Machine shows a TPM 2.0 on a computer with no TPM, why?

Q. Windows is showing I have a TPM 2.0 in my machine but I don't have a TPM, where is it coming from?

A. In most systems the TPM is a discrete chip and if you are custom making a machine your motherboard may even have a header where a TPM can be added. On a number of newer UEFI systems you may see a TPM 2.0 even if the manual says the motherboard does not have a TPM so where is it coming from? Even PowerShell shows the TPM is present, for example:

PS C:WINDOWSsystem32> Get-TpmTpmPresent          : TrueTpmReady            : TrueManufacturerId      : 1229870147ManufacturerVersion : 11.0ManagedAuthLevel    : FullOwnerAuth           : oks8S89Og=OwnerClearDisabled  : TrueAutoProvisioning    : EnabledLockedOut           : FalseLockoutCount        : 0LockoutMax          : 32SelfTest            : {}

What these TPMs actually are are firmware based TPMs provided by the UEFI and not a true discrete TPM however if you simply want to use BitLocker then the fTPM provided by the UEFI firmware will meet the requirements. Intel has a good page at http://www.intel.com/content/www/us/en/support/boards-and-kits/intel-nuc-boards/000007452.html which talks about discrete TPMs vs the fTPM provide by firmware. For an Intel based system this is turned on by enabling Intel Platform Trust Technology in the firmware.