Skip to content
BLOG

What is a TPM (Trusted Platform Module)?

Meredith Kreisa headshot
Meredith Kreisa|Updated October 22, 2025
Illustration of computer with shield and lock that represents security
Illustration of computer with shield and lock that represents security
Sections

A Trusted Platform Module (TPM) is a hardware chip that securely stores encryption keys, credentials, and certificates to protect your system from tampering and unauthorized access.

The purpose of a TPM is twofold: authentication and attestation. Authentication allows your laptop or computer to verify its identity, while attestation proves its integrity and the absence of breaches. Not only does a TPM interact with other security systems in your PC, like the fingerprint reader and facial recognition program, it may also be used by other programs, including your browser. Basically, a TPM is like a security alarm system against cybercriminals and malware.

The Trusted Computing Group (TCG), an organization that promotes open security standards, introduced the TPM in 2009. The TCG has updated the standard over the years, and the most recent TPM version (TPM 2.0) was released in 2014.

We’ll explain what you should know about TPMs, including whether you need a TPM, how to check to see if you already have one, what types are available, and how to add a TPM to your existing computer.

Do you need a TPM?

You need a TPM 2.0 chip to install or upgrade to Windows 11. Microsoft requires it for system integrity and security features like BitLocker and Secure Boot. Windows Server 2022 also requires a TPM for certain features. Luckily, most recent computers already have a TPM installed.

Even if you use a different OS, it may be worth getting or enabling a TPM. It can enhance Secure Boot, provide ransomware protection, and improve your overall security posture.

How do you check your TPM?

You can check for a TPM using Command Prompt, Settings, Run, Device Manager, or UEFI settings. Using PDQ Inventory also makes it a breeze.

How to check TPM via Command Prompt

Using the Command Prompt is one simple way to see if you have a TPM installed.

  1. Type tpm.msc into the taskbar.

  2. If nothing comes up, you may not have a TPM chip. Otherwise, open the TPM management console.

  3. Check the Status to confirm the TPM is “ready to use.”

  4. Check the Specification Version to see the version of the chip.

How to check TPM via Settings

You can find the TPM Administration tool via Settings and confirm that you have a TPM and it is enabled.

  1. Open Settings.

  2. Go to System.

  3. Click About.

  4. Scroll to Related.

  5. Click BitLocker.

  6. Click TPM Administration.

  7. Check the Status to confirm the TPM is “ready to use.”

  8. Check the Specification Version to see the version of the chip.

How to use the Run dialog box to check TPM

The Run dialog box can help you find the same TPM management console quickly.

  1. Open the Run dialog box using Windows+R.

  2. Input tpm.msc.

  3. Check the Status to confirm the TPM is “ready to use.”

  4. Check the Specification Version to see the version of the chip.

How to check TPM in the Device Manager

Alternatively, you can use the Device Manager to see if you have a TPM and, if so, which version.

  1. In the search bar, search Device Manager and open the control panel.

  2. Expand the Security devices list.

  3. Look for a Trusted Platform Module entry.

How to enable TPM in the UEFI settings screen

This method involves accessing motherboard settings and changing firmware settings, so you should only do it if you can’t find a TPM chip using other methods and you truly know what you’re doing. If the TPM is disabled, this will allow you to find it and enable it.

  1. Open Settings.

  2. Select Update & Security.

  3. Click Recovery.

  4. Under the Advanced startup heading, click Restart now.

  5. Click Troubleshoot.

  6. Select Advanced options.

  7. Click UEFI Firmware Settings.

  8. Click Restart.

  9. Open the security settings.

  10. Check for the Trusted Platform Module (TPM).

  11. If present, select it and ensure its enabled.

  12. Exit the UEFI settings.

  13. Confirm the changes.

  14. Restart the computer.

How do Windows and TPM relate?

Microsoft requires TPM 2.0 for Windows 11 installations. This ensures secure boot and credential protection on PCs, similar to Apple’s T2 chip on Macs. Given that Windows is the most common operating system and has implemented a TPM requirement for its newest version, Windows operating systems and TPMs go hand in hand.

Can you run Linux with a TPM?

Modern Linux kernels (version 3.20 and later) support TPM 2.0 for secure operations like key storage and boot integrity verification. That said, support varies between older Linux distributions.

What are the types of TPMs?

There are five types of TPMs, each offering different levels of security and integration. That said, TPM typically refers to the most traditional variety, which is the microchip version.

Discrete TPM

A discrete TPM (dTPM) is the standard hardware version. It is designed to be tamper resistant and provide the highest level of TPM security. It’s used for critical systems.

Firmware TPM

A firmware TPM (fTPM) is code executed in the CPU’s trusted execution environment (TEE) to provide a high level of security.

Software TPM

A software TPM (sTPM) is a software emulator used for testing and prototyping. However, software TPMs are not appropriate for public-facing environments because they’re prone to vulnerabilities.

Virtual TPM

A virtual TPM (vTPM), also known as a hypervisor TPM, provides a high level of security for cloud environments with the same commands as physical TPMs.

Integrated TPM

An integrated TPM (iTPM) is a hardware TPM integrated into another chip with other functions. Integrated TPMs provide a very high level of security against software issues, but they are not tamper resistant. They’re often used for network gateways.

Can you add a TPM to your computer?

You can add a discrete TPM to most modern motherboards if your system has an open TPM header and supports the module type.

You can find out more about your motherboard by opening the Command Prompt by entering cmd into the search bar, then entering wmic baseboard get product,Manufacturer. Then, research the motherboard online to determine its compatibility, and contact the manufacturer’s support team if necessary.

You can find TPMs for under $30. Make sure the TPM has the same PIN layout and lockout as the TPM header. Before installing, turn off the computer, unplug it, and let it cool. A compatible TPM may work right away after installation. Otherwise, you may need to enable the TPM in your BIOS or UEFI settings.

Since most current computers already have a TPM, just make sure to double-check that you don’t already have one before attempting to install it yourself.

TPMs are small but mighty defenders of system integrity. Whether you’re upgrading to Windows 11, auditing your fleet, or just diving into hardware security, understanding TPMs is a crucial part of modern IT management.

Want to chat with other pros about TPM compatibility, Secure Boot, or the wild world of BIOS settings? Jump into the PDQ Discord or connect with IT peers in the PDQ community.

Meredith Kreisa headshot
Meredith Kreisa

Meredith gets her kicks diving into the depths of IT lore and checking her internet speed incessantly. When she's not spending quality time behind a computer screen, she's probably curled up under a blanket, silently contemplating the efficacy of napping.

Related articles

Security grey

Disaster recovery plan template (with free downloads)

SECURITY

Patch Tuesday (light blue)

Patch Tuesday October 2025

SECURITY

Illustration of computer desk and monitor with PDQ logo

Keeping PDQ safe: Certificates and user verification 

PRODUCT