Q. Windows is showing I have a TPM 2.0 in my machine but I don't have a TPM, where is it coming from?
A. In most systems the TPM is a discrete chip and if you are custom making a machine your motherboard may even have a header where a TPM can be added. On a number of newer UEFI systems you may see a TPM 2.0 even if the manual says the motherboard does not have a TPM so where is it coming from? Even PowerShell shows the TPM is present, for example:
PS C:\WINDOWS\system32> Get-Tpm
TpmPresent : True
TpmReady : True
ManufacturerId : 1229870147
ManufacturerVersion : 11.0
ManagedAuthLevel : Full
OwnerAuth : oks8S89Og=
OwnerClearDisabled : True
AutoProvisioning : Enabled
LockedOut : False
LockoutCount : 0
LockoutMax : 32
SelfTest : {}
What these TPMs actually are are firmware based TPMs provided by the UEFI and not a true discrete TPM however if you simply want to use BitLocker then the fTPM provided by the UEFI firmware will meet the requirements. Intel has a good page at http://www.intel.com/content/www/us/en/support/boards-and-kits/intel-nuc-boards/000007452.html which talks about discrete TPMs vs the fTPM provide by firmware. For an Intel based system this is turned on by enabling Intel Platform Trust Technology in the firmware.
