Windows 10 Requires TPM Chip for Encryption


Recommended Posts

With effect from 28th July 2016 the desktop and mobile versions of Windows 10 require a Trusted Platform Module (TPM) chip. This is a hardware requirement, so before upgrading it is something else you need to check besides memory or storage minimum requirements.

A TPM chip is used to carry out encryption tasks. It is used by Windows Hello to protect biometric information and by Microsoft Bitlocker for users who want to encrypt their hard drives.



3.7 Trusted Platform Module (TPM)

As of July 28, 2016, all new device models, lines or series must implement and be in compliance with the International Standard ISO/IEC 11889:2015 or the Trusted Computing Group TPM 2.0 Library and a component which implements the TPM 2.0 must be present and enabled by default from this effective date.

The following requirements must be met:

All TPM configurations must comply with local laws and regulations.

Firmware-based components that implement TPM capabilities must implement version 2.0 of the TPM specification.

An EK certificate must either be pre-provisioned to the TPM by the hardware vendor or be capable of being retrieved by the device during the first boot experience.

It must ship with SHA-256 PCR banks and implement PCRs 0 through 23 for SHA-256. Note that it is acceptable to ship TPMs with a single switchable PCR bank that can be utilized for SHA-256 measurements.

It must support TPM2_HMAC command.

A UEFI firmware option to turn off the TPM is not required. OEM systems for special purpose commercial systems, custom order, and customer systems with a custom image are not required to ship with a TPM support enabled.

For detailed TPM information, see Trusted Platform Module topic on TechNet and for TPM 1.2 and 2.0 version comparisons, please reference this article here.



Link to comment
Share on other sites

How to check if your PC has a Trusted Platform Module (TPM) Chip...

1. Press the Win+R keys to open Run, type devmgmt.msc, and click/tap on OK to open Device Manager.
2. Look to see if you have Security devices listed. If you do, then expand it open to see if you have a Trusted Platform Module device listed.


1. Press the Win+R keys to open Run, type tpm.msc, and click/tap on OK to open the TPM Management snap-in.
2. Look to see if the TPM Management console shows your PC having a TPM available or not.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.