What is the difference between TPM 1.2 chip and TPM 2.0 chip?
TPM stands for Trusted Platform Module, it is integrated on the motherboard (Mainboard) to secure data on the computer.
Yes, that's an answer you'll often see on tech forums, but this answer isn't really exhaustive.
That's why in this article, I will explain to you more fully and thoroughly about this TPM chip, about questions surrounding TPM, for example:
What does TPM use and secure, how to check if the computer has TPM or not, why does Windows 11 require TPM 2.0, TPM 1.2 and TPM 2.0 differently . etc., cloud clouds .
1. Introduction of TPM . chip
TPM was first introduced in 2005, which is a physical chip located on the motherboard (or possibly inside the CPU) that provides encryption features and creates additional layers of security for the computer. computer.
TPM is a chip capable of generating encryption keys and providing authentication functions for both hardware and software, thereby enhancing the security of the computer.
In a nutshell, TPM is a factory that produces locks for households (software - software) and factories and enterprises (hardware - hardware).
Most modern computers and laptops (manufactured from 2018 or later) have a pre-soldered TPM chip in the motherboard.
In case you build a computer yourself, and you buy a motherboard that does not have TPM built in, you can buy a TPM module from outside and plug it in.
However, at the moment, TPM modules are quite expensive and if your motherboard does not support TPM then buying a TPM module is just a waste of your money.
So please check the information carefully before deciding to upgrade, some motherboards will have a TMP connector, you just need to buy more TPM to attach it.
As I mentioned above, the TPM chip is not only mounted on the motherboard, but some types of TPM can also be integrated directly into the CPU.
And there are also some other types called virtual TPMs that do not need a physical chip to work, but instead, it is integrated as a form of software (software) for the computer. But certainly this type of virtual TPM, the level of security will not be high.
Please refer to this article to get more information about TPM: What is TPM 2.0 on Windows 11? and how to test it?
2. Difference between 1.2 and 2.0 . TPM chip
TPM 1.2 was first released in 2005 and received its final revision in 2011.
Meanwhile, TPM 2.0 was first released in 2014 and received the latest revision in 2019, as of the time of writing this article (2021).
Although TPM 2.0 is an upgraded version of TPM 2.0, TPM 2.0 is not compatible with TPM 1.2 .
For the algorithm above TPM 1.2, the SHA-1 and RSA algorithms are required, and the AES algorithm is optional.
As for TPM 2.0, SHA-1 and SHA-256 algorithms are required for the hash function. In addition, TPM 2.0 is using the HMAC algorithm and 128-bit AES for the symmetric key algorithms.
The difference between the two algorithms is huge, and it is clear that TPM 2.0 is a much more secure solution than TPM 1.2.
In terms of decentralization, TPM 1.2 has only storage hierarchy, while TPM 2.0 has platform, storage, and validation hierarchy.
What about root keys? TPM 1.2 only supports SRK RSA-2048 algorithm, while TPM 2.0 supports more keys and algorithms per hierarchy.
For authorization, TPM 1.2 uses HMAC, PCR, Locality and physical presence algorithms. Meanwhile, TPM 2.0 provides the same authorization features as well as password protection.
Regarding NVRAM, TPM 1.2 only supports unstructured data, while TPM 2.0 supports both: unstructured data, counter, bitmap, extended (Extend), PIN pass - pass code PIN and fail.
=> Once again, TPM 2.0 has provided us with a series of remarkable and very real improvements.
Algorithm comparison table of TPM 1.2 and TPM 2.0 support
STT | ALTERNATIVES | Algorithm NAME | TPM 1.2 | TPM 2.0 |
---|---|---|---|---|
first | Asymmetric (asymmetrical) | RSA 1024 | Have | Optional |
RSA 2048 | Have | Have | ||
ECC P256 | Are not | Have | ||
ECC BN256 | Are not | Have | ||
2 | Symmetric (symmetrical) | AES 128 | Optional | Have |
AES 256 | Optional | Optional | ||
3 | Hash (hash) | SHA-1 | Have | Have |
SHA-2 256 | Are not | Have | ||
4 | HMAC | SHA-1 | Have | Have |
SHA-2 256 | Are not | Have |
3. What are the outstanding advantages of TPM 2.0 compared to TPM 1.2?
TPM 1.2 uses only the SHA-1 hashing algorithm, which is probably a weak point since SHA-1 is not secure and people have switched to SHA-256 since 2014.
Proof that SHA-1 is not secure is that Google and Microsoft removed support for certificates based on the SHA-1 algorithm in 2017.
Meanwhile, TPM 2.0 supports newer algorithms, thereby increasing the level of security to a higher level. And some features such as device encryption, Windows Defender System Guard, Autopilot and SecureBIO are only available when the computer has a TPM 2.0 chip.
List of features that TPM 1.2 and TPM 2.0 support:
STT | FEATURE | TPM 1.2 | TPM 2.0 |
---|---|---|---|
first | Measured Boot | ✓ | ✓ |
2 | BitLocker | ✓ | ✓ |
3 | Device Encryption | ✘ | ✓ |
4 | Windows Defender Application Control | ✓ | ✓ |
5 | Windows Defender System Guard | ✘ | ✓ |
6 | Credential Guard | ✓ | ✓ |
7 | Device Health Attestation | ✓ | ✓ |
8 | Windows Hello | ✓ | ✓ |
9 | UEFI Secure Boot | ✓ | ✓ |
ten | TPM Platform Crypto Provider Key Storage Provider | ✓ | ✓ |
11 | Virtual Smart Card | ✓ | ✓ |
twelfth | Autopilot | ✓ | ✓ |
13 | SecureBIO | ✘ | ✓ |
14 | Certificate storage | ✘ | ✓ |
4. How does TPM work?
The TPM chip is used to protect and encrypt data (generating and storing components of encryption keys), TPM will store secure information such as passwords, encryption keys and security certificates with Hardware.
This means, to unlock an encrypted hard drive, you need to use the same TPM chip that generated the key.
And also because of the specific nature of a physical chip (the encryption key is not stored on the hard drive), hackers will have a harder time decrypting the data because they have no control over the TPM chip.
TPM chips also have built-in anti-counterfeiting features, so in case the chip and mainboard are tampered with, TPM can still lock your data normally.
When it detects viruses or other malicious software on your device, TPM immediately isolates itself (along with the encrypted data inside).
TPM can also scan the BIOS at startup and run tests to check the software before running it.
TPM can also prevent the computer from starting and lock it if stolen data is detected. In addition, TPM can also store biometric data of Windows Hello (face unlock).
The most common role of TPM is to generate unique encryption keys, part of which is stored on the TPM chip. From there, the hard drive with that encryption key will not be able to read the data when the hard drive is plugged into another computer. (Bitlocker requires TPM for such a reason.)
5. Why Windows 11 is required to have a TPM 2.0 chip
What we currently know about the system requirements of Windows 11 is quite vague, including whether Microsoft will support TPM 1.2 for Windows 11 or not?
According to the document that Microsoft first published, Windows 11 will work with TPM 1.2 and TPM 2.0, and obviously TPM 1.2 is supported (but not recommended).
However, not long after, Microsoft updated their documentation and currently only machines with TPM 2.0 chip are supported.
Currently, Microsoft is focusing on security for Windows 11. Therefore, it is understandable to require TPM 2.0. TPM 2.0 will meet the latest and most modern security features of Windows 11.
Not only that, Microsoft has also warned about Firmware attacks, thereby causing Ransomware attacks that cause data loss for users.
So, Microsoft is working to strengthen the security of their operating system to mitigate those attacks and to ensure the safety of users in the future.
But there is also a part of users who think that Microsoft's higher system configuration requirements are just a financial conspiracy.
Users will have to forgo computers from Windows 8 and below and some computers running Windows 10 to buy computers or laptops with hardware that supports Windows 11.
There is a high chance that computers that are only 4 years old or earlier will not be able to be updated to Windows 11 in a mainstream way.
At the same time, the high hardware requirements will make computer components more expensive and there will be people hoarding components to sell while the supply is scarce with terrible prices.
Microsoft has never had such strict hardware requirements for any version of Windows before. So, this assumption is also very possible.
6. How to tell if a computer has TPM or not?
+ Step 1: Open the Run dialog box (Windows + R) => and enter the command devmgmt.msc => then press Enter.
+ Step 2: Go to Security devices => then click to see details. If it is Trusted Platform Module 2.0, your device is already eligible for TPM.
If you do not see the Security devices section, your computer does not have TPM or TPM is disabled in the BIOS.
Your job is to enable TPM in the BIOS, to do this, please refer to this article: What is TPM 2.0 on Windows 11? and how to test it?
7. Conclusion
Above is all the important information about the TPM chip that I have compiled.
Through this article, you have also seen the difference between TPM 1.2 and TPM 2.0 chips, right, and you also know why TPM 2.0 is required to install Windows 11.
Good luck!
You should read it
- The difference between H1 chip and Apple W1 chip
- What is 3DP Chip? What is the effect of 3DP Chip?
- Leaked information about the Snapdragon 1000, Qualcomm's own chip for Windows 10 laptops
- Samsung announced a 3nm process chip, saving more than 50% energy, 35% faster than 7nm chip
- Samsung's new memory chip incorporates EUFS 3.0 technology, recording speed of 2100MB / s, copying Full HD movies in just 3 seconds
- Qualcomm built a new Wi-Fi chip for the Wi-Fi 802-11ax generation
- What is Apple's R1 chip? How does the R1 chip compare to the M1 and M2?
- Microsoft released an Intel chip patch
- Intel's AI chip is nearly as complex as the mouse brain, 100 billion nerve connections
- The world's smallest chip, fits in a needle to inject into the body
- Super power-saving AI chip, usable for all devices that have appeared
- The Bluetooth chip works without batteries, taking energy from the waves in the surrounding environment
Maybe you are interested
How to Use Rufus to Bypass TPM and Secure Boot Requirements in Windows 11
Microsoft: TPM 2.0 in Windows 11 is mandatory and 'non-negotiable'
4 ways to remove TPM on Windows 11
How to access TPM Diagnostics tool to query security data on Windows 11
List of MSI motherboards that support TPM 2.0
How to enable TPM 2.0 to fix 'This PC Can't Run Windows 11' error