Question Do I need TPM base on my hardwares ?

drjackool

Distinguished
Dec 5, 2013
255
0
18,790
1
Hi
To installing Win 11
My system spec are as follow:
cpu: 8700K
mobo: Maximus X Hero WiFi
Do I need TPM separated device? or just enable secure boot in bios settings is enough?

Thanks
 

RyzenNoob

Prominent
Jul 13, 2020
333
24
715
21
With what Microsoft were trying to say I think that TPM 1.2 is the absolute minimum version of TPM needed, no doubt there will probably be future versions of TPM, its just a natural evolution.
These are the differences of TPM 1.2 and TPM 2.0
https://en.wikipedia.org/wiki/Trusted_Platform_Module
While TPM 2.0 addresses many of the same use cases and has similar features, the details are different. TPM 2.0 is not backward compatible with TPM 1.2.

SpecificationTPM 1.2TPM 2.0
ArchitectureThe one-size-fits-all specification consists of three parts.[2]A complete specification consists of a platform-specific specification which references a common four-part TPM 2.0 library.[35][3] Platform-specific specifications define what parts of the library are mandatory, optional, or banned for that platform; and detail other requirements for that platform.[35] Platform-specific specifications include PC Client,[36] mobile,[37] and Automotive-Thin.[38]
AlgorithmsSHA-1 and RSA are required.[39] AES is optional.[39] Triple DES was once an optional algorithm in earlier versions of TPM 1.2,[40] but has been banned in TPM 1.2 version 94.[41] The MGF1 hash-based mask generation function that is defined in PKCS#1 is required.[39]The PC Client Platform TPM Profile (PTP) Specification requires SHA-1 and SHA-256 for hashes; RSA, ECC using the Barreto-Naehrig 256-bit curve and the NIST P-256 curve for public-key cryptography and asymmetric digital signature generation and verification; HMAC for symmetric digital signature generation and verification; 128-bit AES for symmetric-key algorithm; and the MGF1 hash-based mask generation function that is defined in PKCS#1 are required by the TCG PC Client Platform TPM Profile (PTP) Specification.[42] Many other algorithms are also defined but are optional.[43] Note that Triple DES was readded into TPM 2.0, but with restrictions some values in any 64-bit block.[44]
Crypto PrimitivesA random number generator, a public-key cryptographic algorithm, a cryptographic hash function, a mask generation function, digital signature generation and verification, and Direct Anonymous Attestation are required.[39] Symmetric-key algorithms and exclusive or are optional.[39] Key generation is also required.[45]A random number generator, public-key cryptographic algorithms, cryptographic hash functions, symmetric-key algorithms, digital signature generation and verification, mask generation functions, exclusive or, and ECC-based Direct Anonymous Attestation using the Barreto-Naehrig 256-bit curve are required by the TCG PC Client Platform TPM Profile (PTP) Specification.[42] The TPM 2.0 common library specification also requires key generation and key derivation functions.[46]
HierarchyOne (storage)Three (platform, storage and endorsement)
Root KeysOne (SRK RSA-2048)Multiple keys and algorithms per hierarchy
AuthorizationHMAC, PCR, locality, physical presencePassword, HMAC, and policy (which covers HMAC, PCR, locality, and physical presence).
NVRAMUnstructured dataUnstructured data, Counter, Bitmap, Extend, PIN pass and fail
The TPM 2.0 policy authorization includes the 1.2 HMAC, locality, physical presence, and PCR. It adds authorization based on an asymmetric digital signature, indirection to another authorization secret, counters and time limits, NVRAM values, a particular command or command parameters, and physical presence. It permits the ANDing and ORing of these authorization primitives to construct complex authorization policies
 

ASK THE COMMUNITY