MSI TPM Motherboard Key Storage Erasable with BIOS Reset?

[hunter_w7nuk]

I found out that I can enable a TPM 2.0 device on my motherboard! I was looking around for a separate device when I decided to see what my BIOS had as the manual gives only useless information relating to a TPM. But as it turns out, my motherboard has one built in! But I was wondering, is the encryption key is stored on the motherboard as I suspect, but the question is it erasable? Like if I clear the BIOS by removing my backup battery or jumper the spot on the board that clears it. Will this erase my key and make it difficult to unlock my boot device? I want to know as I am overclocked and have my BIOS set to reset itself should it fail to boot due my screwing the settings up. I wonder if this will erase my key and thus any chance of unlocking the boot drive, which is a M.2.

I know Bitlocker has the software option to clear the TPM in the Control Panel TPM Administrator section. Which I assume erases the key so you can either sell the device or set a new key. But as I am new to this Bitlocker deal, I want to try and understand before I get screwed over my me touching things I should't. But I have enabled Bitlocker on my boot drive which is using the TPM module my motherboard has, and a couple HDD's are using Bitlocker but, before I enabled the TPM, so they are using a password which is saved to my Microsoft account.

If you have any answers or helpful advice please say so! I'm curious how this TPM device works as I have never encrypted any device before, and information I find online isn't too helpful to my specific questions. Thanks

 

[terry4536]

I found out that I can enable a TPM 2.0 device on my motherboard! I was looking around for a separate device when I decided to see what my BIOS had as the manual gives only useless information relating to a TPM. But as it turns out, my motherboard has one built in! But I was wondering, is the encryption key is stored on the motherboard as I suspect, but the question is it erasable? Like if I clear the BIOS by removing my backup battery or jumper the spot on the board that clears it. Will this erase my key and make it difficult to unlock my boot device? I want to know as I am overclocked and have my BIOS set to reset itself should it fail to boot due my screwing the settings up. I wonder if this will erase my key and thus any chance of unlocking the boot drive, which is a M.2.

I know Bitlocker has the software option to clear the TPM in the Control Panel TPM Administrator section. Which I assume erases the key so you can either sell the device or set a new key. But as I am new to this Bitlocker deal, I want to try and understand before I get screwed over my me touching things I should't. But I have enabled Bitlocker on my boot drive which is using the TPM module my motherboard has, and a couple HDD's are using Bitlocker but, before I enabled the TPM, so they are using a password which is saved to my Microsoft account.

If you have any answers or helpful advice please say so! I'm curious how this TPM device works as I have never encrypted any device before, and information I find online isn't too helpful to my specific questions. Thanks

From what I understand, TPM is a system that a business (for example) can add a component to the business PC's that allows an encryption that precludes decryption to other computers without a common TPM device (and the same settings).

 

[terry4536]

Also, everyone with the ability to decrypt the communications must have the same TPM plus the same settings.

 

[hunter_w7nuk]

So looking through my motherboard manual, the setting I choose to enable the TPM is PTT. This is a Intel Platform Trust Technology. This appears to be a virtual TPM that the motherboard has which Intel introduced around the fourth generation of Core i processors (Not sure if I got this 100% correct). I'm not too sure on what it is or does. Or if it is something ran off the CPU or a separate chip like the chipset. However even knowing this I still don't know if my key would be erased with a BIOS reset.

 

[terry4536]

Here is a webpage on TPM in general.

https://docs.microsoft.com/en-us/windows/security/hardware-protection/tpm/tpm-recommendations

I'm not sure that there is much of a benefit of TPM to the average person. It does increase the security of the PC, but at a cost of a more complex environment. I looked into it for myself when I built my last system. I decided at the time that it wasn't something that was for me.

 

[hunter_w7nuk]

Pretty good answer, not quite everything I needed. But as it stands, I believe the key would be erased and hope it doesn't reset. Might have to turn Bitlocker off before trying for a higher overclock. So I also believe that removing the drive and inserting into another PC would not let it boot. Interesting to know some stuff about security.