search

Which of the following is not a characteristic of the trusted platform module (tpm)?

1 years ago
Comments: 0
Views: 129

Skip to main content

This browser is no longer supported.

Show

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Trusted Platform Module Technology Overview

  • Article
  • 10/14/2022
  • 4 minutes to read

In this article

Applies to

  • Windows 11
  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication.

Feature description

Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can:

  • Generate, store, and limit the use of cryptographic keys.

  • Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into it.

  • Help ensure platform integrity by taking and storing security measurements.

The most common TPM functions are used for system integrity measurements and for key creation and use. During the boot process of a system, the boot code that is loaded (including firmware and the operating system components) can be measured and recorded in the TPM. The integrity measurements can be used as evidence for how a system started and to make sure that a TPM-based key was used only when the correct software was used to boot the system.

TPM-based keys can be configured in a variety of ways. One option is to make a TPM-based key unavailable outside the TPM. This is good to mitigate phishing attacks because it prevents the key from being copied and used without the TPM. TPM-based keys can also be configured to require an authorization value to use them. If too many incorrect authorization guesses occur, the TPM will activate its dictionary attack logic and prevent further authorization value guesses.

Different versions of the TPM are defined in specifications by the Trusted Computing Group (TCG). For more information, consult the TCG Web site.

Automatic initialization of the TPM with Windows

Starting with Windows 10 and Windows 11, the operating system automatically initializes and takes ownership of the TPM. This means that in most cases, we recommend that you avoid configuring the TPM through the TPM management console, TPM.msc. There are a few exceptions, mostly related to resetting or performing a clean installation on a PC. For more information, see Clear all the keys from the TPM. We're no longer actively developing the TPM management console beginning with Windows Server 2019 and Windows 10, version 1809.

In certain specific enterprise scenarios limited to Windows 10, versions 1507 and 1511, Group Policy might be used to back up the TPM owner authorization value in Active Directory. Because the TPM state persists across operating system installations, this TPM information is stored in a location in Active Directory that is separate from computer objects.

Practical applications

Certificates can be installed or created on computers that are using the TPM. After a computer is provisioned, the RSA private key for a certificate is bound to the TPM and cannot be exported. The TPM can also be used as a replacement for smart cards, which reduces the costs associated with creating and disbursing smart cards.

Automated provisioning in the TPM reduces the cost of TPM deployment in an enterprise. New APIs for TPM management can determine if TPM provisioning actions require physical presence of a service technician to approve TPM state change requests during the boot process.

Antimalware software can use the boot measurements of the operating system start state to prove the integrity of a computer running Windows 10 or Windows 11 or Windows Server 2016. These measurements include the launch of Hyper-V to test that datacenters using virtualization are not running untrusted hypervisors. With BitLocker Network Unlock, IT administrators can push an update without concerns that a computer is waiting for PIN entry.

The TPM has several Group Policy settings that might be useful in certain enterprise scenarios. For more info, see TPM Group Policy Settings.

New and changed functionality

For more info on new and changed functionality for Trusted Platform Module in Windows, see What's new in Trusted Platform Module?

Device health attestation

Device health attestation enables enterprises to establish trust based on hardware and software components of a managed device. With device heath attestation, you can configure an MDM server to query a health attestation service that will allow or deny a managed device access to a secure resource.

Some things that you can check on the device are:

  • Is Data Execution Prevention supported and enabled?

  • Is BitLocker Drive Encryption supported and enabled?

  • Is SecureBoot supported and enabled?

Note

Windows 11, Windows 10, Windows Server 2016, and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected.

Supported versions for device health attestation

TPM versionWindows 11Windows 10Windows Server 2016Windows Server 2019
TPM 1.2 >= ver 1607 >= ver 1607 Yes
TPM 2.0 Yes Yes Yes Yes
  • Trusted Platform Module (list of topics)
  • Details on the TPM standard (has links to features using TPM)
  • TPM Base Services Portal
  • TPM Base Services API
  • TPM Cmdlets in Windows PowerShell
  • Prepare your organization for BitLocker: Planning and Policies - TPM configurations
  • Azure device provisioning: Identity attestation with TPM
  • Azure device provisioning: A manufacturing timeline for TPM devices
  • Windows 10: Enabling vTPM (Virtual TPM)
  • How to Multiboot with Bitlocker, TPM, and a Non-Windows OS

Feedback

Submit and view feedback for

Which of these is not a characteristics of a secure hash algorithm?

Which of these is NOT a characteristic of a secure hash algorithm? A message cannot be produced from a predefined hash.

Which of the following allows company data to be hidden by means of hiding it in plain sight such as in a video file?

Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection; the secret data is then extracted at its destination.

What is data called that is to be encrypted by imputing it into a cryptographic algorithm?

Encryption is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography. In computing, unencrypted data is also known as plaintext, and encrypted data is called ciphertext.

When Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm which key does he use to encrypt the message?

To encrypt the message Alice XORs her message with the shared secret key. To decrypt the message Bob also XORs the message with his (the same) secret key. Ex. The advantages of secret key cryptography are that 1.

characteristic trusted platform module tpm

Related Posts

Which and I am s management characteristic includes documents that record and communicate incident objectives tactics and assignments for operations and support?
Which and I am s management characteristic includes documents that record and communicate incident objectives tactics and assignments for operations and support?

Which nims characteristic includes documents
Which nims characteristic includes documents

What characteristic of an epic hero does the excerpt reveal?
What characteristic of an epic hero does the excerpt reveal?

Which characteristic is given by the angular momentum quantum number
Which characteristic is given by the angular momentum quantum number

Which of the following is NOT a characteristic of epinephrine
Which of the following is NOT a characteristic of epinephrine

Which of the following are characteristic of plant but not in animal?
Which of the following are characteristic of plant but not in animal?

Which nims management characteristic may include gathering analyzing and assessing weather service data from technical specialist
Which nims management characteristic may include gathering analyzing and assessing weather service data from technical specialist

Which of the following is a characteristic of aneroid sphygmomanometers
Which of the following is a characteristic of aneroid sphygmomanometers

Which of the following is characteristic of anorexia nervosa but not of bulimia nervosa?
Which of the following is characteristic of anorexia nervosa but not of bulimia nervosa?

Which of the following is not a characteristic of anorexia?
Which of the following is not a characteristic of anorexia?

How fast does hair grow per day
How fast does hair grow per day

Which of the following allows different operating systems to coexist on the same physical computer?
Which of the following allows different operating systems to coexist on the same physical computer?

What is being defined as the degree to which something is related or useful to what is happening or being talked about?
What is being defined as the degree to which something is related or useful to what is happening or being talked about?

Which of the following is NOT a pathway in the oxidation of glucose
Which of the following is NOT a pathway in the oxidation of glucose

Juan is the person employees go to when knowledge of a topic was needed. juan holds ________ power.
Juan is the person employees go to when knowledge of a topic was needed. juan holds ________ power.

Which of the following is not a standard mounting dimension for an electric motor? select one:
Which of the following is not a standard mounting dimension for an electric motor? select one:

Which set of characteristics will produce the smallest value for the estimated standard error?
Which set of characteristics will produce the smallest value for the estimated standard error?

Is a program that assesses and reports information about various computer resources and devices.
Is a program that assesses and reports information about various computer resources and devices.

How much energy is needed to move one electron through a potential difference of 1.0 102 volts
How much energy is needed to move one electron through a potential difference of 1.0 102 volts

Includes procedures and techniques that are designed to protect a computer from intentional theft
Includes procedures and techniques that are designed to protect a computer from intentional theft

Advertising

LATEST NEWS

What brand of castor oil is best for hair?
1 years ago . by AfflictedFlashing
What are control charts based on?
1 years ago . by OncomingInteract
Vscode No server install found in WSL, needs x64
1 years ago . by Over-the-counterSimulation
How do you get to Motion settings on iPhone?
1 years ago . by FairRefrigerator
How long is a furlong in horse?
1 years ago . by HatefulHomer
Replace the underlined word with the correct form
1 years ago . by Self-consciousThunderstorm
How many spinach plants per person
1 years ago . by ContributingThunderstorm
Bread clip in wallet when traveling
1 years ago . by FrustratedBoomer
What aisle is heavy cream on?
1 years ago . by LoftyCaught
How do you play Roblox on a Chromebook without downloading it
1 years ago . by StagnantVerification

Advertising

Populer

Advertising

About

Legal

Help

Social

Copyright © 2024 SignalDuo Inc.