What you always wanted to know about TPM - TUXEDO Computers

The abbreviation TPM reads out to Trusted Platform Module. This is either a dedicated (i.e. additional) chip on the motherboard or a function that is now integrated into most Intel and AMD CPUs.

What is TPM?

TPM was first introduced in 2009 and is now supported by all modern PCs and notebooks or is even directly integrated. There are two versions of TPM, both of which are widely used:

• TPM 1.2 (introduced in 2011)
• TPM 2.0 (introduced in 2014)

In the meantime, TPM 2.0 has gained acceptance due to its advantages over TPM 1.2 and since 2018, all PCs and notebooks from TUXEDO Computers support the TPM 2.0 standard. However, there are differences in the implementation of the TPM 2.0 standard, as a distinction must be made between fTPM and dTPM.

What is TPM used for?

TPM is most commonly used to store cryptographic keys needed to decrypt encrypted drives. This is mainly used by companies that use BitLocker, developed by Microsoft, to encrypt Windows installations. Microsoft's BitLocker is similar to the Linux Unified Key Setup, better known as LUKS. LUKS keys can also be stored in the TPM to automatically decrypt encrypted Linux installations at startup. However, this is currently (as of July 2022) still associated with a very high effort and also risk. However, work is already underway to simplify this for end users. TPM also offers other functions, but we will not go into these here.

Differences between fTPM and dTPM

What is dTPM?

dTPM stands for discrete Trusted Platform Module. This is an additional chip that is either soldered directly onto the motherboard or, in the case of desktops, plugged into a socket specially designed for it.

What is fTPM?

fTPM stands for firmware Trusted Platform Module. This is a function integrated in most newer Intel and AMD CPUs, which emulates the functions of a dTPM, in simple terms, and thus makes it obsolete. fTPM must be activated manually on older desktop mainboards, on newer desktop mainboards and notebooks, fTPM is activated by default if no dTPM is present.

Intel Platform Trust Technology (Intel PTT)

Intel Platform Trust Technology (Intel PTT) is Intel's implementation of TPM 2.0 functions in their CPUs. Intel PTT runs via the Intel Management Engine (Intel ME). You can disable Intel ME on our notebooks with Intel CPUs. Please note that if you deactivate the Intel ME, you also deactivate the fTPM function and therefore cannot use any of the TPM functions anymore.

AMD Platform Security Processor

AMD's Platform Security Processor (PSP), also emulates TPM 2.0 functions and is comparable to the Intel ME.

Do I need TPM?

Unless you want to use Windows 11, which requires TPM 2.0, you can disable TPM. However, software that you want to use under Linux or Windows may require an existing TPM module because certain functions of the TPM module are used by the software.

How do I enable TPM on my TUXEDO?

Notebooks

TPM is enabled by default on our notebooks.

PCs

Most motherboard manufacturers now provide BIOS updates that enable the fTPM function of the CPU by default. However, the following must be noted here:

• Year of manufacture 2018 to 2020: For TUXEDO PCs purchased between 2018 and 2020, there is most likely no such BIOS update available and you will have to enable fTPM manually, if supported by the mainboard.
  • Which dTPM module is compatible with your mainboard can be found in the mainboard manual or on the product page of the mainboard manufacturer.
• Year of manufacture 2020 to 2022: For TUXEDO PCs purchased between 2020 and 2022, such a BIOS update is most likely available.
• Year of manufacture 2022 and later: If you purchased your TUXEDO PC in 2022 or later, fTPM is enabled by default.

Important note regarding additional purchase of dTPM modules

TUXEDO Computers does not offer dTPM modules for retrofitting. This has the simple reason that most mainboards and CPUs support fTPM and therefore a dTPM module is not needed.