A Trusted Platform Module (TPM) is a specialized chip on your computer's motherboard designed to enhance security by securely storing cryptographic keys used for encryption and decryption. It ensures that your operating system and firmware are authentic and have not been tampered with. TPMs can be implemented as discrete chips, which are separate components on the motherboard, or as integrated solutions within the main processor.

For example, the Microsoft Pluton security processor is an integrated solution that embeds TPM functionality directly into the CPU. This integration reduces the attack surface by eliminating the communication path between the CPU and a separate security chip.

Several Windows features leverage TPM to enhance security, including:

  • Windows Hello uses the TPM to securely store biometric data (like fingerprints or facial recognition) and PINs, providing a secure and convenient way to sign into your device without using a password

  • BitLocker uses the TPM to encrypt your hard drive, ensuring that the data remains secure even if your device is lost or stolen. The TPM stores the encryption keys, making it difficult for unauthorized users to access your data

When you encrypt something to protect it from prying eyes the encryption software takes the piece of data you want to encrypt and combines it with a long, random string of characters to form a new, encrypted, piece of data. The long, random string of characters used by the encryption software is the cryptographic key.

Note: The unencrypted data is called the plaintext. The encrypted version of that data is called the ciphertext.

Once it's encrypted, only somebody with the correct cryptographic key can decrypt it and read the original piece of data.

Does my PC have a TPM?

Most modern PCs have a TPM. Use the following steps to determine if your PC has a TPM:

  1. In the Windows Security app  on your PC,​​​​​​​ select Device security, or use the following shortcut:

    Device security

    Screenshot of the device security screen in the Windows Security app.

    ​​​​​​​

  2. Check for a Security processor section. If the section is present, your device has a TPM. If not, your device might have a TPM that is turned off. You can enable it by following instructions on how to Enable TPM on your PC

  3. You can verify which TPM version your computer is equipped with. Select Security processor details and review the Specification version. It should either be 1.2 or 2.0.

Important: Windows 11 requires TPM version 2.0. For more information see Windows 11 System Requirements.

Want to learn more about TPM? See Trusted Platform Module Technology Overview.

Facebook LinkedIn Email

Need more help?

Want more options?

DiscoverCommunity

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders