James

Windows 10 Requires TPM Chip for Encryption

Recommended Posts

With effect from 28th July 2016 the desktop and mobile versions of Windows 10 require a Trusted Platform Module (TPM) chip. This is a hardware requirement, so before upgrading it is something else you need to check besides memory or storage minimum requirements.

A TPM chip is used to carry out encryption tasks. It is used by Windows Hello to protect biometric information and by Microsoft Bitlocker for users who want to encrypt their hard drives.

https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx
 

Quote

 

3.7 Trusted Platform Module (TPM)

As of July 28, 2016, all new device models, lines or series must implement and be in compliance with the International Standard ISO/IEC 11889:2015 or the Trusted Computing Group TPM 2.0 Library and a component which implements the TPM 2.0 must be present and enabled by default from this effective date.

The following requirements must be met:

All TPM configurations must comply with local laws and regulations.

Firmware-based components that implement TPM capabilities must implement version 2.0 of the TPM specification.

An EK certificate must either be pre-provisioned to the TPM by the hardware vendor or be capable of being retrieved by the device during the first boot experience.

It must ship with SHA-256 PCR banks and implement PCRs 0 through 23 for SHA-256. Note that it is acceptable to ship TPMs with a single switchable PCR bank that can be utilized for SHA-256 measurements.

It must support TPM2_HMAC command.

A UEFI firmware option to turn off the TPM is not required. OEM systems for special purpose commercial systems, custom order, and customer systems with a custom image are not required to ship with a TPM support enabled.

For detailed TPM information, see Trusted Platform Module topic on TechNet and for TPM 1.2 and 2.0 version comparisons, please reference this article here.

 

 

Share this post


Link to post
Share on other sites

How to check if your PC has a Trusted Platform Module (TPM) Chip...
http://www.tenforums.com/tutorials/36454-trusted-platform-module-tpm-chip-verify-windows-pc.html

1. Press the Win+R keys to open Run, type devmgmt.msc, and click/tap on OK to open Device Manager.
2. Look to see if you have Security devices listed. If you do, then expand it open to see if you have a Trusted Platform Module device listed.

or

1. Press the Win+R keys to open Run, type tpm.msc, and click/tap on OK to open the TPM Management snap-in.
2. Look to see if the TPM Management console shows your PC having a TPM available or not.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now