TPM (Trusted Platform Management) is a chip created to increase security. It is located on the motherboard of the computer. It consists of encryption keys. Data is stored with these encryption keys and can only be decrypted using the TPM. Information about keys is not stored in operating system memory.
TPM chips use their own logic circuits for operations. For these reasons, it is independent of the operating system and is not affected by the vulnerabilities of the operating system.
TPM (Trusted Platform Management)
TPM in Windows Server 2008 R2 consists of the following components:
- TPM Driver: The hardware driver provided for the TPM
- TPM Basic Services (TBS): Works as a resource compiler for applications that use the TPM
- TPM Windows Management Instrumentation (WMI) provider: Performs TPM configuration tasks
- TPM Management snap-in: Allows TPM operations to be performed through the MMC console
- TPM Initialization Wizard: Provides startup services for applications that use TPM, such as BitLocker Drive Encryption
BitLocker Drive Encryption feature; It is an encryption engine found in Enterprise and Ultimate editions of Windows 7. When you activate it, all data on your computer is encrypted. Newly created files will also be automatically encrypted. BitLocker To Go is used to encrypt USB sticks or external hard drives.
Type “mmc” in the “Start > Run” window to perform TPM management. In the window that opens, choose “File > Add / Remove Components”. Select “TPM Management” and press the “Add” button.
On the “Select Computer” screen, select “Local Computer”. You can type “tpm.msc” in the “Start > Run” window to access the TPM Management console directly.
Before the TPM can be used, a process called “initialization” must be performed. During the initialization process, root keys are created that the TPM can use. Your TPM platform may have one of the following states:
- Derelict and closed
- Derelict and open
- Owned but closed
- Owned and open
Making the TPM proprietary and open is called “initialization.” For the initialization process, you can use the “Start TPM” link in the “Action” menu of the TPM Management window. The “Turn on TPM security hardware” wizard that opens will guide you. Software such as BitLocker Drive Encryption may launch the wizard automatically. You can use the “Clear TPM” link in the “Action” menu to make the TPM unclaimed again.
You can use the “Open”, “Close”, “Restart” links in the “Action” menu on the “Start > Run > tpmadmin.msc” screen to turn the TPM on and off.
Each computer has a TPM owner password. You can store this password in the active directory. The “ms-TPM-OwnerInformation” attribute of the computer account in the Active Directory has been created for this password.