WiseCleaner Think Tank

Encounter difficult computer problems?
All about maintenance and optimization of your Windows System.

Home > Think Tank > What is TPM

What is TPM

Jul 5, 2021

Trusted Platform Module (TPM) is an international standard for a secure cryptographic processor, which aims to use a dedicated chip integrated into the device to process the encryption key in the device. The technical specifications of TPM are written by an information industry consortium called the Trusted Computing Group (TCG). At present, most PC giants have joined this organization, such as Microsoft, Intel, AMD, and various PC manufacturers.

How to enable TPM in BIOS?

Since it is a standard, TPM naturally has a version upgrade. The latest version is TPM 2.0, which can handle encryption, decryption, key creation, and acquisition of ownership. For a computer to implement TPM 2.0, the motherboard must have a chip that can support TPM 2.0. Therefore, if your computer does not support the TPM function, it can only mean that there is no TPM chip on your computer motherboard.


TPM can be regarded as a line of defense for the system to resist attacks. When the TPM chip detects a problem with the system, it will run in isolation mode to try to solve the problem. It is designed to provide hardware-based, security-related functions and the core of the TPM module is encryption. In general, TPM has two main functions.

1. One is to verify the integrity of the system when Windows was started, a TPM chip is a secure crypto-processor that helps you with actions such as generating, storing, and limiting the use of cryptographic keys. And the key is generated through the built-in encryption algorithm of the chip, which can effectively protect the computer and prevent unauthorized users from accessing it. So if the system was tampered with (for example, a virus), the TPM chip would immediately stop the system from starting, thus to a certain extent protecting the files in the computer and the security of the entire network where the computer is located.

2. Secondly, since many Windows devices support security functions such as facial recognition, fingerprint recognition, and full-disk encryption, the key files required for these security functions are not stored in the hard disk, but in the TPM module. In this way, even if the computer is hacked and the hard disk content is stolen, the key will not be leaked, and the security will naturally be greatly improved.

In layman’s terms, the TPM security chip is like a codebook. The data is encrypted by the TPM before data interaction, and the receiving end decrypts the data through the TPM security chip. There are various encryption algorithms in the TPM security chip, which can ensure the safe operation of the computer system.



The question now is why Microsoft has to support TPM2.0 to install Windows 11? The answer is very simple, that is for the security of the entire operating system. A new product from WiseCleaner, Checkit, can check if a PC meets the Win11 system requirements. The Checkit clearly defines whether your PC’s TPM configuration can run Windows 11 or not. For more details about WiseCleaner Checkit, please click here.

Some people also think that TPM2.0 is just a suggestion, not a mandatory user’s computer must have TPM2.0. Microsoft itself later stated that it may only need TPM1.2 in the future, but it did not give up the TPM technology. But the situation seems to have changed recently. Microsoft’s director of enterprise and system security published a new article on the official Windows blog. The article stated: "In the future, PCs need to rely on this modern hardware-based trust to help defend against common and complex attacks, such as ransomware and complex attacks by heavyweight hacker groups. By forcing built-in Windows 11 to require TPM2.0, it will also help to improve hardware security standards.” From the official Microsoft statement this time, Microsoft is more obsessed with TPM technology, and the most important issue is security.


The PM 2.0 standard was formulated and implemented in 2016, and its previous version, TPM 1.2, was an ancient product of 2011. Secondly, compared with TPM 1.2, the biggest change of TPM 2.0 is to greatly increase the types and security of the module’s built-in encryption algorithms. Compared to the old TPM1.2, TPM2.0 has more compatible software and scenarios, and the generated password is longer and more difficult to crack.


For this reason, according to an article published in the official blog by David Weston, Microsoft’s director of enterprise and operating system security, the TPM module has been given more functions in Windows 11. It can now not only accelerate facial recognition and fingerprint recognition. The role of disk encryption can also be used to resist current popular ransomware, and can even be used to defend against complex hacker attacks. Therefore, the TPM 2.0 standard with better compatibility and higher security has been included in the list of necessary hardware configurations for Windows 11 by Microsoft.


Microsoft TPM Overview