Hardware attacks rarely make headlines but require the same mitigation and security solutions in place as other threats.
Trusted Platform Module, or TPM, is a unique hardware-based security solution that installs a cryptographic chip on the computer’s motherboard, also known as a cryptoprocessor.
This chip protects sensitive data and wards off hacking attempts generated through a computer’s hardware. Each TPM holds computer-generated keys for encryption, and most PC’s nowadays come with TPM chips pre-soldered onto the motherboards.
Let us look into how Trusted Platform Modules work, their benefits, and how to enable TPM on your PC.
How Does TPM Work?
TPM works by generating a pair of encryption keys, then stores part of each key securely, along with providing tamper detection. It simply means that a part of the private encryption key is stored in the TPM rather than stored entirely on the disk.
So, in the event a hacker compromises your computer, they will not be able to access its contents. TPM makes it impossible for the hackers to bypass encryption to access the disk contents even if they were to remove the TPM chip or try to access the disk on another motherboard.
Each TPM is ingrained with a unique initialized signature during the silicon manufacturing phase that increases its security efficacy. For a TPM to be utilized, it needs first to have an owner, and a TPM user must be physically present to take ownership. Without these two steps, a TMP cannot be activated.
Benefits Of TPM
TPM offers a degree of trust and integrity that makes it easy to carry out authentication, identity verification, and encryption on any device.
Here are some of the major benefits that TPM offers.
Provides Data Encryption
Even with the rise in security awareness, there is still a huge occurrence of unencrypted data transmissions. By using a combination of software and hardware algorithms, TPM protects plain-text data by encrypting it.
Protects from Malicious Boot Loader Malware
Certain specialized malware can infect or re-write the boot loader even before any antivirus software has a chance to act. Some malware types can even virtualize your OS to spy on everything while going undetected by online systems.
A TPM can protect by establishing a chain of trust as it verifies the boot loader first and allows an Early Launch Anti-Malware to be started after that. Ensuring your OS is not tampered with, adds a layer of security. If TPM does detect a compromise, it simply refuses to boot the system.
Another great benefit of TPM is the automatic shift to the Quarantine mode in case of a compromise. If the TPM chip detects a compromise, it boots up in Quarantine mode so you can troubleshoot the issue.
You can safely store your encryption keys, certificates, and passwords used for accessing online services inside a TPM. This is a more secure alternative than storing them inside the software on your hard drive.
Management of Digital Rights
TPM chips offer a safe haven for media companies as it provides copyright protection for digital media delivered to hardware like a set-top box. By enabling digital rights management, TPM chips allow companies to distribute content without worrying about copyright infringement.
How to Check If Your Windows PC Has TPM Enabled
Are you curious to find out if your Windows machine has TPM enabled or not? On most Windows 10 machines, a TPM is usually integrated into the motherboard to securely store the encryption keys when encrypting the hard drive using features like BitLocker.
Here are a few sure-shot ways to find out if TPM is enabled on your PC.
The TPM Management Tool
Press Windows Key + R to open the Run dialog window. Type in tpm.msc and press Enter.
This will open up the built-in utility known as Trusted Platform Module (TPM) Management. If TPM is installed, you can view the manufacturer’s information about the TPM, like its version.
However, If you see a Compatible TPM cannot be found message instead, your computer either does not have a TPM, or it’s turned off in the BIOS/UEFI.
The Device Manager
- Type device manager in your Start menu search bar and select the Best Match.
- Open the Device Manager and search for a node called Security devices.
- Expand it and see if it has a Trusted Platform Module listed.
The Command Prompt
- Type cmd in the Start menu search bar, then press CTRL + Shift + Enter to open an elevated Command Prompt.
- Input the following command:
ecuritymicrosofttpm path win32_tpm get * /format:textvaluelist.xsl
This will tell you the current status of the TPM chip: activated or enabled. If there is no TPM installed, you’ll get the message No Instance(s) Available.
How to Enable TPM from the BIOS
If you received the Compatible TPM cannot be found message and want to enable it in your BIOS, then follow these steps:
- Boot your computer, then tap the BIOS entry key. This can vary between computers but is usually F2, F12, or DEL.
- Locate the Security option on the left and expand.
- Look for the TPM option.
- Check the box saying TPM Security to enable the TPM hard drive security encryption.
- Make sure the Activate checkbox is turned on to ensure the TPM option works.
- Save and Exit.
BIOS settings and menus vary between hardware, but this is a rough guide to where you’re likely to find the option.
TPM and Enterprise Security
TPM does not only protect regular home computers but offers extended benefits for enterprises and high-end IT infrastructures as well.
Here are some TPM benefits that enterprises can achieve:
- Easy password setups.
- Storing of digital credentials such as passwords in hardware-based vaults.
- Simplified Key management.
- Augmentation of smart cards, fingerprint readers, and fobs for multi-factor authentication.
- File and folder encryption for access control.
- Hash state information before hard drive shutdown for endpoint integrity.
- Implementing highly secure VPN, remote and wireless access.
- It can be used in combination with Full Disk Encryption to restrict access to sensitive data completely.
The TPM Chip—Small but Mighty
Besides investing in software-based security tools, hardware security is just as important and can be achieved by implementing encryption to secure your data.
TPM provides countless security features, from generating keys, storing passwords and certificates to encryption keys. When it comes to hardware security, a small TPM chip certainly promises a high level of security.
About The Author