Question TPM & bitlocker when selling motherboard ?

Toggle sidebar Toggle sidebar
DMW888

DMW888

Apr 7, 2023
10
1
15
I've been selling off a few previously used hardware components due to an upgrade (NOT the harddrives) and have a question about the B360M motherboard and TPM.

I'm aware TPM holds cryptographic keys that can be used to lock systems or sensitive information such as with bitlocker, with which my system drive was previously encrypted with.

I've read vague comments here and there recommending to clear TMP before selling a motherboard if bitlocker was previously enabled.

Is this necessary?
 
Sort by date Sort by votes
it's not a bad idea, but strictly needed? not really. the key is only for that specific windows install. a new board would use a new key for a new windows install. even a bios update will clear the keys and require you to setup up bitlocker again.

so recovering your old key off that board is only useful for getting into that board with that specific windows install. a new windows install would generate a new key to be stored on the tpm. so not really a risk if you don't clear it. it's not a "one key to be used every time on that mobo" type thing.

i'd do it just on principle alone, but i don't think it is 100% required.
 
  • Like
Reactions: DMW888
Upvote 0 Downvote
DMW888 said:
I've been selling off a few previously used hardware components due to an upgrade (NOT the harddrives) and have a question about the (B360M) motherboard and TPM.

I'm aware TPM holds cryptographic keys that can be used to lock systems or sensitive information such as with bitlocker, with which my system drive was previously encrypted with.

I've read vague comments here and there recommending to clear TMP before selling a motherboard if bitlocker was previously enabled.

Is this necessary?
Click to expand...
Several ways to approach this:

Is it a discrete TPM, or the one in-built with the CPU? If it's the in-built TPM then is the motherboard being sold with the CPU? If the CPU is not included with the motherboard it seems to me to be a non-issue.

If a discrete TPM you could remove it and tell the buyer to get one of their own or else use their CPU's in-built TPM for their system.

But further, the only threat any included TPM could represent is if storing bitlocker keys for an encrypted drive you ALSO include with the motherboard. So if no drive is included then again it's a non-issue.

But then if you are including the drive and CPU or discrete TPM, or just really wanted to, then simply clear the TPM and shut down then disassemble the system to be done with it. It's easy and quick.

learn.microsoft.com

Troubleshoot the TPM

Learn how to view and troubleshoot the Trusted Platform Module (TPM).
learn.microsoft.com
 
Last edited:
  • Like
Reactions: DMW888
Upvote 0 Downvote
Thank you both for your detailed responses.

I posed this question because (and I should have mentioned this) there's no way for me to enter the bios anymore as I've already sold the CPU (separately).

The TPM is built-in, I've never added one manually.

So the only worry is security keys that could be extracted to decrypt bitlocker drives used with my previous windows installation which was on a seperate NVMe, now erased and sitting in my draw.

I gathered as much, but thought - you never know so better ask to be sure as I'm not totally aware of all data it could possibly store as I've been 'out-of-the-loop' for many years.

I actually use Veracrypt on a second drive for personal data, however it apparently degrades performance on an SSD so opted for password protected bitlocker on the system drive.

Cheers!
 
Upvote 0 Downvote
DMW888 said:
Thank you both for your detailed responses.

I posed this question because (and I should have mentioned this) there's no way for me to enter the bios anymore as I've already sold the CPU (separately).

The TPM is built-in, I've never added one manually.

So the only worry is security keys that could be extracted to decrypt bitlocker drives used with my previous windows installation which was on a seperate NVMe, now erased and sitting in my draw.

I gathered as much, but thought - you never know so better ask to be sure as I'm not totally aware of all data it could possibly store as I've been 'out-of-the-loop' for many years.

I actually use Veracrypt on a second drive for personal data, however it apparently degrades performance on an SSD so opted for password protected bitlocker on the system drive.

Cheers!
Click to expand...
It's gone with old CPU.
 
  • Like
Reactions: drea.drechsler
Upvote 0 Downvote
DMW888 said:
So the only worry is security keys that could be extracted to decrypt bitlocker drives used with my previous windows installation which was on a seperate NVMe, now erased and sitting in my draw.
Click to expand...
Unless someone can marry that BL key, and that drive...no worries.
Even more so now that you've sold the CPU.
Even further, since you've formatted the drive.
 
  • Like
Reactions: CountMike and drea.drechsler
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom