TPM, Trusted Platform Module, is a chip embedded on your computer motherboard that helps enable tamper-resistant full-disk encryption without the need of an extremely long complicate passphrase. That’s why BitLocker usually works way better on a computer with a TPM chip. You can still use BitLocker to encrypt an entire disk on a computer that doesn’t have a TPM chip but you will end up typing in the long passphrase every time you turn it on.
Moreover, Windows 10 makes extensive use of the TPM and integrate it deeply inside the Windows system for its security enhancements such as Device Guard and Windows Hello for Business.
Do you have TPM on your computer?
To check the status of TPM on your computer, you can either use TPM.msc management console or the following PowerShell cmdlet on an elevated PowerShell session.
The “false” on TpmReady means that I have the TPM chip on my motherboard but I will have to enable it in BIOS before I can use it.
If you see the “false” on TpmPresent, sorry, you don’t have the TPM chip on the motherboard.
Why do we need to clear TPM?
First of all, if you are to start a clean installation of a new Windows system on a used computer, clearing TPM ensures that the new system can fully deploy any TPM-based functionality. Not saying that not-cleared TPM will screw up the system but it’s just better with a clean TPM.
Secondly, since there are ways to extract BitLocker keys from a TPM, it’s better to be safe to clear TPM on a computer you are about to dispose of.
Lastly, if you are using BitLocker to encrypt disk as a way to wipe out old SSD drives, you will need to clear the TPM to destroy the encryption key so no one can recover it.
How to clear a TPM content?
There are two ways of doing it.
You can run the following cmdlet in an elevated PowerShell session.
Or, you can use the Windows Defender Security Center app to clear it.
Double-click the shield icon from the system tray to launch Windows Defender Security Center.
Go to Device Security, click Security processor details link under Security processor section, and Security processor troubleshooting.
Click the Clear TPM button to start the process. You will be prompted to restart the computer.
Here is the last piece of warning before wrapping it up, clearing TPM can result in data loss. You don’t need to do it if you have a working encrypted disk running unless there are some issues related to the chip.
/Update on June 25, 2021/
One of the minimum requirements for upcoming Windows 11 is to have TPM version 2.0. Well, many of the PCs will be put out of business because of it. So how do I know if my PC is equipped with TPM 2.0? check this out.