How to Install a Trusted Platform Module on an Unsupported Computer
Trusted Platform Modules (TPMs) have become an essential part of our daily security. Once installed on your PC, they protect your system at different levels, ensuring that unauthorized people cannot break into your computer or steal your data. Although this is one of the main requirements of Windows 11, you can bypass it, although it’s wise not to, especially once you understand how it helps secure your device. We go into more detail in this guide and also show how to install a TPM chip on your motherboard.
The function of the TPM
A Trusted Platform Module plays a key role in the security of your PC. Let’s look at some of them.
1. BitLocker Drive Encryption
BitLocker keeps all of your disk partitions encrypted when your PC is idle. This includes your main volume, where your bootable components and system information are located.
In the unfortunate event that you misplace or lose your hard drive, your data remains confidential. No one can boot into the operating system to access your data.
TPM works by working with your system’s firmware to save your system’s startup settings, including any software that loads on startup. For example, it records your system’s boot sequence, whether from a hard drive or a USB drive.
The TPM will only allow your private key to decrypt your drive if these saved settings are met and booting occurs as expected. This way, your system firmware and TPM work together to enhance your data security.
2. Windows Hello for Business
Microsoft created Windows Hello for Business as an alternative way to authenticate your logins. Sometimes you may forget your password or lose it to hackers. Many PC users prefer one password for all their accounts, and even their identity could be up for grabs once compromised.
Windows Hello allows multiple devices to be provisioned one at a time by combining them and adding additional cryptographic keys to them. This way, you can better authenticate on all your devices using a single account. This is also where your TPM comes in.
Your system stores this cryptographic key in the TPM, protecting it from potential malware Trojan horse attacks impersonating your TPM.
3. Crypto Platform Provider
Microsoft uses a Cryptographic API: next generation (CNG) to implement algorithms on your computer and keep it safe. This way, all software and applications that use cryptography can use the CNG API without knowing the details of the algorithm and how it works.
Windows provides an algorithmic implementation of CNG that your system runs through the TPM hardware on your PC’s motherboard. This implementation uses the unique properties of TPM to protect your private keys from duplication by malware. It also protects your device from dictionary attacks that use multiple guesses to crack your PIN.
Unlike software solutions, hackers cannot reverse engineer TPMs to steal your private keys or copy them from your device.
How to Install and Activate a Hardware TPM Chip on Your PC’s Motherboard
Before diving into installing a chip in your computer, here are some key considerations to make:
- If your PC was manufactured well before 2016, it may not support TPM chips. In this case, there is not much you can do. We recommend upgrading your laptop/PC to a more modern version.
- Although your PC may be older but a TPM chip is already installed, it may be the lower version of TPM 1.2. A simple firmware update can fix this problem.
- If your PC was made after 2016, chances are you already have a TPM chip installed. If so, just activate your TPM chip and you’ll be good to go. Check out this guide which shows how to do that.
- Your PC may be newer but without a TPM chip installed. You can buy one and install it on your motherboard.
Upgrade from TPM 1.2 to 2.0
As mentioned earlier, if your PC already has a TPM 1.2 chip, an upgrade should suffice. To go about it:
- Make sure you have installed all Windows updates on your PC before continuing. The updates ensure that your system remains stable and secure when you upgrade your TPM firmware to the new 2.0 version. If you have already updated your system or enabled automatic updates, you can skip this step.
- Back up your data before continuing.
- If you use Windows Hello for Business, disable it before updating your TPM. You will need to clear your TPM later and lose your PIN or biometric security information on your PC.
- If you have a Microsoft device (for example, a Surface Book), you can download the Microsoft TPM Update Tool for your specific device model. For other laptop/PC brands, you will need to obtain a firmware update from your manufacturer. Below are quick links to some common TPM updates from PC manufacturers.
- Download the utility tool from your computer manufacturer and run the update.
After running the update, clear your TPM using the following instructions:
- Click the Windows Menu button and go to “Settings Menu -> Updates & Security -> Windows Security -> Device Security”.
- Here you will see the “security processor”. Click “Security processor details”.
- Select “Security processor troubleshooting”.
- Click the “Clear TPM” button.
- Restart your device.
Installing a TPM chip on your motherboard
Before continuing, have you checked your device for a TPM chip?
If so, does it have an empty TPM header on its motherboard?
There are two ways to approach this. If you are tech savvy, you can open your PC and check your motherboard. Check the manufacturer’s website for more technical details if you’re still unsure. You can also check your motherboard’s model number online.
What you are looking for is a port that looks like this:
This TPM port is open and you can install a spare TPM chip on this motherboard.
Nothing is as critical as choosing the right TPM chip, and not all TPM chips are the same. Due to different manufacturer standards, there are four different TPM configurations; 12-1 (12 pin), 14-1 (14 pin), 18-1 (18 pin) and 20-1 (20 pin).
The TPM you choose should have the same pin count as your motherboard’s TPM header. A 20 pin TPM will not fit in a 12 pin header, and vice versa. To determine this, count the number of pins on your TPM header.
Often a hole (called an anti-insertion key) will be blocked on your TPM module. This is to be expected. The anti-insert key must also coincide with the TPM header.
After installing the TPM chip on your PC, its activation will depend on your device. You can enable your TPM from BIOS or Windows settings.
Please watch this helpful video on how to install your TPM module.
Frequently Asked Questions
1. Can I use BitLocker without a TPM?
You can reconfigure BitLocker to work without a TPM. However, BitLocker will store your encryption keys outside of your computer (often a USB key) which you will need to insert each time your computer restarts.
2. Why is TPM disabled by default?
If the TPM is greyed out on your system BIOS by default, it means that your Platform Trust Technology (PTT) feature is enabled. You will need to disable PTT on your PC’s BIOS to enable your TPM.
3. Is the TPM on a motherboard or a processor?
You will find your TPM chip on the motherboard. Sometimes your PC’s motherboard may not have a dedicated chip and instead use an onboard TPM or firmware TPM.
Was this article helpful?