How to Check If Your Computer Has a Trusted Platform Module (TPM) Chip

[Jordan]

How to Check If Your Computer Has a Trusted Platform Module (TPM) Chip

 

TPM hardware provides a tamper-resistant way to store encryption keys on a computer.

On Windows 10, 8, and 7, a TPM is normally required to enable and use encryption features like BitLocker.

Here’s how to check whether your PC has a TPM chip, enable your TPM if it’s disabled, or add a TPM chip to a PC without one.

 

Option One: Check the TPM Management Tool

The TPM management tool built into Windows will show you whether your PC has a TPM.

To open it, press Windows+R to open a run dialog window. Type tpm.msc into it and press Enter to launch the tool.

 

 

If you see information about the TPM in the PC—including a message at the bottom right corner of the window informing you which TPM specification version your chip supports—your PC does have a TPM.

 

If you see a “Compatible TPM cannot be found” message instead, your PC does not have a TPM.

 

Check if Your Computer Has TPM Hardware That’s Disabled

On some PCs, it’s possible to disable the TPM chip in the computer’s UEFI firmware or BIOS. If the TPM chip is disabled at this level, it’s deactivated and won’t appear in Windows—even though your PC actually has the hardware.

 

To check for this, restart your PC into its UEFI or BIOS settings screen. The exact process is different on every PC. Some modern PCs require you go through the Windows 10 or 8 advanced startup options menu, while others still require you press a specific key—like Delete, F12, or Escape—during the boot-up process. Check your computer’s documentation for more information, or check your motherboard’s documentation if you built your own PC.

 

Look through the settings screen and see if you see an option named “Trusted Platform Module”, “TPM”, “TPM Support”, or something like that. If it’s disabled, enable it from here, save your settings, and reboot. The TPM will be available for use within Windows.

 

 

TPMs also show up in the Device Manager, so it may be worth ensuring your TPM isn’t disabled in the Device Manager too (though this is unlikely).

If you don’t see “Security Devices” with a TPM in Device Manager, and there isn’t an entry in the BIOS, you probably don’t have one.

How to Add a TPM Chip to a PC

If you built your own PC, you may able to add a TPM chip to it. Search for a TPM chip that’s sold as an add-on module. You’ll need one that supports the exact motherboard inside your PC.

 

Laptops and desktop PCs you buy off the shelf generally have a TPM chip that’s soldered—permanently attached—to the motherboard. It’s not possible to add TPM chips to an older PC that doesn’t have the hardware to accept one. Consult your motherboard manufacturer’s documentation for more information about whether your PC supports a TPM chip and which one it requires.

 

SOURCE

[Holmes]

I know my motherboard doesnt only because when I buy motherboards I pay attention to everything that the motherboard has and doesnt have and my motherboard has a tpm module slot I have to buy the tpm module to install myself.  I keep meaning to buy one and keep forgetting if you have a tpm module and you have security on your computer that use it I recommend you use it.

[straycat19]

It is not necessary to have TPM module on your system in order to have security.  The fact that Bitlocker requires it (and bitlocker is easily broken) doesn't say much for having the chip.  There are more secure encryption packages that don't require the chip that have far better security than Bitlocker.  For example, SecurStar DriveCrypt Plus Pack not only encrypts your hard drive but also has the ability to create a hidden encrypted OS.  

Quote

DCPP is the only disk encryption software on the market able to hide an entire operating system inside the free disk space of another operating system. You can practically define two passwords for your DCPP encrypted disk: One password is for the visible operating system, the other for the invisible one. The first "fake" password gives you access to a pre-configured operating system (outer OS), while the other gives you access to your real working operating system. This functionality is extremely useful if you fear that someone may force you to provide the DCPP password; in this case, you simply give away the first (fake) password so that your attacker will be able to boot your system, but only see the prepared information that you want him to find. The attacker will not be able to see any confidential and personal data and he will also not be able to understand that the machine is storing one more hidden operating system. On the other hand, if you enter your private password (for the invisible disk), your system will boot a different operating system (your working system) giving you the access to all your confidential data. The creation of a hidden operating system is not obligatory and as such, it is not possible for anyone who does not have the hidden OS password to know or find out if a hidden operating system exists or not.

 

Features and Benefits

Boot protection
Pre-Boot authentication: Login before starting the operating system
Multiple OS boot support (Microsoft)
Invisible operating system (allows the hiding of the entire operating system)
Full or partial hard disk encryption
Sector level protection
Complete "power off" protection i.e. unauthorised users are prohibited from starting up the PC
AES 256 bit encryption
No size limitation for encrypted disks
Manages an unlimited amount of encrypted disks simultaneously.
Allows steganography to hide data into pictures
Trojan and keyboard sniffer protection preventing passwords from being sniffed/captured (red screen modus).
Anti dictionary and brute-force attack mechanisms (due to the nature of DCPP, it is the most difficult system to attack compared to anything else available.)
Encrypts almost any kind of media (hard disks, floppy disks, ZIP, JAZ, etc...)
Administrator/user specific rights
USB-Token authentication at pre-boot level (Aladdin R2, Rainbow USB-Token as well as Memorysticks)
Facility to validate the integrity of the encryption method.
Recovery disk for "disaster recovery"
Easy to install, deploy and use.
Completely transparent to the user
Minimal administration and user training.

[Israeli_Eagle]

5 hours ago, straycat19 said:

It is not necessary to have TPM module on your system in order to have security.  The fact that Bitlocker requires it (and bitlocker is easily broken) doesn't say much for having the chip.

 

Bitlocker is still totally safe, BUT...

• Only for the FULL Bitlocker which only works until Windows 7! Windows 8.x (8.2 = 10) is much weaker.
• Real strong machines would never allow & use Hibernate for sleep mode.
• Also batteries are never needed and a very weak part!