Any ideas on using TPM in a Windows 11 VM

jimbo45

Well-known member
Member
VIP
Local time
11:27 AM
Posts
630
Location
Hafnarfjörður IS
Hi folks
I've got the tpm2 (TPM ver 2) service running and enabled on a Linux Host (IBM emulator version)
Screenshot_20210728_094206.png

Windows 11 now knows its there
tpm.png

but any ideas on what to do with it !!!!
I've read a bit on "encryption keys" etc - but the documentation such as there is leaves me cluelless
At least the VM now passes the hardware test even though the HOST itself (when running Windows) fails on CPU -- but I've poodlefaked that in the VM by emulating another "enabled" CPU -- no BSOD's yet

Anybody managed to get TPM encryption keys etc working -- I'm not just talking here about bitlocker.

Cheers
jimbo
 
Last edited:

My Computer

System One

  • Operating System
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

barman58

Moderator
Staff member
Local time
12:27 PM
Posts
578
the TPM should automatically be utilised to store the keys used on the system, and this should controlled from within windows, not sure of how it works exactly but I think this may be "by Design" ;)

There should be a TPM Management snap-in. if Win11 works the same way as Win 10
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro x64 [Latest Release Preview]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Chillblast to my design
    CPU
    Ryzen 9 5950X, 4.9GHz
    Motherboard
    Asus Prime X570-Pro Motherboard
    Memory
    64GB DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti - HDMI, DP
    Sound Card
    On motherboard Feeding SPDiF 5.1 system
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Chillblast Silent Workstation PC Case - Black
    Cooling
    NZXT Kraken X63 280mm CPU Cooler, Quiet Case fans Fan
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3 + M570 Trackball
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also run...
    Laptop - Quad 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet
    Samsung 10.2" tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Samsung Note S20
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 10 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17"
    Screen Resolution
    3840 x 2160 HDR touchscreen
    Hard Drives
    2TB M2
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad
    Keyboard
    Stock Illuminated
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021

lx07

New member
VIP
Local time
1:27 PM
Posts
9
Any ideas on what to do with it !!!!
That's the real question. Everyone says you need tpm but for what? Bitlocker isn't new and nor is Windows Hello. Both work fine without on Windows 11 exactly as they did on 10.

What is the new security requirement it is needed for exactly? Does anything actually require it to work?
 

My Computer

System One

  • Operating System
    Windows 10

barman58

Moderator
Staff member
Local time
12:27 PM
Posts
578
Just think of it as a lockbox to keep your Keys in ;) It's a physical device to encrypt and store your application keys, ( including the OS key), and user passwords, it helps to secure your system from outside attacks.
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro x64 [Latest Release Preview]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Chillblast to my design
    CPU
    Ryzen 9 5950X, 4.9GHz
    Motherboard
    Asus Prime X570-Pro Motherboard
    Memory
    64GB DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti - HDMI, DP
    Sound Card
    On motherboard Feeding SPDiF 5.1 system
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Chillblast Silent Workstation PC Case - Black
    Cooling
    NZXT Kraken X63 280mm CPU Cooler, Quiet Case fans Fan
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3 + M570 Trackball
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also run...
    Laptop - Quad 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet
    Samsung 10.2" tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Samsung Note S20
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 10 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17"
    Screen Resolution
    3840 x 2160 HDR touchscreen
    Hard Drives
    2TB M2
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad
    Keyboard
    Stock Illuminated
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021

Superfly

Well-known member
Member
VIP
Local time
1:27 PM
Posts
247
Just think of it as a lockbox to keep your Keys in ;) It's a physical device to encrypt and store your application keys, ( including the OS key), and user passwords, it helps to secure your system from outside attacks.
Hmmm. I find this TPM thing quite interesting - indulge me for a minute ok?

So let's say the OEM injects the product key (or more like an HWID with a generic key ala Win 7) into TPM on Win 11 machines at the factory - do they then need a decryption key to activate Windows? much like Win 7 had OEM/PC model specific certificates? That would be an interesting turn of events as the key is stored in a read-only firmware table as plain text at present.
 
Last edited:

My Computer

System One

  • Operating System
    Windows

barman58

Moderator
Staff member
Local time
12:27 PM
Posts
578
The way I understand it is that, like the way the login PIN works, its not available except from a local keyboard so cannot be accessed remotely, this is why the PIN is classed as a higher rated security device than a password, which when I first heard this made no sense to me until the lockout was explained .

The TPM is secure in the same way as long as you are local to the system where as the ROM location in the firmware is susceptible to outside attack and is plain text too .

I'm not fully up to date with the security levels embedded in windows these days, but this is what was explained to me when the first TPM modules were used to hold the embedded Licence key for some high end laptops
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro x64 [Latest Release Preview]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Chillblast to my design
    CPU
    Ryzen 9 5950X, 4.9GHz
    Motherboard
    Asus Prime X570-Pro Motherboard
    Memory
    64GB DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti - HDMI, DP
    Sound Card
    On motherboard Feeding SPDiF 5.1 system
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Chillblast Silent Workstation PC Case - Black
    Cooling
    NZXT Kraken X63 280mm CPU Cooler, Quiet Case fans Fan
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3 + M570 Trackball
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also run...
    Laptop - Quad 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet
    Samsung 10.2" tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Samsung Note S20
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 10 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17"
    Screen Resolution
    3840 x 2160 HDR touchscreen
    Hard Drives
    2TB M2
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad
    Keyboard
    Stock Illuminated
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021

lx07

New member
VIP
Local time
1:27 PM
Posts
9
I don't think the tpm stores the keys rather it has it's own private key that the os can use to validate whatever as root of trust. I suppose it's to make Windows Hello more secure (as you can make it the only sign on option on 11) but idk technically what it's required for.
 

My Computer

System One

  • Operating System
    Windows 10

barman58

Moderator
Staff member
Local time
12:27 PM
Posts
578
Here is a definitive explanation from The Trusted Computing Group which is a consortium of Developers, hardware, and software

Hopefully it will open all our eyes :look:

 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro x64 [Latest Release Preview]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Chillblast to my design
    CPU
    Ryzen 9 5950X, 4.9GHz
    Motherboard
    Asus Prime X570-Pro Motherboard
    Memory
    64GB DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti - HDMI, DP
    Sound Card
    On motherboard Feeding SPDiF 5.1 system
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Chillblast Silent Workstation PC Case - Black
    Cooling
    NZXT Kraken X63 280mm CPU Cooler, Quiet Case fans Fan
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3 + M570 Trackball
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also run...
    Laptop - Quad 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet
    Samsung 10.2" tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Samsung Note S20
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 10 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17"
    Screen Resolution
    3840 x 2160 HDR touchscreen
    Hard Drives
    2TB M2
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad
    Keyboard
    Stock Illuminated
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021

Superfly

Well-known member
Member
VIP
Local time
1:27 PM
Posts
247
Here is a definitive explanation from The Trusted Computing Group which is a consortium of Developers, hardware, and software

Hopefully it will open all our eyes :look:

Thanx Nigel, yep we need to be very careful with our artefacts on our platforms (who comes up with this terminology.. LOL)

Any real world applications in practice, however (apart from Bitlocker and Windows Hello)?
 

My Computer

System One

  • Operating System
    Windows

barman58

Moderator
Staff member
Local time
12:27 PM
Posts
578
Well it does list a few towards the end of the document ...

These capabilities can improve security in many areas of computing, including e-commerce, citizen-to-government applications, online banking, confidential government communications and many other fields where greater security is required. Hardware-based security can improve protection for VPN, wireless networks, file encryption (as in Microsoft’s BitLocker) and password/PIN/credentials’ management

The other interesting Factoid ...
over 100 million branded PCs and laptops with TPMs were sold in 2007
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro x64 [Latest Release Preview]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Chillblast to my design
    CPU
    Ryzen 9 5950X, 4.9GHz
    Motherboard
    Asus Prime X570-Pro Motherboard
    Memory
    64GB DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti - HDMI, DP
    Sound Card
    On motherboard Feeding SPDiF 5.1 system
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Chillblast Silent Workstation PC Case - Black
    Cooling
    NZXT Kraken X63 280mm CPU Cooler, Quiet Case fans Fan
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3 + M570 Trackball
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also run...
    Laptop - Quad 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet
    Samsung 10.2" tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Samsung Note S20
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 10 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17"
    Screen Resolution
    3840 x 2160 HDR touchscreen
    Hard Drives
    2TB M2
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad
    Keyboard
    Stock Illuminated
    Internet Speed
    72 MB Down 18.5 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
Top Bottom