What is the difference between TPM 1.2 chip and TPM 2.0 chip?

Compare the difference between TPM 1.2 and TPM 2.0, what is the difference? Why does Windows 11 require TPM 2.0? What does TPM 2.0 do?

TPM stands for Trusted Platform Module, it is integrated on the motherboard (Mainboard) to secure data on the computer.

Yes, that's an answer you'll often see on tech forums, but this answer isn't really exhaustive.

That's why in this article, I will explain to you more fully and thoroughly about this TPM chip, about questions surrounding TPM, for example:

What does TPM use and secure, how to check if the computer has TPM or not, why does Windows 11 require TPM 2.0, TPM 1.2 and TPM 2.0 differently . etc., cloud clouds .

1. Introduction of TPM . chip

What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 1What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 1

TPM was first introduced in 2005, which is a physical chip located on the motherboard (or possibly inside the CPU) that provides encryption features and creates additional layers of security for the computer. computer.

TPM is a chip capable of generating encryption keys and providing authentication functions for both hardware and software, thereby enhancing the security of the computer.

In a nutshell, TPM is a factory that produces locks for households (software - software) and factories and enterprises (hardware - hardware).

Most modern computers and laptops (manufactured from 2018 or later) have a pre-soldered TPM chip in the motherboard.

In case you build a computer yourself, and you buy a motherboard that does not have TPM built in, you can buy a TPM module from outside and plug it in.

However, at the moment, TPM modules are quite expensive and if your motherboard does not support TPM then buying a TPM module is just a waste of your money.

So please check the information carefully before deciding to upgrade, some motherboards will have a TMP connector, you just need to buy more TPM to attach it.

As I mentioned above, the TPM chip is not only mounted on the motherboard, but some types of TPM can also be integrated directly into the CPU.

And there are also some other types called virtual TPMs that do not need a physical chip to work, but instead, it is integrated as a form of software (software) for the computer. But certainly this type of virtual TPM, the level of security will not be high.

Please refer to this article to get more information about TPM: What is TPM 2.0 on Windows 11? and how to test it?

2. Difference between 1.2 and 2.0 . TPM chip

What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 3What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 3

TPM 1.2 was first released in 2005 and received its final revision in 2011.

Meanwhile, TPM 2.0 was first released in 2014 and received the latest revision in 2019, as of the time of writing this article (2021).

Although TPM 2.0 is an upgraded version of TPM 2.0, TPM 2.0 is not compatible with TPM 1.2 .

For the algorithm above TPM 1.2, the SHA-1 and RSA algorithms are required, and the AES algorithm is optional.

As for TPM 2.0, SHA-1 and SHA-256 algorithms are required for the hash function. In addition, TPM 2.0 is using the HMAC algorithm and 128-bit AES for the symmetric key algorithms.

The difference between the two algorithms is huge, and it is clear that TPM 2.0 is a much more secure solution than TPM 1.2.

In terms of decentralization, TPM 1.2 has only storage hierarchy, while TPM 2.0 has platform, storage, and validation hierarchy.

What about root keys? TPM 1.2 only supports SRK RSA-2048 algorithm, while TPM 2.0 supports more keys and algorithms per hierarchy.

For authorization, TPM 1.2 uses HMAC, PCR, Locality and physical presence algorithms. Meanwhile, TPM 2.0 provides the same authorization features as well as password protection.

Regarding NVRAM, TPM 1.2 only supports unstructured data, while TPM 2.0 supports both: unstructured data, counter, bitmap, extended (Extend), PIN pass - pass code PIN and fail.

=> Once again, TPM 2.0 has provided us with a series of remarkable and very real improvements.

Algorithm comparison table of TPM 1.2 and TPM 2.0 support

STT ALTERNATIVES Algorithm NAME TPM 1.2 TPM 2.0
first Asymmetric (asymmetrical) RSA 1024 Have Optional
    RSA 2048 Have Have
    ECC P256 Are not Have
    ECC BN256 Are not Have
2 Symmetric (symmetrical) AES 128 Optional Have
    AES 256 Optional Optional
3 Hash (hash) SHA-1 Have Have
    SHA-2 256 Are not Have
4 HMAC SHA-1 Have Have
    SHA-2 256 Are not Have

3. What are the outstanding advantages of TPM 2.0 compared to TPM 1.2?

TPM 1.2 uses only the SHA-1 hashing algorithm, which is probably a weak point since SHA-1 is not secure and people have switched to SHA-256 since 2014.

Proof that SHA-1 is not secure is that Google and Microsoft removed support for certificates based on the SHA-1 algorithm in 2017.

Meanwhile, TPM 2.0 supports newer algorithms, thereby increasing the level of security to a higher level. And some features such as device encryption, Windows Defender System Guard, Autopilot and SecureBIO are only available when the computer has a TPM 2.0 chip.

List of features that TPM 1.2 and TPM 2.0 support:

STT FEATURE TPM 1.2 TPM 2.0
first Measured Boot
2 BitLocker
3 Device Encryption
4 Windows Defender Application Control
5 Windows Defender System Guard
6 Credential Guard
7 Device Health Attestation
8 Windows Hello
9 UEFI Secure Boot
ten TPM Platform Crypto Provider Key Storage Provider
11 Virtual Smart Card
twelfth Autopilot
13 SecureBIO
14 Certificate storage

4. How does TPM work?

What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 4What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 4

The TPM chip is used to protect and encrypt data (generating and storing components of encryption keys), TPM will store secure information such as passwords, encryption keys and security certificates with Hardware.

This means, to unlock an encrypted hard drive, you need to use the same TPM chip that generated the key.

And also because of the specific nature of a physical chip (the encryption key is not stored on the hard drive), hackers will have a harder time decrypting the data because they have no control over the TPM chip.

TPM chips also have built-in anti-counterfeiting features, so in case the chip and mainboard are tampered with, TPM can still lock your data normally.

When it detects viruses or other malicious software on your device, TPM immediately isolates itself (along with the encrypted data inside).

TPM can also scan the BIOS at startup and run tests to check the software before running it.

TPM can also prevent the computer from starting and lock it if stolen data is detected. In addition, TPM can also store biometric data of Windows Hello (face unlock).

The most common role of TPM is to generate unique encryption keys, part of which is stored on the TPM chip. From there, the hard drive with that encryption key will not be able to read the data when the hard drive is plugged into another computer. (Bitlocker requires TPM for such a reason.)

5. Why Windows 11 is required to have a TPM 2.0 chip

What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 6What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 6

What we currently know about the system requirements of Windows 11 is quite vague, including whether Microsoft will support TPM 1.2 for Windows 11 or not?

According to the document that Microsoft first published, Windows 11 will work with TPM 1.2 and TPM 2.0, and obviously TPM 1.2 is supported (but not recommended).

However, not long after, Microsoft updated their documentation and currently only machines with TPM 2.0 chip are supported.

Currently, Microsoft is focusing on security for Windows 11. Therefore, it is understandable to require TPM 2.0. TPM 2.0 will meet the latest and most modern security features of Windows 11.

Not only that, Microsoft has also warned about Firmware attacks, thereby causing Ransomware attacks that cause data loss for users.

So, Microsoft is working to strengthen the security of their operating system to mitigate those attacks and to ensure the safety of users in the future.

But there is also a part of users who think that Microsoft's higher system configuration requirements are just a financial conspiracy.

Users will have to forgo computers from Windows 8 and below and some computers running Windows 10 to buy computers or laptops with hardware that supports Windows 11.

There is a high chance that computers that are only 4 years old or earlier will not be able to be updated to Windows 11 in a mainstream way.

At the same time, the high hardware requirements will make computer components more expensive and there will be people hoarding components to sell while the supply is scarce with terrible prices.

Microsoft has never had such strict hardware requirements for any version of Windows before. So, this assumption is also very possible.

6. How to tell if a computer has TPM or not?

+ Step 1: Open the Run dialog box (Windows + R) => and enter the command devmgmt.msc => then press Enter.

What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 8What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 8

+ Step 2: Go to Security devices => then click to see details. If it is Trusted Platform Module 2.0, your device is already eligible for TPM.

What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 10What is the difference between TPM 1.2 chip and TPM 2.0 chip? Picture 10

If you do not see the Security devices section, your computer does not have TPM or TPM is disabled in the BIOS.

Your job is to enable TPM in the BIOS, to do this, please refer to this article: What is TPM 2.0 on Windows 11? and how to test it?

7. Conclusion

Above is all the important information about the TPM chip that I have compiled.

Through this article, you have also seen the difference between TPM 1.2 and TPM 2.0 chips, right, and you also know why TPM 2.0 is required to install Windows 11.

Good luck!

4.4 ★ | 17 Vote