Центральный процессор участвует во всех выполняемых операциях, в том числе шифрования, однако в некоторых моделях компьютеров для этих целей имеется отдельный чип, именуемый Trusted Platform Module или сокращенно TPM. Эта микросхема отвечает за выполнение специфических задач, а именно аппаратной криптографии и защиты данных. В чём заключается преимущество TPM? Как минимум в более высокой скорости шифрования и дешифрования.
Если вы используете BitLocker без TPM, задачи по выполнению фонового шифрования придется брать на себя ЦП, тогда как при использовании технологии последними станет заниматься модуль TPM. Также технология может быть использована для создания криптографических ключей и проверки подлинности устройств. Определить, включен ли TPM на компьютере нетрудно. Самый простой — выполните в окошке Run (Win + 10) команду TPM.msc.
Если в окне оснастки управления доверенными модулями будет указано, что модуль не найден, значит TPM как минимум отключен в BIOS.
Убедиться же в его наличии или отсутствии на материнской плате можно с помощью командлета get-tpm, выполненного в запущенной от имени администратора консоли PowerShell.
Значение false параметров TpmReady и TpmPresent покажет, что криптопроцессор физически отсутствует, если же значение false имеет только параметр TpmReady, чип имеется, но он отключен в BIOS. Кроме того, при наличии на компьютере включенного, но не активированного криптографического модуля последний можно будет найти в Диспетчере устройств в разделе «Устройства безопасности».
В каких случаях может потребоваться очистка TPM
Если вы захотите продать свой компьютер, наверняка вы приложите все усилия для того чтобы максимально надежно удалить с него всю личную информацию. Учитывая тот факт, что при наличии соответствующих знаний и опыта ключи BitLocker могут быть извлечены из доверенного модуля, вполне разумным делом перед передачей ПК в чужие руки станет полное их удаление. В остальных случаях, если только у вас не возникли проблемы с работой модуля очищать его не рекомендуется.
Как очистить TPM
Очистить TPM можно разными способами, например, в BIOS (выбрав опцию Clear Security Chip).
И непосредственно из работающей операционной системы. Для этого в запущенной от имени администратора PowerShell выполняем простую команду clear-tpm.
Также вы можете зайти в Центр безопасности Защитника Windows 10, выбрать там раздел «Безопасность устройства», зайти в дополнительные настройки обработчика безопасности и нажать там кнопку очистки TPM.
В более ранних версиях Windows выполнить эту процедуру можно из интерфейса оснастки управления доверенным модулем, выбрав в правой колонке опцию «Очистить TPM».
Загрузка…
In this guide, we will discuss how to Clear and manage TPM on Windows 10 and explain why and when to do so.
Trusted Platform Module (TPM) technology is used to provide hardware-based security for modern computers and laptops. A TPM Chip enhances computer security and is used by services such as BitLocker disk encryption and Windows Hello to generate and store cryptographic keys to protect your system and data from hacks or malware.
Starting from Windows 10 and Windows 11, the operating system automatically initializes and takes ownership of the TPM so you don’t need to do anything extra about it. But because in some cases you may need to Clear the TPM keys, this guide will give you instructions on how to do so.
Why and when to clean the TPM?
Clearing the TPM involves resetting the security keys and deleting all the data stored on the TPM chip. Deleting the TPM keys should be done when you encounter problems with the TPM or when you want to perform a clean Windows installation.
Here are some reasons why you may need to clear the TPM:
- TPM troubleshooting: e.g. you receive the error «TPM is ready for use, with reduced functionality» in TPM Management console. (tpm.msc)
- Installation of a new operating system: Before installing a new operating system, TPM cleanup will ensure that the new operating system can fully use any necessary TPM-based functionality.
- Clean Installation/Computer Reset: When you want to perform a clean installation or resetting your PC to its factory settings, especially when you want to sell your PC to someone else.
- Authentication & Encryption issues: If you are experiencing authentication issues with Windows Hello or encryption problems in BitLocker, clearing the TPM can help resolve them.
How to Clear TPM Keys in Windows 10/11.
Precautions:
Clearing the TPM chip restores it to a non-proprietary state by deleting the security keys, and forces the Windows operating system to automatically restart it and take ownership of it again. Before clearing the TMP by using the methods below please consider the following:
1. Clearing the TMP chip can result in data loss, so before proceeding, backup any data that protected or encrypted by the TPM (e.g. with BitLocker), to an external storage device (e.g. a USB Hard Drive).
2. Don’t clear the TPM on a device you don’t own, such as a work or school PC, without being instructed to do so by your IT administrator
3. Always clear the TPM from within the operating system (e.g. by using the «tpm.msc» console), and not directly from UEFI.
4. Because your TPM security hardware is a physical part of your computer, before clearing the TPM, you might want to read the manuals or instructions that came with your computer, or search the manufacturer’s website.
Method 1: Clear TPM keys using TPM Management Console.
The first way to reset the TPM keys, is by using the Trusted Platform Module Management Console (aka «tpm.msc«). TO do that:
1. Press Windows 
+ R keys to open the run command box.
2. In the run command box, type: tpm.msc and hit Enter or click «OK» to open the Trusted Platform Module Management console.
3. In the TPM Management console, click «Clear TPM…» on the «Actions» menu.
4. Choose «Restart,» and then follow the on-screen instructions to complete the process. *
* Note: During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM.
Method 2: Clean TPM from Windows Defender Security Center.
The second method to clear the TMP keys, is through the Windows Defender Security Center.
1. On search box, type «Device Security» and then click to open the «Device Security» app.
2. Click on «Security processor details» under «Security Processor».
3. Then click Security processor troubleshooting.
4. Now, in the «Clear TPM» section, click on Select and choose any of the reasons to clear the TPM. Then click the «Clear TPM» button below.
5. Finally, click Clear and Restart, and follow the steps on the screen to finish the process.*
* Note: During the restart, you might be prompted by the UEFI to press a button to confirm that you wish to clear the TPM.
When your computer restarts, Windows will automatically re-initialize the TPM and take ownership of it.
Method 3: Clear TPM through PowerShell.
1. On search box, type «powershell«.
2. Click on Run as Administrator at Windows PowerShell app.
2. Enter the following cmdlet «clear-tpm» in PowerShell and then restart to clear the TPM. *
* Note: The above command («clear-tpm«) resets the TPM by using the owner authorization value stored in the registry instead of specifying a value or using a value in a file. If you face an error after running the above command try one of the other methods or use the following command:
-
Initialize-Tpm -AllowClear $true
That’s it! Which method worked for you?
Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
Download Windows Speedup Tool to fix errors and make PC run faster
If you have a TPM-enabled laptop or PC, and you are receiving a message in Windows Defender Security Center telling you that you need to update your security processor or TPM firmware, then you should update it on priority. In this guide, I will share how you can Clear TPM & Update TPM security processor firmware.
What is TPM in Windows 11/10
In case you do not know, TPM or Trusted Platform Module is a specialized chip on an endpoint device. It can store RSA encryption keys specific to the host system for hardware authentication. The TPM chip also holds an RSA key pair called the Endorsement Key. The pair is maintained inside the chip and cannot be accessed by software. In short, it can store crucial data including Fingerprints, Facial data, etc. in the chip, and it’s not easily accessible.
How to Update TPM security processor firmware
The update for TPM usually holds a patch for a security vulnerability which can impact operating system security. The update will address the vulnerability which you will need to download and install. It is also possible that firmware updates are sent by OEMs which are usually faster compared to Windows Update.
Download & install Windows Updates
This is the best way to update your TPM. So in case you have set your update to manual mode, check if you have an update and if it includes a security patch. In case of the automatic update, it will download and install. You will get an idea when you see a notification in Action Center asking you to restart your computer.
Here is a small warning. Do not apply TPM firmware update from OEMs before installing the Windows operating system update. Windows will be unable to determine if your system is affected.
Install Firmware updates by OEMs
Many OEMs including Microsoft offer Firmware Updates separately. If TPM firmware update was not included in Windows Update, you would have to manually download, and apply it. Below is the list of OEMs from where you can download the update. You can always check your manufacturer from here.
- Microsoft Surface Devices.
- Acer
- Fujitsu
- HP Customer Support
- HP Enterprise Support
- Lenovo
- Panasonic
- Toshiba
How to clear TPM
Once you have installed the firmware update either through the Windows Update or from the OEM website, you will also need to clear your TPM. This is important to make sure that the data is secured.
Before you go ahead, and follow the steps, make sure to backup your TPM data so that you can restore them later. Clearing your TPM will reset your security processor to its default settings. Also, it’s important that unless you own the PC, you should not do it at all. This may be needed if you see a message here – Reset your security processor to fix functionality issues.
To clear your TPM on your Windows computer, follow the steps below:
- Go to Start > Settings > Update & Security > Windows Security > Device security. This will launch the Windows Defender Security Center.
- Select Device Security again, and then under Security processor, select Security processor details.
- On the next screen, select Security processor troubleshooting, and then under Clear TPM click on the Clear TPM button.
- This will reset your security processor to its default settings.
Your device will need to restart before the process is complete.
You can also open the Run box, type tpm.msc and hit Enter to open the TPM Management window.
Here, on the right side, click on Clear TPM.
NOTE: Before you clear your TPM, make sure you turn off BitLocker on all of your drives first (or save the encryption password safely), or else you’ll lose the encryption keys to your drives and you won’t be able to access them.
How to clear TPM using PowerShell?
The Clear-Tpm cmdlet resets the Trusted Platform Module to its default state and removes the owner authorization value and any keys stored in the TPM.
Clear-Tpm
This command uses the owner authorization value stored in the registry instead of specifying a value or using a value in a file. You can read more on this at docs.microsoft.com.
How to clear TPM via BIOS?
- Boot your computer to BIOS settings
- In BIOS, navigate to the Security tab, and here you’ll see an option Clear TPM.
- Select Clear TPM and save the changes.
- Restart your computer.
Hope this helps!
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.
Решил попытаться исправить редкую проблему (уже 7 месяцев), когда 1-2 раза в месяц из-за сбоя tpm 2.0 ноут после запуска начинает тормозить.
Только 2-3 месяца назад мне удалось обновить дрова на встроенную видеокарту Intel UHD Graphics 630, но это не спасло ноут. позднее поставил дрова на сетевуху, тачпад и картридер, но и это тоже не помогло.
В журнале событий указано следующее:
XML:
- <Event xmlns=" http://schemas.microsoft.com/win/2004/08/events/event ">
- <System>
<Provider Name="TPM" Guid="{1b6b0772-251b-4d42-917d-faca166bc059}" />
<EventID>15</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2023-05-28T09:04:22.3092696Z" />
<EventRecordID>315004</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="272" />
<Channel>System</Channel>
<Computer>LAPTOP-PEBPL3DB</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="locationCode">0x2a000180</Data>
<Data Name="Data">258</Data>
</EventData>
</Event>На ютубе почему-то никто не хочет показывать, как происходит процесс очистки TPM во время перезагрузки, и везде всë записано только захватом экрана.
Ноут HP Pavilion Gaming Laptop 15-cx0098ur:
ОС: Windows 10 Home SL 64bit 22h2
Процесор: Intel Core i5-8300H 2.3 GHz
Встроенная видеокарта: Intel UHD Graphics 630
Дискретная видеокарта: NVIDIA GeForce 1060 MaxQ
ОЗУ: 12ГБ ОЗУ
Звук: Realtek HD Audio
SSD: 238GB SAMSUNG MZVLW256HEHP-000H1
HDD: 931GB Hitachi HGST HTS721010A9E630
Сетевая карта: Realtek RTL8822BE 802.11ac PCIe Adapter
Тачпад от ELAN
Картридер: PciE SDXC-Card
Нести в сервис пока не в моих планах.
Как происходит процесс очистки TPM на Windows 10? Не слетит ли лицензия (у меня Windows 10 с OEM-лицензией)? Какие кнопки надо нажимать до, во время и после перезагрузки?