Enable TPM: Determine if TPM is present

Posted on Christian By Christian No Comments on Enable TPM: Determine if TPM is present
tpmbiosactivation

The trusted platform module (TPM) is a hardware component that computer manufacturers install in many newer computers. It works with BitLocker to help protect user data and ensure that no one has tampered with the computer while it was offline. In this article, you will learn about “Enable TPM: Determine if TPM is present”. Kindly refer to the following TPM-related guides. How to upgrade Windows 10 with an unsupported CPU and TPM 1.0 to Windows 11​, and How to Install Windows 11 in Oracle VirtualBox with no TPM Support,

BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable USB device. Such as a flash drive, that contains a startup key.

These additional security measures provide multifactor authentication and assurance that the computer will not start or resume hibernation until the correct PIN or startup key is presented.

Here are some similar guides. How to delegate permissions for backing up TPM passwords, and how to clear the TPM via the management console or Windows Defender Center App.

Trusted Platform Module

The TPM Chip also known as the Trusted Platform Module is a hardware security module on your motherboard.

TPM was designed by the Trusted Computing Group Consortium.

​​​​​The “TPM is ready for use” confirms that the device has a TPM and it’s enabled and ready for us.

The tpmtool utility can be used to get information about Trusted Platform Module (TPM). boot process, and Windows 11 Feature-specific, Hardware and Software Requirements: How to upgrade to Windows 11 from Windows 10 as a Windows Insider.

To achieve the security status, configure systems to UEFI mode with TPM enabled and secure boot. TPM 2.0 functions fully in UEFI mode.

Determine if TPM is present and enable TPM in the BIOS

Use the commands below to check the TPM status and determine if it is enabled, activated, or owned.

wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsEnabled_InitialValue

wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsActivated_InitialValue

wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsOwned_InitialValue

Alternatively, run the following command to check if the system has taken TPM ownership. (Press CTRL + R, type cmd, then right-click cmd.exe and select Run as administrator).

Wmic /namespace:\\root\CIMV2\Security\MicrosoftTpm path Win32_Tpm get /value
Screenshot-2022-05-10-at-14.36.34

TPM is a chip that is either integrated into your device (not available on all PCs’) motherboard. Or added separately into the CPU.

Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data. Below are TPM States:

Disabled

  • The TPM chip is disabled, you need to enable it in the BIOS.

Enabled, Not Ready

  • No owner password is set, you need to initialize the TPM

Enabled, Ready

  • A Password is set and is ready for use.

Please use the following command to quickly view the TPM information of the device as shown in the image below.

tpmtool getdeviceinformation
gt-tpm-info

You could check if your device has TPM via the Command Prompt: To do this, open the elevated Command Prompt and run the following command below. You could also use the command “get-tpm” to get your desired result.

wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get * /format:tpmlist.xsl
Screenshot-2021-07-05-at-19.25.05

When the TPM isn’t present on the device, the following error message will appear. Run this command in PowerShell or Command Prompt.

Screenshot-2021-11-18-at-00.55.25
Screenshot-2021-11-18-at-00.58.47

Determine if TPM is present via the TPM.MSC snapin

Ensure you have your device’s “TPM chipset 2.0” enabled and activated. There are numerous ways to determine this. 

Check this via the following basic steps
- Device Manager, 
- TPM Management snap-in (tpm.msc), or via the Windows Settings. I highly recommend taking a look at this guide for other steps to determine if TPM is present on your device: How to check if you have Secure Boot and TPM enabled.
TPM

Enable TPM via PowerShell

If the TPM is disabled through the BIOS settings. Re-enable it in BIOS or run the following Windows PowerShell command as an administrator.

$tpm = gwmi -n root\cimv2\security\microsofttpm win32_tpm
$tpm.SetPhysicalPresenceRequest(6)

After you run the command, you must restart the operating system and accept any BIOS prompts.

Enable TPM Manually

To enable  TPM (Trusted Platform Module). Please follow the steps discussed below. Kindly refer to this guide for more information on “how to clear, enable or disable TPM in Windows via the BIOS or UEFI“.

  1. Boot the computer using F2 into the BIOS setup mode
  2. Locate the “Security” option on the left and expand
  3. Locate the “TPM” option nested under the “Security” setting
  4. To enable the TPM settings you must check the box saying.  “TPM Security” to enable the TPM hard drive security encryption
  5. Ensure the “Activate” radio button is turned on in order to ensure the TPM option works
  6. If the TPM is ‘Deactivated’, or the TPM Security is not enabled the drive will not encrypt until those settings are made
  7. TPM changes sometimes need to be verified by restarting after they are applied
TPM-enabled

Manage-bde TPM Command

This session applies to Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 only, and NOT Windows workstation. To turn on the TPM, type:

manage-bde  tpm -turnon
Screenshot-2022-02-03-at-20.52.58
At the time of writing this guide, this did not work on Windows 10 as shown in this image.

Below is a command to configure the computer’s Trusted Platform Module (TPM).

Note: Attached also is the description of all available parameters that can be used with the command.

manage-bde -tpm [-turnon] [-takeownership <ownerpassword>] [-computername <name>] [{-?|/?}] [{-help|-h}]
ParameterDescription
-turnonEnables and activates the TPM, allowing the TPM owner password to be set. You can also use -t as an abbreviated version of this command.
-takeownershipTakes ownership of the TPM by setting an owner password. You can also use -o as an abbreviated version of this command.
<ownerpassword>Represents the owner password that you specify for the TPM.
-computernameSpecifies that manage-bde.exe will be used to modify BitLocker protection on a different computer. You can also use -cn as an abbreviated version of this command.
<name>Represents the name of the computer on which to modify BitLocker protection. Accepted values include the computer’s NetBIOS name and the computer’s IP address.
-? or /?Displays brief Help at the command prompt.
-help or -hDisplays complete Help at the command prompt.

FAQs

How to fix “The trusted platform module failed to execute a TPM command”?

Cause: This problem occurs because of an issue with the TPM device. It prevents Windows from communicating and using the TPM device for the functionalities that rely on TPM, such as BitLocker, Modern Authentication, and Next Generation Credentials.

Workaround: Make sure the following updates are installed:
– Latest Servicing Stack Update (SSU) and monthly Cumulative Update (CU) in Windows (Was not applicable to me).
– Available update of the BIOS Firmware or TPM Device Firmware on manufacturer’s support websites. (This update was performed but did not resolve the issue).
Note: Microsoft recommedns if the issue persists, contact the hardware vendor or the device manufacturer to diagnose your TPM device.

What is the difference between TPM 1.2 and TPM 2.0?

TPM 1.2 and TPM 2.0 are two versions of the Trusted Platform Module. The primary differences are:
TPM 1.2 supports only SHA-1 for hashing which is less secure compared to more modern cryptographic algorithms.
– With TPM 2.0 supports advanced algorithms like SHA-256. Thereby making it more secure and better suited for modern security standards.

It is worth noting that TPM 2.0 also offers greater flexibility, interoperability, and broader application support. This is why it is required for modern systems including Windows 11.

I hope you found this blog post helpful. In this guide, you have learned how to Enable TPM: Determine if TPM is present. If you have any questions, please let me know in the comment session.

5/5 - (1 vote)
Windows Tags:, , , , , ,

Related Posts

More Related Articles

Feature image Install.wim file How To Get Install.WIM From Windows 10 Installation File Windows
Featured image 1 How and where to find your BitLocker recovery key on Windows Security | Vulnerability Scans and Assessment
BitLocker renamedevicefghjkl What are the effect of renaming an MBAM-Protected Computer Windows
screenshot 2020 03 18 at 23.03.42 Enable God Mode via PowerShell or the CLI and GUI Windows
Rport RPORT the free and open source remote management tool Linux
change keyboard layout windows 10 thumb800 Prevent on-screen keyboard from starting automatically and from appearing at login Windows

Leave a Reply