Modern versions of Windows use the TPM transparently. This chip provides hardware-based authentication and tamper detection, so an attacker can't attempt to remove the chip and place it on another motherboard, or tamper with the motherboard itself to attempt to bypass the encryption - at least in theory.įor most people, the most relevant use case here will be encryption. This means an attacker can't just remove the drive from the computer and attempt to access its files elsewhere.
So, if you're using BitLocker encryption or device encryption on a computer with the TPM, part of the key is stored in the TPM itself, rather than just on the disk. The TPM generates encryption keys, keeping part of the key to itself. If you built your own computer, you can buy one as an add-on module if your motherboard supports it. The TPM is a chip that's part of your computer's motherboard - if you bought an off-the-shelf PC, it's soldered onto the motherboard. Related: How to Set Up BitLocker Encryption on Windows It's a chip on your computer's motherboard that helps enable tamper-resistant full-disk encryption without requiring extremely long passphrases. TPM stands for 'Trusted Platform Module'.
