What is TPM?
As hackers become more sophisticated and find increasingly deceptive ways to access computers, devices must be equipped with the latest security technology. A Trusted Platform Module (TPM) is a small chip that protects a computer from malware or other cyber attacks. The TPM is found on a computer’s motherboard and is usually pre-installed onto devices with a recent version of Windows. When users switch on their devices, the TPM will quickly scan for any signs of hacking and automatically generate a cryptographic key to power up if everything is normal.
TPM 1.2 vs TPM 2.0
TPM technology is a hardware-based security approach that provides a root of trust. Its features have evolved as technology advances, protecting users by assessing and reporting the platform integrity of a device. Earlier versions of Windows are usually installed with TPM 1.2 and meet basic security specifications. TPM 1.2 is activated when a computer is switched on and provides measurements and validation of components before they can be loaded into the memory. Moreover, TPM 1.2 supports necessary cryptographic functions and can store up to 2048-bit RSA keys.
TPM 2.0 offers newer and more advanced security support designed to address the limitations of previous versions. With the ability to store up to 4096-bit RSA keys, TPM 2.0 provides enhanced flexibility and supports newer cryptographic algorithms. TPM 2.0 offers distinct security advantages over TPM 1.2 and is compatible with most major operating systems, including Windows and Linux.
How does TPM work? How to use a TPM?
TPMs are cryptographic modules that enhance the security of devices and networks. They offer numerous security features, including tamper-resistance and integrity measurement, and protect data via encryption and decryption. A TPM creates encryption codes that are stored between the TPM chip and the computer’s hard drive.
TPMs defend a computer from the get-go, running advanced checks to safeguard devices against malicious code from the second it is switched on. They also prevent unauthorized access to data: if the TPM chip is missing or there are signs the device has been tampered with, it simply will not turn on. TPMs are installed directly onto the device’s motherboard and are activated upon switching on a device. As such, they do not require any additional action from the user.
Do I already have a TPM?
Whether or not a computer already has TPM depends on when it was bought and which Windows version it uses. Devices purchased after 2016 usually come with TPM 2.0. Older devices may be equipped with TPM 1.2 or have no TPM at all.
Can I add a TPM if I do not have one?
Those comfortable with the ins and outs of a computer should be able to add a TPM 2.0 chip to its motherboard. Users should be mindful of when their device was built, as older computers may be unable to run Windows 11. Moreover, getting a TPM up and running may not be as easy as it seems.
There are generally three installation options for TPMs:
- A discrete TPM chip that comes as a separate component in a semiconductor package.
- An integrated TPM solution that uses dedicated hardware integrated into one or more semiconductor packages. This is usually separate from other components.
- A firmware TPM solution that runs the TPM in a Trusted Execution mode as part of a general computation unit.
What are the benefits of using TPM?
Although TPMs are unseen by users, they are crucial for running a secure device. Here are three ways using a TPM can benefit your computing experience.
1) Data encryption
Security is more relevant than ever before. Despite this, there are still a large number of unencrypted data transmissions that are easily readable by hackers. There is a risk of unencrypted data being intercepted during transmission, with a staggering seven million unencrypted data records compromised daily. TPM uses advanced software and hardware algorithms to protect plain-text data through encryption.
2) Protects from start-up malware
Specialized fast-acting malware can compromise computers during start-up, causing destruction before antivirus software has noticed something is wrong. TPMs establish a root of trust by verifying the boot loader first and evaluating whether or not the device has been tampered with. If something untoward is detected, the operating system will refuse to boot the system. If not, the computer will start as normal.
3) Storage safety
Studies show that 55% of people recall passwords from memory. If you have ever forgotten a password and endured a grueling reset process, you will know how frustrating memorizing passwords can be. But the alternatives are often riskier, with 20% of people stating they store passwords in their email accounts. Despite obvious vulnerabilities, these methods lack proper protection. Users can safely store encryption keys, certificates, and passwords inside a TPM, which offers more security than other methods.
What are the limitations of using TPM?
With cyber-attacks on the rise, there is no question Microsoft is doing all it can to protect users. TPM 2.0 is another effort to ramp up security in the face of rising cybercrime, however there may be some limitations.
1) Unclear installation
For those less comfortable with tinkering, finding out whether or not a computer has a pre-installed TPM could be challenging. If there is no TPM installed, users may try to install one themselves or purchase an additional TPM just in case. However, additional TPMs cannot necessarily protect against all kinds of attacks.
2) Does not prevent all attacks
TPMs may not be able to protect against so-called cold boot attacks, in which sensitive information is accessed from a computer’s random accessed memory (RAM) once the computer switches off. RAM data is usually erased when a computer shuts down. However, during cold boot attacks, criminals can quickly freeze the RAM and transfer its contents to another device. TPMs prevent keys from being loaded into memory, but they cannot prevent keys from being captured if they are already in the memory.
3) Compatibility issues
TPM 2.0 is compatible with most major operating systems, such as Windows, Linux, and macOS. However, earlier TPM versions are not compatible with non-Windows operating systems, meaning that some users may not be receiving the most recent protection.
With rising cases of cyberattacks, computers are undoubtedly more secure with a TPM. A TPM checks devices for tampering or malware even before it starts up and will simply refuse to switch on if it detects any unusual activity. Most devices purchased after 2016 already come with TPM 2.0, offering advanced protection for Windows 11 users. Devices purchased before this year may have TPM 1.2, although some have no protection at all. For maximum security, it is beneficial to check which TPM version your device has and install or upgrade it if necessary. Doing so will protect your device from malicious malware and provide ultimate password protection.
Jeni is a translator and writer based in Taiwan. She is passionate about business development and loves helping companies enter international markets. She is fluent in English, German, and Mandarin Chinese, and combines these with her industry experience to provide practical market entry solutions.