Have you ever wondered which devices supported Windows Hello, fingerprint verification, and critical biometrics – and where did they store them? Storing this data on your computer or phone can be risky. It's here that TPM or Secure platform module enters the picture. In this article, we will learn about the Trusted Platform Module and learn to check if you have a TPM chip.
What is Trusted Platform Module?
The Trusted Platform Module or TPM is a specialized and dedicated chip that stores cryptographic keys. It acts as endpoint security for the devices that support it.
When someone owns a device, it generates two keys –
- Key of approval
- Storage root key.
These keys are only accessible at the hardware level. No software can access these keys.
In addition to these keys, there is another key called Certificate ID key or AIK. It protects the hardware against unauthorized changes to firmware and software.
Related: How to clear and update the firmware TPM.
How to check if you have a TPM chip
There are many ways to check the availability of the TPM chip. However, you should know that it needs to be hardware enabled so that the security of security software such as Bitllocker can use it.
- Using TPM Management
- Enable it in the BIOS or UEFI
- Using the Security Node in Device Manager
- Using the WMIC command.
1) Open the Trusted Management Module Management
Type tpm.msc in the prompt, and press Enter. It will launch the Trusted Management Management Module.
If that says:
Compatible TPM not found on this computer. Verify that this computer has 1.2 TPM or later and that it is enabled in the BIOS.
or something similar, then you do not have TPM on the computer.
If that says:
The TPM is ready to use
You have it!
2) BIOS or UEFI registration
Restart the computer and boot into the BIOS or UEFI. Look for the security section and see if there is a setting similar to TPM Support, Security Chip, or something else. Enable it and restart the computer after saving the settings.
3) Check with the device manager
Use Win + X + M to open the Device Manager. Find if there is a Security Devices node. If so, expand it and TPM with the module number
4) Use WMIC in the command prompt
In a command prompt with elevated privileges, run the command:
wmic /namespace:rootcimv2securitymicrosofttpm path win32_tpm get * /format:textvaluelist.xsl
It will display a list of key-value pairs.
If you see True in the result, it means that TPM is enabled. otherwise you should see No instances available".
We hope the guide was simple and easy to understand for you to determine if the computer is equipped with a TPM chipset.