Skip to main content

What Is a TPM Chip?

PC makers often list a Trusted Platform Module (TPM) as a security feature for business notebooks and desktops, but you may not know what it is or why it's useful. Primarily, the TPM enhances security above and beyond the capabilities of consumer software. It also can be used to keep your PC running well.

Image: Shutterstock / Den Rise

Since an industry consortium called the Trusted Computing Group (TCG) introduced TPM in 2009, more than 2 billion of the chips have been embedded into PCs and other devices, such as ATMs and set-top boxes. The TPM standard has been updated over the years, and its most recent release is TPM 2.0, which was released in October 2014.

The Best Laptops for Business and Productivity

What is a TPM?

A Trusted Platform Module is a microchip that is often built into a computer to provide hardware-based security. It can be added later by industrious users who attach the chip to the motherboard. Not all motherboards offer a TPM connector, so you'll need to research your model first.

What does a TPM do?

Some, but not all, of the data we transmit throughout the day is sent unencrypted, as plain text. TPM chips use a mix of software and hardware to protect any important passwords or encryption keys when they are sent in this unencrypted form.

If a TPM chip senses that a system's integrity has been compromised by a virus or malware, it can start up in a quarantine mode to help fix the problem. Some Google Chromebooks include TPMs, and during startup, the chip scans the BIOS (a motherboard firmware that initiates the startup process) for unauthorized changes.

TPM chips also provide safe storage of encryption keys, certificates and passwords used for logging in to online services, which is a more secure method than storing them inside software on the hard drive.

TPM chips in network-connected set-top boxes enable digital rights management, so media companies can distribute content without worrying about theft.

Who is TPM for?

While everyday folks can enjoy TPM features via preinstalled software, the chips are utilized primarily by enterprises or larger companies looking to secure their data.

How do you use a TPM?

If you buy a PC with a TPM chip, you can enable its encryption to protect your data by accessing the BIOS. IT departments often manage TPM chips in enterprise devices.

Major notebook makers — including Dell, HP and Lenovo — often include software applications that will help users access TPM features.

A Gigabyte GC-TPM Trusted Platform Module. Image: Amazon

What can you do with a TPM?

The most basic use for a TPM is to set a login password for your system. The chip will automatically guard that data, rather than keep it stored on your hard drive. If a system has a TPM chip, its user can generate and manage cryptographic keys used to lock the system or specific files.

Many people use a TPM to enable Windows' BitLocker Drive encryption utility. When you power up a system that features a TPM and BitLocker, the chip runs a series of conditional tests to see if it's safe to boot up. If a TPM senses the hard disk was moved to another location, as might be the case if it were stolen, it locks the system.

Notebooks with built-in fingerprint readers often keep the recorded fingerprints in the TPM, as its security makes it a responsible location for storage. The chip also enables smart-card readers, which certain companies require for user authentication and login.