Machine shows a TPM 2.0 on a computer with no TPM, why?

Machine shows a TPM 2.0 on a computer with no TPM, why?

Q. Windows is showing I have a TPM 2.0 in my machine but I don't have a TPM, where is it coming from?

A. In most systems the TPM is a discrete chip and if you are custom making a machine your motherboard may even have a header where a TPM can be added. On a number of newer UEFI systems you may see a TPM 2.0 even if the manual says the motherboard does not have a TPM so where is it coming from? Even PowerShell shows the TPM is present, for example:

PS C:\WINDOWS\system32> Get-Tpm


TpmPresent          : True
TpmReady            : True
ManufacturerId      : 1229870147
ManufacturerVersion : 11.0
ManagedAuthLevel    : Full
OwnerAuth           : oks8S89Og=
OwnerClearDisabled  : True
AutoProvisioning    : Enabled
LockedOut           : False
LockoutCount        : 0
LockoutMax          : 32
SelfTest            : {}

What these TPMs actually are are firmware based TPMs provided by the UEFI and not a true discrete TPM however if you simply want to use BitLocker then the fTPM provided by the UEFI firmware will meet the requirements. Intel has a good page at http://www.intel.com/content/www/us/en/support/boards-and-kits/intel-nuc-boards/000007452.html which talks about discrete TPMs vs the fTPM provide by firmware. For an Intel based system this is turned on by enabling Intel Platform Trust Technology in the firmware.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish