Stands for "Trusted Platform Module."
TPM is a technology that enables hardware-based security functions. It requires a "crypto-processor," separate from the primary CPU, used exclusively for security purposes.
Some functions of a TPM chip include:
- Providing secure authentication
- Generating and storing cryptographic keys
- Encrypting and decrypting data
- Verifying and recording software loading operations
The TPM is a small chip, typically soldered onto a computer's motherboard. It has a unique ID, also called an Endorsement Key (EK), that cannot be changed. Because the key is unalterable and tied to the motherboard, it provides a reliable means of device authentication. However, replacing a motherboard on a TPM-enabled system may require reformatting the startup disk.
Windows 11 requires TPM 2.0 and a Secure Boot capable PC. These technologies work together to prevent unverified software from loading during the boot process. TPM 2.0 provides several security improvements over the previous standard, including:
- support for the SHA-256 hashing algorithm
- support for newer hashing algorithms (TPM 1.2 only supports RSA and the SHA-1)
- more consistent "lockout policy," defined at an OS-level
- a single semiconductor package (TPM 1.2 hardware may use discrete components)