Any ideas on using TPM in a Windows 11 VM


jimbo45

Well-known member
Pro User
VIP
Local time
7:13 PM
Posts
4,270
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
Hi folks
I've got the tpm2 (TPM ver 2) service running and enabled on a Linux Host (IBM emulator version)
Screenshot_20210728_094206.png

Windows 11 now knows its there
tpm.png

but any ideas on what to do with it !!!!
I've read a bit on "encryption keys" etc - but the documentation such as there is leaves me cluelless
At least the VM now passes the hardware test even though the HOST itself (when running Windows) fails on CPU -- but I've poodlefaked that in the VM by emulating another "enabled" CPU -- no BSOD's yet

Anybody managed to get TPM encryption keys etc working -- I'm not just talking here about bitlocker.

Cheers
jimbo
 
Last edited:

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
the TPM should automatically be utilised to store the keys used on the system, and this should controlled from within windows, not sure of how it works exactly but I think this may be "by Design" :wink:

There should be a TPM Management snap-in. if Win11 works the same way as Win 10
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 [Latest Release Preview] [Win11 PRO HighEnd MUP-00005 DD]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS to my design
    CPU
    AMD RYZEN 9 7950X OEM
    Motherboard
    *3XS*ASUS TUF B650 PLUS WIFI
    Memory
    64GB [2x32GB Corsair Vengeance 560 AMD DDR5]
    Graphics Card(s)
    3XS* ASUS DUAL RTX 4060 OC 8G
    Sound Card
    On motherboard Feeding SPDiF 5.1 system [plus local sound to each monitor]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    3XS Samsung 980Pro 2TB M.2 PCIe4 4 x 8TB Data + Various Externals from 1TB to 8TB, 10TB NAS
    PSU
    3XS Corsair RM850x 850w Fully Modular
    Case
    FDesign Define 7 XL BK TGL Case - Black
    Cooling
    3XS iCUE H150i ELITE Liquid Cool, Quiet Case fans
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3S +
    Internet Speed
    950 MB Down 55 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security [Latest]
    Other Info
    Also run...
    Dell XPS 17 Laptop
    HP Laptop 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet [x2]
    Samsung 10.2" tablet
    Blackview 10.2 Tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 11 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17" + 32" 4K 3840 x 2160 HDR-10
    Screen Resolution
    3840 x 2400 HDR touchscreen
    Hard Drives
    2TB M2 NVMe
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad +Logi Mx Master 3 or MX Ergo Trackball
    Keyboard
    Stock Illuminated + Logi - MX Keys
    Internet Speed
    950 MB Down 55 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also use an Adjustable Support for Laptop and Adjustable stand for monitor
Any ideas on what to do with it !!!!
That's the real question. Everyone says you need tpm but for what? Bitlocker isn't new and nor is Windows Hello. Both work fine without on Windows 11 exactly as they did on 10.

What is the new security requirement it is needed for exactly? Does anything actually require it to work?
 

My Computer

System One

  • OS
    Windows 10
Just think of it as a lockbox to keep your Keys in :wink: It's a physical device to encrypt and store your application keys, ( including the OS key), and user passwords, it helps to secure your system from outside attacks.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 [Latest Release Preview] [Win11 PRO HighEnd MUP-00005 DD]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS to my design
    CPU
    AMD RYZEN 9 7950X OEM
    Motherboard
    *3XS*ASUS TUF B650 PLUS WIFI
    Memory
    64GB [2x32GB Corsair Vengeance 560 AMD DDR5]
    Graphics Card(s)
    3XS* ASUS DUAL RTX 4060 OC 8G
    Sound Card
    On motherboard Feeding SPDiF 5.1 system [plus local sound to each monitor]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    3XS Samsung 980Pro 2TB M.2 PCIe4 4 x 8TB Data + Various Externals from 1TB to 8TB, 10TB NAS
    PSU
    3XS Corsair RM850x 850w Fully Modular
    Case
    FDesign Define 7 XL BK TGL Case - Black
    Cooling
    3XS iCUE H150i ELITE Liquid Cool, Quiet Case fans
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3S +
    Internet Speed
    950 MB Down 55 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security [Latest]
    Other Info
    Also run...
    Dell XPS 17 Laptop
    HP Laptop 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet [x2]
    Samsung 10.2" tablet
    Blackview 10.2 Tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 11 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17" + 32" 4K 3840 x 2160 HDR-10
    Screen Resolution
    3840 x 2400 HDR touchscreen
    Hard Drives
    2TB M2 NVMe
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad +Logi Mx Master 3 or MX Ergo Trackball
    Keyboard
    Stock Illuminated + Logi - MX Keys
    Internet Speed
    950 MB Down 55 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also use an Adjustable Support for Laptop and Adjustable stand for monitor
Just think of it as a lockbox to keep your Keys in :wink: It's a physical device to encrypt and store your application keys, ( including the OS key), and user passwords, it helps to secure your system from outside attacks.
Hmmm. I find this TPM thing quite interesting - indulge me for a minute ok?

So let's say the OEM injects the product key (or more like an HWID with a generic key ala Win 7) into TPM on Win 11 machines at the factory - do they then need a decryption key to activate Windows? much like Win 7 had OEM/PC model specific certificates? That would be an interesting turn of events as the key is stored in a read-only firmware table as plain text at present.
 
Last edited:

My Computer

System One

  • OS
    Windows
The way I understand it is that, like the way the login PIN works, its not available except from a local keyboard so cannot be accessed remotely, this is why the PIN is classed as a higher rated security device than a password, which when I first heard this made no sense to me until the lockout was explained .

The TPM is secure in the same way as long as you are local to the system where as the ROM location in the firmware is susceptible to outside attack and is plain text too .

I'm not fully up to date with the security levels embedded in windows these days, but this is what was explained to me when the first TPM modules were used to hold the embedded Licence key for some high end laptops
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 [Latest Release Preview] [Win11 PRO HighEnd MUP-00005 DD]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS to my design
    CPU
    AMD RYZEN 9 7950X OEM
    Motherboard
    *3XS*ASUS TUF B650 PLUS WIFI
    Memory
    64GB [2x32GB Corsair Vengeance 560 AMD DDR5]
    Graphics Card(s)
    3XS* ASUS DUAL RTX 4060 OC 8G
    Sound Card
    On motherboard Feeding SPDiF 5.1 system [plus local sound to each monitor]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    3XS Samsung 980Pro 2TB M.2 PCIe4 4 x 8TB Data + Various Externals from 1TB to 8TB, 10TB NAS
    PSU
    3XS Corsair RM850x 850w Fully Modular
    Case
    FDesign Define 7 XL BK TGL Case - Black
    Cooling
    3XS iCUE H150i ELITE Liquid Cool, Quiet Case fans
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3S +
    Internet Speed
    950 MB Down 55 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security [Latest]
    Other Info
    Also run...
    Dell XPS 17 Laptop
    HP Laptop 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet [x2]
    Samsung 10.2" tablet
    Blackview 10.2 Tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 11 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17" + 32" 4K 3840 x 2160 HDR-10
    Screen Resolution
    3840 x 2400 HDR touchscreen
    Hard Drives
    2TB M2 NVMe
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad +Logi Mx Master 3 or MX Ergo Trackball
    Keyboard
    Stock Illuminated + Logi - MX Keys
    Internet Speed
    950 MB Down 55 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also use an Adjustable Support for Laptop and Adjustable stand for monitor
I don't think the tpm stores the keys rather it has it's own private key that the os can use to validate whatever as root of trust. I suppose it's to make Windows Hello more secure (as you can make it the only sign on option on 11) but idk technically what it's required for.
 

My Computer

System One

  • OS
    Windows 10
Here is a definitive explanation from The Trusted Computing Group which is a consortium of Developers, hardware, and software

Hopefully it will open all our eyes :look:

 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 [Latest Release Preview] [Win11 PRO HighEnd MUP-00005 DD]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS to my design
    CPU
    AMD RYZEN 9 7950X OEM
    Motherboard
    *3XS*ASUS TUF B650 PLUS WIFI
    Memory
    64GB [2x32GB Corsair Vengeance 560 AMD DDR5]
    Graphics Card(s)
    3XS* ASUS DUAL RTX 4060 OC 8G
    Sound Card
    On motherboard Feeding SPDiF 5.1 system [plus local sound to each monitor]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    3XS Samsung 980Pro 2TB M.2 PCIe4 4 x 8TB Data + Various Externals from 1TB to 8TB, 10TB NAS
    PSU
    3XS Corsair RM850x 850w Fully Modular
    Case
    FDesign Define 7 XL BK TGL Case - Black
    Cooling
    3XS iCUE H150i ELITE Liquid Cool, Quiet Case fans
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3S +
    Internet Speed
    950 MB Down 55 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security [Latest]
    Other Info
    Also run...
    Dell XPS 17 Laptop
    HP Laptop 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet [x2]
    Samsung 10.2" tablet
    Blackview 10.2 Tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 11 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17" + 32" 4K 3840 x 2160 HDR-10
    Screen Resolution
    3840 x 2400 HDR touchscreen
    Hard Drives
    2TB M2 NVMe
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad +Logi Mx Master 3 or MX Ergo Trackball
    Keyboard
    Stock Illuminated + Logi - MX Keys
    Internet Speed
    950 MB Down 55 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also use an Adjustable Support for Laptop and Adjustable stand for monitor
Here is a definitive explanation from The Trusted Computing Group which is a consortium of Developers, hardware, and software

Hopefully it will open all our eyes :look:

Thanx Nigel, yep we need to be very careful with our artefacts on our platforms (who comes up with this terminology.. LOL)

Any real world applications in practice, however (apart from Bitlocker and Windows Hello)?
 

My Computer

System One

  • OS
    Windows
Well it does list a few towards the end of the document ...

These capabilities can improve security in many areas of computing, including e-commerce, citizen-to-government applications, online banking, confidential government communications and many other fields where greater security is required. Hardware-based security can improve protection for VPN, wireless networks, file encryption (as in Microsoft’s BitLocker) and password/PIN/credentials’ management

The other interesting Factoid ...
over 100 million branded PCs and laptops with TPMs were sold in 2007
 

My Computers

System One System Two

  • OS
    Windows 11 Pro x64 [Latest Release Preview] [Win11 PRO HighEnd MUP-00005 DD]
    Computer type
    PC/Desktop
    Manufacturer/Model
    Scan 3XS to my design
    CPU
    AMD RYZEN 9 7950X OEM
    Motherboard
    *3XS*ASUS TUF B650 PLUS WIFI
    Memory
    64GB [2x32GB Corsair Vengeance 560 AMD DDR5]
    Graphics Card(s)
    3XS* ASUS DUAL RTX 4060 OC 8G
    Sound Card
    On motherboard Feeding SPDiF 5.1 system [plus local sound to each monitor]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160
    Hard Drives
    3XS Samsung 980Pro 2TB M.2 PCIe4 4 x 8TB Data + Various Externals from 1TB to 8TB, 10TB NAS
    PSU
    3XS Corsair RM850x 850w Fully Modular
    Case
    FDesign Define 7 XL BK TGL Case - Black
    Cooling
    3XS iCUE H150i ELITE Liquid Cool, Quiet Case fans
    Keyboard
    Wireless Logitec MX Keys + K830 [Depending on where I'm Sat]
    Mouse
    Wireless Logitec - MX Master 3S +
    Internet Speed
    950 MB Down 55 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security [Latest]
    Other Info
    Also run...
    Dell XPS 17 Laptop
    HP Laptop 8GB - Windows 10 Pro x64 HP 15.2"
    Nexus 7 Android tablet [x2]
    Samsung 10.2" tablet
    Blackview 10.2 Tablet
    Sony Z3 Android Smartphone
    Samsung S9 Plus Smartphone
    Wacom Pro Medium Pen Pad
    Wacom Pro Small Pen Pad
    Wacom ExpressKey Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
  • Operating System
    Windows 11 Pro x64 [Latest release]
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 17 9700
    CPU
    i7 10750H
    Motherboard
    Stock
    Memory
    32 GB
    Graphics card(s)
    Stock Intel + GTX 1650 Ti
    Sound Card
    Stock 4 speaker
    Monitor(s) Displays
    Stock 17" + 32" 4K 3840 x 2160 HDR-10
    Screen Resolution
    3840 x 2400 HDR touchscreen
    Hard Drives
    2TB M2 NVMe
    PSU
    Stock
    Case
    Stock Aluminium / Carbon Fibre
    Cooling
    Stock + 2 fan cooling pad
    Mouse
    Stock Trackpad +Logi Mx Master 3 or MX Ergo Trackball
    Keyboard
    Stock Illuminated + Logi - MX Keys
    Internet Speed
    950 MB Down 55 MB Up
    Browser
    Latest Chrome
    Antivirus
    BitDefender Total Security 2021
    Other Info
    Also use an Adjustable Support for Laptop and Adjustable stand for monitor
Back
Top Bottom