and TPM Details in Device Manager
- Option Two: To See if PC has a TPM and TPM Details in TPM Management snap-in console
- Option Three: To See if PC has a TPM and TPM Details in BIOS or UEFI Firmware Settings
- Option Four: To See if PC has a TPM and TPM Details in Windows Security
- Option Five: To See if PC has a TPM and TPM Details in Command Prompt
- Option Six: To See if PC has a TPM and TPM Details in PowerShell
1 Open Device Manager.
2 Look to see if you have Security devices listed. If you do, then expand it open to see if you have a Trusted Platform Module device listed with a version number (ex: 2.0).
1 Press the Win + R keys to open Run, type tpm.msc into Run, and click/tap on OK to open the TPM Management snap-in.
2 Look to see if the TPM Management console shows your PC having a TPM available or not.
1 Boot the computer to BIOS or UEFI firmware settings.
2 Look to see if you may have a Trusted Platform Module (TPM) or PTT type setting to enable or disable.
1 Open the Windows Security, and click/tap on the Device Security icon. (see screenshot below)
2 Click/tap on the Security processor details link under Security processor. (see screenshot below)
3 If you have a TPM, you will now see general information about it. (see screenshot below)
4. When finished, you can close Windows Security.
To see more usage details about the tpmtool command, see: tpmtool | Microsoft Docs
1 Open a command prompt.
2 Copy and paste the command below you want to use into the command prompt, and press Enter. (see screenshots below)
(To output TPM general details in command prompt)
tpmtool getdeviceinformation
OR
(To output TPM more details to TpmInformation.txt file on desktop)
tpmtool gatherlogs %UserProfile%\Desktop
Collects TPM logs and places them on your desktop. The possible files generated are:
- TpmEvents.evtx
- TpmInformation.txt
- SRTMBoot.dat
- SRTMResume.dat
- DRTMBoot.dat
- DRTMResume.dat
You must be signed in as an administrator to do this option.
To see more usage details about the Get-Tpm command, see: Get-Tpm | Microsoft Docs
1 Open an elevated PowerShell.
2 Copy and paste the command below you want to use into the elevated PowerShell, and press Enter to see if True or False is reported for a TPM. (see screenshots below)
(Detailed)
get-tpm
OR
(Non-detailed)
get-tpm | select -ExpandProperty tpmpresent
That's it,
Shawn Brink
Related Tutorials
- Check TPM version in Windows 10 and Windows 11
- Install or Uninstall TPM Diagnostics Tool in Windows 11
- Bypass Windows 11 System Requirements